Category: Threats

New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped, these malicious apps exploit Near Field Communication (NFC) technology, the same wireless technology that powers contactless payments.…

New ClickFix Attack Uses Fake Windows BSOD Screens to Trick Users into Executing Malicious Code A sophisticated malware campaign called PHALTBLYX has emerged, combining social engineering deception with advanced evasion techniques to compromise hospitality sector organizations. The attack chain begins with phishing emails impersonating Booking.com, featuring urgent reservation cancellation alerts with large financial charges displayed…

Threat Actors Hacked Global Companies via Leaked Cloud Credentials from Infostealer Infections Dozens of major global enterprises have been breached through a surprisingly simple yet devastating attack vector: stolen credentials extracted from infostealer malware. A threat actor operating under the nickname “Zestix” and his alias “Sentap” has been systematically accessing corporate cloud storage platforms, including…

Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication credentials that could…

Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically, not complete device access. The group…

RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to…

Potential Wallet Phishing Campaign Targets Cardano Users via ‘Eternl Desktop’ Announcement A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed for secure Cardano token…

Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics After a decade of disappearing from the cybersecurity landscape, the Careto threat group, also known as “The Mask,” has resurfaced with sophisticated new attack methods targeting high-profile organizations. Security researchers have identified fresh evidence of Careto’s activity, revealing how the group…

Self-Propagating GlassWorm Weaponizing VS Code Extensions to Attack macOS Users A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads. The fourth wave introduces several…

New Cybercrime Tool ErrTraffic Let Attackers Automate ClickFix Attacks A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages push people to manually execute malicious…

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational sophistication rarely seen…

Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits against enterprise software. This shift fundamentally challenges…

Threat Actors Advertising AI-Enhanced Metamorphic Crypter with Claims of Windows Defender Bypass Dark web forums have become a marketplace for sophisticated malware tools, with threat actors continuously refining their capabilities to stay ahead of security solutions. The latest concerning development involves an emerging AI-powered crypter service that promises unprecedented evasion abilities, putting enterprise environments at…

Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack demonstrates a significant…

Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses.…

EmEditor Editor Website Hacked to Deliver Infostealer Malware in Supply Chain Attack A major supply chain attack targeting EmEditor, a widely used text editor software, has exposed millions of users to sophisticated infostealer malware. Between December 19 and December 22, 2025, the official EmEditor website fell victim to unauthorized modification, serving compromised installer files to…

Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable disguised as a tax-related…

New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string “OUTL,” has been…

Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to another without facing obstacles. However,…

Evasive Panda APT Using AitM Attack and DNS Poisoning to Deliver Malware The Evasive Panda APT group, also known as Bronze Highland, Daggerfly, and StormBamboo, has been running targeted campaigns since November 2022, using advanced techniques to deliver the MgBot malware. The group employs adversary-in-the-middle attacks combined with DNS poisoning to compromise specific victims across…

Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations Security researchers at Seqrite Labs have identified a campaign called Operation IconCat, targeting Israeli organizations with weaponized documents designed to look like legitimate security tools. The attacks began in November 2025 and have compromised multiple companies across information technology, staffing services, and…

Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass A malicious actor known as AlphaGhoul has begun promoting a tool called NtKiller, designed to silently shut down antivirus software and endpoint detection tools. The tool was posted on an underground forum where criminals gather to buy and sell hacking services.…

WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users A new malware campaign has surfaced that uses GitHub repositories to spread the WebRAT malware by disguising it as proof-of-concept exploits and gaming utilities. The malware targets users searching for game cheats, pirated software, and application patches, particularly for popular titles like Rust,…

Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over 2,180 users through the…

Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The discovery reveals how sophisticated threat actors repurpose benign software to gain complete control over compromised systems while evading traditional security…

Hackers Using ClickFix Technique to Hide Images within the Image Files Threat actors have evolved their attack strategies by combining the deceptive ClickFix social engineering lure with advanced steganography techniques to conceal malicious payloads within PNG image files. This sophisticated approach, discovered by Huntress analysts, represents a significant shift in how cybercriminals deliver information-stealing malware…

Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are…

BlueDelta Hackers Attacking Users of Widely Used Ukrainian Webmail and News Service A new credential-harvesting campaign has been discovered targeting users of UKR.NET, a popular Ukrainian webmail and news platform. The attacks are linked to BlueDelta, a Russian state-sponsored hacker group also known as APT28, Fancy Bear, and Forest Blizzard. This group has been running…

Clop Ransomware Group Exploiting Gladinet CentreStack Servers to Steal Data The Clop ransomware group has launched a new data extortion campaign targeting Internet-facing Gladinet CentreStack file servers, marking another chapter in the threat actor’s pattern of exploiting file transfer solutions. The campaign appears to leverage multiple security weaknesses in CentreStack and its sister product Triofox,…

