Category: Cyber Security

Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs The cybersecurity landscape continues to face significant threats from sophisticated information stealers, with Lumma emerging as one of the most prevalent and dangerous malware families targeting both consumer and enterprise environments. This malicious software systematically harvests enormous volumes of…

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new tools and techniques. Active since 2007, this state-sponsored threat actor has established itself as one of the…

New Wave of Crypto-Hijacking Infects 3,500+ Websites A stealth Monero-mining campaign has quietly compromised more than 3,500 websites by embedding an innocuous-looking JavaScript file called karma.js. The operation leverages WebAssembly, Web Workers, and WebSockets to siphon CPU cycles while keeping resource usage low enough to avoid user suspicion. Cside.dev analysts first noted the anomaly after…

Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices Google has filed a lawsuit in New York federal court against the operators of the BadBox 2.0 botnet, marking a significant escalation in the tech giant’s fight against cybercriminal networks. The malware campaign represents the largest known botnet of internet-connected television devices, compromising…

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s…

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN gateways. Leveraging a zero-day in a…

H2Miner Attacking Linux, Windows, and Containers to Mine Monero The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux hosts, Windows workstations, and container workloads…

Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets and conduct campaigns, creating…

Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely previews the file, hidden JavaScript executes…

Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured victims through…

Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams Microsoft has announced significant enhancements to its AI-powered security platform, marking the general availability of Microsoft Security Copilot capabilities within Microsoft Intune and Microsoft Entra. This development represents a critical milestone in the evolution of enterprise security management, as organizations…

Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager A sophisticated new ransomware strain has emerged in the cybersecurity landscape, demonstrating advanced evasion techniques and destructive capabilities that pose significant risks to organizations worldwide. The Dark 101 ransomware represents a concerning evolution in malware design, utilizing an obfuscated .NET binary to…

Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details Albemarle County, Virginia, has fallen victim to a sophisticated ransomware attack that compromised the personal information of county residents, local government employees, and public school staff. The cybercriminal operation successfully infiltrated the county’s network infrastructure, forcing officials to launch an extensive incident response…

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated…

AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege escalation from…

Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser credentials, cookies, and…

Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices, Naresh Kannan, announced that the company…

Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Rhadamanthys first surfaced in 2022 as a modular stealer sold under the Malware-as-a-Service model, but its latest campaign shows how quickly it is innovating. At the centre of the new wave is a booby-trapped CAPTCHA page dubbed ClickFix, which instructs victims to “verify” their session by…

Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network…

Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat…

Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has…

Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence Cybersecurity researchers have discovered a sophisticated attack technique that exploits Microsoft Azure Arc deployments to gain persistent access to enterprise environments. The research, conducted during recent red team operations, reveals how adversaries can leverage misconfigured Azure Arc installations…

Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed…

Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its peak. The scheme represents a significant evolution in mobile advertising…

Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware A sophisticated social engineering campaign has emerged targeting unsuspecting users through fraudulent Cloudflare verification screens, representing a new evolution in malware distribution tactics. This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on…

Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court. The case represents a significant…

TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability, conducting both financially…

Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks victims into believing…

North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Since 2024, these highly skilled operatives have enhanced their fraudulent employment schemes by leveraging AI-powered image manipulation, voice-changing…

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Despite ongoing ceasefire negotiations and diplomatic efforts,…

Androxgh0st Botnet Operators Exploiting US University For Hosting C2 Logger The Androxgh0st botnet has significantly expanded its operations since 2023, with cybercriminals now compromising prestigious academic institutions to host their command and control infrastructure. This sophisticated malware campaign has demonstrated remarkable persistence and evolution, targeting a diverse range of vulnerabilities across web applications, frameworks, and…

TeamFiltration Pentesting Tool Weaponized to Hijack Microsoft Teams, Outlook, and Other Accounts A sophisticated cyberattack campaign has weaponized a legitimate penetration testing framework to compromise thousands of Microsoft cloud accounts across hundreds of organizations worldwide. The malicious operation, designated UNK_SneakyStrike, leverages TeamFiltration, a popular cybersecurity tool originally designed for Office 365 security assessments, to conduct…

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring multiple variants designed for…

North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing a significant…

LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in nation-state cyber…

BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware A sophisticated social engineering campaign leveraging the trusted Zoom platform has emerged as the latest weapon in the arsenal of North Korean state-sponsored hackers. The BlueNoroff group, a financially motivated subgroup of the notorious Lazarus Group, has been orchestrating targeted attacks against cryptocurrency and…

NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued a critical warning about a sophisticated malware campaign dubbed “UMBRELLA STAND” that specifically targets internet-facing Fortinet FortiGate 100D series firewalls. This newly identified threat represents a significant escalation in attacks against network infrastructure devices, with the…