Category: Cyber Security

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments Over the past several years, a concerted campaign by Chinese state-sponsored Advanced Persistent Threat (APT) groups has exploited critical vulnerabilities in enterprise-grade routers to establish long-term footholds within global telecommunications and government networks. These actors, often identified under monikers such as Salt Typhoon and OPERATOR…

Massive IPTV Hosted Across More Than 1,000 Domains and Over 10,000 IP Addresses A sprawling network of illicit Internet Protocol Television (IPTV) services has been discovered, operating across more than 1,100 domains and in excess of 10,000 IP addresses. This sprawling infrastructure, which has remained active for several years, delivers unauthorized streams of premium content—including…

New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source…

XWorm Malware With New Infection Chain Evade Detection Exploiting User and System Trust Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions. Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign documents. Security…

Threat Actors Attack PayPal Users in New Account Profile Set up Scam A sophisticated phishing campaign targeting PayPal’s massive user base has emerged, utilizing deceptive “Set up your account profile” emails to compromise user accounts through an ingenious secondary user addition scheme. The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass…

New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming infected machines…

New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a Windows service and an injected…

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to redirect unsuspecting visitors to malicious…

Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns and malicious downloads. These…

AI Waifu RAT Attacking Users With Novel Social Engineering Techniques A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative AI character enhancement tool that…

New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques to bypass Apple’s…

New Malware Attack Exploiting TASPEN’s Legacy to Target Indonesian Senior Citizens A sophisticated malware campaign has emerged, targeting Indonesia’s most vulnerable digital citizens through a calculated exploitation of trust in the nation’s pension fund system. The malicious operation impersonates PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund managing over $15.9 billion…

TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures Over the past year, a shadowy threat actor known as TAG-144—also tracked under aliases Blind Eagle and APT-C-36—has intensified operations against South American government institutions. First observed in 2018, this group has adopted an array of commodity remote access trojans (RATs) such as AsyncRAT,…

China-based Threat Actor Mustang Panda’s Tactics, Techniques, and Procedures Unveiled China-based threat actor Mustang Panda has emerged as one of the most sophisticated cyber espionage groups operating in the current threat landscape, with operations dating back to at least 2014. This advanced persistent threat (APT) group has systematically targeted government entities, nonprofit organizations, religious institutions,…

New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his wife with an infallible…

Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected…

Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared…

Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers infiltrated Fanava Group,…

Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS…

Chinese MURKY PANDA Attacking Government and Professional Services Entities A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation…

Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through the official Google…

New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are…

Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate…

New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS), developed by…

Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking collective “Yemen Cyber Army,” was sentenced…

Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool while secretly…

Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s advanced capabilities in leveraging both known…

Crypto Developers Attacked With Malicious npm Packages to Steal Login Details A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools.…

North Korean Hackers Stealthy Linux Malware Leaked Online In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article in Phrack Magazine, includes advanced exploit tactics,…

Palo Alto Networks Released A Mega Malware Analysis Tutorials Useful for Every Malware Analyst Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers the Remcos remote access trojan (RAT). The malware’s emergence highlights a trend in which threat actors increasingly abuse legitimate development environments…

Ransomware Actors Blending Legitimate Tools with Custom Malware to Evade Detection The cybersecurity landscape faces a new sophisticated threat as the Crypto24 ransomware group demonstrates an alarming evolution in attack methodology, seamlessly blending legitimate administrative tools with custom-developed malware to execute precision strikes against high-value targets. This emerging ransomware operation has successfully compromised organizations across…

Google Requires Crypto App Developers to Have License or Certification From Relevant Authorities Google Play has implemented comprehensive licensing requirements for cryptocurrency exchanges and software wallets, fundamentally reshaping the mobile app ecosystem for digital asset services. The policy mandates that developers seeking to publish cryptocurrency applications must obtain specific licenses and certifications from relevant financial…

Threat Actors Using CrossC2 Tool to Expand Cobalt Strike to Operate on Linux and macOS A sophisticated threat campaign has emerged that leverages CrossC2, an unofficial extension tool that expands Cobalt Strike’s notorious capabilities beyond Windows systems to target Linux and macOS environments. Between September and December 2024, cybersecurity incidents involving this cross-platform malware have…

Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot A sophisticated new malware campaign targeting Windows systems has emerged, employing a multi-stage framework dubbed “PS1Bot” that combines PowerShell and C# components to conduct extensive information theft operations. The malware represents a significant evolution in attack methodologies, utilizing modular architecture and in-memory execution techniques…

ShinyHunters Possibly Collaborates With Scattered Spider in Salesforce Attack Campaigns The notorious ShinyHunters cybercriminal group has emerged from a year-long hiatus with a sophisticated new wave of attacks targeting Salesforce platforms across major organizations, including high-profile victims like Google. This resurgence marks a significant tactical evolution for the financially motivated threat actors, who have traditionally…

Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 The cybersecurity landscape experienced an unprecedented escalation in digital threats during the first half of 2025, with Web Distributed Denial of Service (DDoS) attacks surging by 39% compared to the second half of 2024. The second quarter alone witnessed a staggering…

VexTrio Hackers Attacking Users via Fake CAPTCHA Robots and Malicious Apps into Google Play and App Store A sophisticated cybercriminal organization known as VexTrio has been orchestrating a massive fraud empire through deceptive CAPTCHA robots and malicious applications distributed across Google Play and the App Store. This criminal network, operating for over 15 years, has…

Ukrainian Web3team Weaponizing NPM Package to Attack Job Seekers and Steal Sensitive Data A sophisticated cybercriminal operation disguised as a Ukrainian Web3 development team has been targeting job seekers through weaponized NPM packages, security researchers warn. The attack leverages fake interview processes to trick unsuspecting candidates into downloading and executing malicious code that steals cryptocurrency…