Category: Cyber Security

Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable disguised as a tax-related…

New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string “OUTL,” has been…

Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to another without facing obstacles. However,…

Evasive Panda APT Using AitM Attack and DNS Poisoning to Deliver Malware The Evasive Panda APT group, also known as Bronze Highland, Daggerfly, and StormBamboo, has been running targeted campaigns since November 2022, using advanced techniques to deliver the MgBot malware. The group employs adversary-in-the-middle attacks combined with DNS poisoning to compromise specific victims across…

Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations Security researchers at Seqrite Labs have identified a campaign called Operation IconCat, targeting Israeli organizations with weaponized documents designed to look like legitimate security tools. The attacks began in November 2025 and have compromised multiple companies across information technology, staffing services, and…

Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass A malicious actor known as AlphaGhoul has begun promoting a tool called NtKiller, designed to silently shut down antivirus software and endpoint detection tools. The tool was posted on an underground forum where criminals gather to buy and sell hacking services.…

WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users A new malware campaign has surfaced that uses GitHub repositories to spread the WebRAT malware by disguising it as proof-of-concept exploits and gaming utilities. The malware targets users searching for game cheats, pirated software, and application patches, particularly for popular titles like Rust,…

Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over 2,180 users through the…

Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The discovery reveals how sophisticated threat actors repurpose benign software to gain complete control over compromised systems while evading traditional security…

Hackers Using ClickFix Technique to Hide Images within the Image Files Threat actors have evolved their attack strategies by combining the deceptive ClickFix social engineering lure with advanced steganography techniques to conceal malicious payloads within PNG image files. This sophisticated approach, discovered by Huntress analysts, represents a significant shift in how cybercriminals deliver information-stealing malware…

Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are…

BlueDelta Hackers Attacking Users of Widely Used Ukrainian Webmail and News Service A new credential-harvesting campaign has been discovered targeting users of UKR.NET, a popular Ukrainian webmail and news platform. The attacks are linked to BlueDelta, a Russian state-sponsored hacker group also known as APT28, Fancy Bear, and Forest Blizzard. This group has been running…

Clop Ransomware Group Exploiting Gladinet CentreStack Servers to Steal Data The Clop ransomware group has launched a new data extortion campaign targeting Internet-facing Gladinet CentreStack file servers, marking another chapter in the threat actor’s pattern of exploiting file transfer solutions. The campaign appears to leverage multiple security weaknesses in CentreStack and its sister product Triofox,…

China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware A sophisticated cyberespionage campaign targeting governmental entities in Southeast Asia and Japan has unveiled a new China-aligned threat actor dubbed LongNosedGoblin. Active since at least September 2023, this advanced persistent threat (APT) group distinguishes itself by leveraging a diverse toolset of custom C#/.NET malware families.…

Kimwolf Android Botnet Hijacked 1.8 Million Android Devices Worldwide A massive botnet targeting Android devices has emerged as one of the most significant threats in the cybersecurity landscape today. Named Kimwolf, this sophisticated malware has compromised approximately 1.8 million Android devices worldwide, including smart TVs, set-top boxes, tablets, and other Android-based systems. Security researchers discovered…

New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within their own interface icons.…

BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass standard email security…

APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been recognized as a state-sponsored actor with…

Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift in tactics. Instead of focusing…

New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to grant attackers…

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation. While initial attacks primarily deployed cryptocurrency miners, security…

Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick…

Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help. Victims search for a fix to a sound problem, click a sponsored ChatGPT result, and are shown what looks like a normal chat…

Hackers Infiltrate VS Code Marketplace with 19 Malicious Extensions Posing as PNG File Security researchers have uncovered a significant threat targeting developers through the VS Code Marketplace. A coordinated campaign involving 19 malicious extensions has been actively infiltrating the platform, with the attack remaining undetected since February 2025. These deceptive extensions carry hidden malware in…

Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection The cybercriminal landscape has recently witnessed the aggressive rise of “Shanya,” a potent packer-as-a-service and EDR killer now fueling major ransomware operations. Emerging on underground forums in late 2024 under the alias “VX Crypt,” this tool was engineered to supersede previous…