Category: Cyber Security

Bloody Wolf Hackers Attacking Organizations to Deploy NetSupport RAT and Gain Remote Access Stan Ghouls, a cybercriminal group also known as Bloody Wolf, has launched a sophisticated wave of targeted attacks against organizations across Russia and Uzbekistan. Active since at least 2023, the group focuses heavily on the manufacturing, finance, and IT sectors. While they…

Chinese Hackers Attacking Singapore’s Telecommunications Sector to Compromise Edge Devices Singapore’s telecommunications sector has recently been the target of a highly sophisticated cyber espionage campaign orchestrated by the Advanced Persistent Threat (APT) group known as UNC3886. The details of this extensive intrusion were formally disclosed following Operation CYBER GUARDIAN, a major multi-agency response led by…

Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols A new cyber espionage cluster has recently emerged, focusing its aggressive targeting on Russian government and defense organizations. Active since at least December 2025, the group, designated as Vortex Werewolf, employs a combination of social engineering and legitimate…

New Telegram Phishing Attack Abuses Authentication Workflows to Obtain Full Authorized User Sessions A sophisticated Telegram phishing campaign has re-emerged, marking a significant evolution in how threat actors compromise user accounts. Unlike traditional credential harvesting, this operation does not rely on cloning login pages to steal passwords but instead manipulates the platform’s legitimate authentication infrastructure.…

Transparent Tribe Hacker Group Attacking India’s Startup Ecosystem The threat landscape for India’s technology sector has taken an unexpected turn. A Pakistan-based hacking group called Transparent Tribe has shifted its focus from traditional government targets to the country’s vibrant startup ecosystem, particularly companies working in cybersecurity and intelligence domains. The group, also tracked as APT36,…

Bulletproof Hosting Providers Leverage Legitimate ISPsystem to Supply Servers for Cybercriminals In the constantly shifting landscape of online threats, cybercriminals have found a new way to strengthen their attacks by hiding behind legitimate technology. Late in 2025, a series of ransomware incidents revealed that attackers were using virtual machines provisioned through ISPsystem, a popular platform…

Hackers Leveraging Windows Screensaver to Deploy RMM Tools and Gain Remote Access to Systems Cybersecurity threats are constantly evolving, and a recent campaign highlights a deceptive new tactic where attackers leverage Windows screensaver (.scr) files to compromise systems. This method allows threat actors to deploy legitimate Remote Monitoring and Management (RMM) tools, granting them persistent…

Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts, or important documents.…

APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include maritime and transport organizations in nations such as Poland, Ukraine, and Turkey. The attackers are actively exploiting a critical vulnerability…

New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture A sophisticated new threat has surfaced in the wild, identified as the DesckVB RAT version 2.9. This modular Remote Access Trojan, built on the .NET framework, has been observed in active malware campaigns throughout early 2026. Unlike simple backdoors, this threat demonstrates a high level…

New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…

Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social engineering vector that…

GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but…

Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal…

Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to…

Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for…

DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts…

Google Uncovered Significant Expansion in ShinyHunters Threat Activity with New Tactics The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These cybercriminals use voice phishing and fake credential harvesting websites to steal login information from employees. Once they gain access, they extract sensitive data from…

UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and…

175,000 Exposed Ollama Hosts Enable Code Execution and External System Access A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly…

TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been…

Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting malicious websites. This tactic exploits the…

Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5060+ Downloads A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted malware code that…

Microsoft Exchange Online to Deprecate SMTP AUTH Basic Authentication for Tenants Microsoft is preparing a major security shift for cloud email customers as Exchange Online moves toward deprecating SMTP AUTH Basic Authentication for all tenants. The change targets one of the oldest and weakest ways to sign in to email systems, where usernames and passwords…

Attackers Targeting Canadian Citizens by Exploiting Their Reliance on Digital Services Attackers are increasingly targeting Canadian citizens by abusing their heavy dependence on online government and commercial services. From paying traffic fines and renewing licenses to tracking parcels and booking flights, people now expect these tasks to be quick and digital. Threat actors are taking…

Chinese National Jailed to 46 Months for Laundering Millions of Dollars Stolen from American Investors A Chinese national named Jingliang Su has been sentenced to 46 months in prison for his involvement in a major cryptocurrency fraud scheme targeting American investors. On January 27, 2026, federal courts ordered Su to serve his sentence and pay…

Fake CAPTCHA Attack Leverages Microsoft Application Virtualization (App-V) to Deploy Malware A newly discovered campaign demonstrates a sophisticated approach to delivering information-stealing malware through a combination of social engineering and legitimate Windows components. The attack begins with a deceptive CAPTCHA prompt that tricks users into executing commands manually through the Windows Run dialog, presenting the…

HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe. Recent security research has revealed that this advanced hacker collective is actively upgrading its digital arsenal with enhanced…

Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files Caminho Loader is a new Loader-as-a-Service threat that blends steganography, fileless execution, and cloud abuse to quietly deliver malware across several regions. First seen in March 2025 and believed to originate from Brazil, this service hides .NET payloads inside harmless-looking image files hosted on…

APT Hackers Attacking Indian Government Using GOGITTER Tool and GITSHELLPAD Malware Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The campaign, identified as Gopher Strike, emerged in September 2025 and represents a significant escalation in targeted cyber…

China-Aligned APTs Use PeckBirdy C&C Framework in Multi-Vector Attacks, Exploiting Stolen Certificates Since 2023, a dangerous malware framework called PeckBirdy has emerged as a primary weapon used by Chinese-aligned hacking groups. This JavaScript-based tool serves as a command-and-control platform designed to work across multiple system environments, giving attackers remarkable flexibility in how they deploy their…

New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective at bypassing…

Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware Late December 2025 brought alarming news to Poland as its energy infrastructure became the target of what security experts describe as the country’s largest cyberattack in years. The Russian-aligned Sandworm group, known for orchestrating some of the most damaging attacks on critical infrastructure, emerged as…

20,000 WordPress Sites Affected by Backdoor Vulnerability Allowing Malicious Admin User Creation A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of websites at risk…

North Korean Hackers Adopted AI to Generate Malware Attacking Developers and Engineering Teams North Korea–aligned hackers have launched a new campaign that turns artificial intelligence into a weapon against software teams. Using AI-written PowerShell code, the group known as KONNI is delivering a stealthy backdoor that blends real project content with malicious scripts. This operation…

New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older…

New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the scenes…

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use more than 2,500 validly…

New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework The cybersecurity landscape has entered a dangerous new chapter with the discovery of VoidLink, the first documented advanced malware framework built almost entirely by artificial intelligence. Unlike earlier attempts where inexperienced hackers used AI to create basic malicious…