Category: Cyber Security

Attackers Leverages LinkedIn to Deliver Remote Access Trojan Targeting Corporate Environments A sophisticated phishing campaign is actively exploiting LinkedIn’s trusted social media platform to distribute a dangerous remote access trojan to corporate employees. Attackers are leveraging the professional credibility of LinkedIn to craft convincing messages that appear legitimate, making employees more likely to download and…

Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the user’s clipboard,…

Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting credentials, documents, keystrokes, and screenshots…

Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users searching for appliance manuals…

CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy tools online, malicious advertisements…

17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,”…

Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from providers like Google, Microsoft…

Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that attacks targeting these systems…

Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers Threat actors linked to Chinese hosting infrastructure have established a massive network of over 18,000 active command-and-control servers across 48 different hosting providers in recent months. This widespread abuse highlights a serious issue in how malicious infrastructure can hide within trusted networks and…

Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks targeting multiple sectors including federal…

Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web blog to pressure…

New Magecart Attack Steals Customers Credit Cards from Website Checkout Pages A sophisticated web-skimming campaign targeting online shoppers has emerged with renewed intensity in 2026, compromising e-commerce websites and extracting sensitive payment information during checkout processes. The attack, identified as part of the broader Magecart family of threats, represents an evolving challenge to online retail…

Hackers Leverage Browser-in-the-browser Tactic to Trick Facebook Users and Steal Logins Facebook users are increasingly becoming targets of a sophisticated phishing technique that bypasses conventional security measures. With over three billion active users on the platform, Facebook represents an attractive target for attackers seeking to compromise accounts and harvest personal credentials. The primary objective of…

AsyncRAT Leveraging Cloudflare’s Free-Tier Services to Mask Malicious Activities and Detection A recent AsyncRAT campaign is using Cloudflare’s free tier services and TryCloudflare tunnels to hide remote access activity inside normal looking cloud traffic. In these attacks, threat actors send phishing emails that link to a Dropbox hosted ZIP archive named to look like an…

ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details A new wave of attacks is using the ValleyRAT_S2 malware to quietly break into organizations, stay hidden for long periods, and steal sensitive financial information. ValleyRAT_S2 is the second-stage payload of the ValleyRAT family and is written in C++. Once inside a network, it…

Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware Cybersecurity threats continue to evolve with attackers using more creative social engineering techniques to target organizations. A recent threat has emerged involving the Guloader malware, which is being disguised as employee performance reports to trick users into downloading and executing malicious files. This sophisticated attack…

Everest Hacking Group Allegedly Claims Breach of Nissan Motors Everest hacking group has allegedly claimed a major breach of Nissan Motor Co., Ltd., raising fresh concerns about data security at large automotive manufacturers. According to early reports, the cybercrime group says it exfiltrated around 900 GB of sensitive data from the Japanese carmaker, a volume…

New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped, these malicious apps exploit Near Field Communication (NFC) technology, the same wireless technology that powers contactless payments.…

New ClickFix Attack Uses Fake Windows BSOD Screens to Trick Users into Executing Malicious Code A sophisticated malware campaign called PHALTBLYX has emerged, combining social engineering deception with advanced evasion techniques to compromise hospitality sector organizations. The attack chain begins with phishing emails impersonating Booking.com, featuring urgent reservation cancellation alerts with large financial charges displayed…

Threat Actors Hacked Global Companies via Leaked Cloud Credentials from Infostealer Infections Dozens of major global enterprises have been breached through a surprisingly simple yet devastating attack vector: stolen credentials extracted from infostealer malware. A threat actor operating under the nickname “Zestix” and his alias “Sentap” has been systematically accessing corporate cloud storage platforms, including…

Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication credentials that could…

Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically, not complete device access. The group…

RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to…

Potential Wallet Phishing Campaign Targets Cardano Users via ‘Eternl Desktop’ Announcement A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed for secure Cardano token…

Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics After a decade of disappearing from the cybersecurity landscape, the Careto threat group, also known as “The Mask,” has resurfaced with sophisticated new attack methods targeting high-profile organizations. Security researchers have identified fresh evidence of Careto’s activity, revealing how the group…

Self-Propagating GlassWorm Weaponizing VS Code Extensions to Attack macOS Users A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads. The fourth wave introduces several…

New Cybercrime Tool ErrTraffic Let Attackers Automate ClickFix Attacks A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages push people to manually execute malicious…

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational sophistication rarely seen…

Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits against enterprise software. This shift fundamentally challenges…

Threat Actors Advertising AI-Enhanced Metamorphic Crypter with Claims of Windows Defender Bypass Dark web forums have become a marketplace for sophisticated malware tools, with threat actors continuously refining their capabilities to stay ahead of security solutions. The latest concerning development involves an emerging AI-powered crypter service that promises unprecedented evasion abilities, putting enterprise environments at…

Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack demonstrates a significant…

Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses.…

EmEditor Editor Website Hacked to Deliver Infostealer Malware in Supply Chain Attack A major supply chain attack targeting EmEditor, a widely used text editor software, has exposed millions of users to sophisticated infostealer malware. Between December 19 and December 22, 2025, the official EmEditor website fell victim to unauthorized modification, serving compromised installer files to…

Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable disguised as a tax-related…

New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string “OUTL,” has been…

Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to another without facing obstacles. However,…