China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware A sophisticated cyberespionage campaign targeting governmental entities in Southeast Asia and Japan has unveiled a new China-aligned threat actor dubbed LongNosedGoblin. Active since at least September 2023, this advanced persistent threat (APT) group distinguishes itself by leveraging a diverse toolset of custom C#/.NET malware families.…

Kimwolf Android Botnet Hijacked 1.8 Million Android Devices Worldwide A massive botnet targeting Android devices has emerged as one of the most significant threats in the cybersecurity landscape today. Named Kimwolf, this sophisticated malware has compromised approximately 1.8 million Android devices worldwide, including smart TVs, set-top boxes, tablets, and other Android-based systems. Security researchers discovered…

New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within their own interface icons.…

BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass standard email security…

APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been recognized as a state-sponsored actor with…

Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift in tactics. Instead of focusing…

New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to grant attackers…

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation. While initial attacks primarily deployed cryptocurrency miners, security…

Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick…

Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help. Victims search for a fix to a sound problem, click a sponsored ChatGPT result, and are shown what looks like a normal chat…

Hackers Infiltrate VS Code Marketplace with 19 Malicious Extensions Posing as PNG File Security researchers have uncovered a significant threat targeting developers through the VS Code Marketplace. A coordinated campaign involving 19 malicious extensions has been actively infiltrating the platform, with the attack remaining undetected since February 2025. These deceptive extensions carry hidden malware in…

Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection The cybercriminal landscape has recently witnessed the aggressive rise of “Shanya,” a potent packer-as-a-service and EDR killer now fueling major ransomware operations. Emerging on underground forums in late 2024 under the alias “VX Crypt,” this tool was engineered to supersede previous…

ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain…

Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms.…

Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and…

Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR)…

BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced kernel-level access with powerful evasion…

Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July 2025, security researchers discovered…

4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign A sophisticated threat group operating under the name ShadyPanda has successfully compromised millions of browser users through a methodical seven-year campaign targeting popular Chrome and Edge extensions. The attack represents a significant breach of user trust, as the malicious extensions gained verified status…

Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ The 2025 holiday season has unleashed an unprecedented wave of cyber threats, with attackers deploying industrialized infrastructure to exploit the global surge in online commerce. This year’s threat landscape is characterized by a calculated expansion of deceptive digital assets, where criminals leverage automated tools…

Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a list of individuals working in these critical sectors, accompanied by hostile descriptions that falsely label them as criminals.…

Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent security analysis reveals a concerning trend where threat actors are systematically targeting network operators, media platforms, and broadcasting services to…

Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software. Attackers have created fake cracked versions of the game and fraudulent game trainers, spreading…

Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called FlexibleFerret, is attributed to North Korean operators and represents a continuing evolution of the Contagious Interview campaign…

Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform. Validin security researchers have uncovered a new variant of what they call the “Contagious Interview” operation, designed to…

AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have…

Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly…

UNC1549 Hackers with Custom Tools Attacking Aerospace and Defense Systems to Steal Logins Since mid-2024, a sophisticated Iranian-backed threat group known as UNC1549 has been conducting targeted campaigns against aerospace, aviation, and defense organizations across the globe. The hackers employ an advanced dual approach, combining carefully crafted phishing campaigns with the exploitation of trusted connections…

Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups Lynx ransomware has emerged as a significant threat to enterprise environments, with recent intrusions demonstrating sophisticated attack strategies that prioritize data exfiltration and infrastructure destruction. The malware campaign combines compromised credentials with careful planning to ensure maximum impact on target networks.…

Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a…

RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that…

A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was…

Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of…

Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North…

Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The…

Malicious Chrome Extension as Ethereum Wallet Enables Full Wallet Takeover A deceptive Chrome extension named Safery: Ethereum Wallet has emerged as a serious threat to cryptocurrency users. Published on the Chrome Web Store on November 12, 2024, this extension masquerades as a secure Ethereum wallet while secretly stealing user seed phrases. The malware’s sophisticated design…

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running commands directly into their operating systems command line interface, ultimately installing dangerous information-stealing…

Kraken Cross-Platform Ransomware Attacking Windows, Linux, and VMware ESXi Systems in Enterprise Environments In August 2025, a new ransomware threat emerged with capabilities that fundamentally changed how organizations should approach enterprise security. Kraken, a Russian-speaking cybercriminal group, began executing sophisticated attacks targeting large organizations across multiple continents. What makes Kraken particularly dangerous is its ability…

New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents…

New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including automotive, education, real…

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware A sophisticated wave of ransomware attacks targeting UK organizations has emerged in 2025, exploiting vulnerabilities in the widely-used SimpleHelp Remote Monitoring and Management platform. Two prominent ransomware groups, Medusa and DragonForce, have weaponized three critical vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) to gain unauthorized access…

German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to numerous high-risk hosting networks. Operating from its primary facility at Tornado Datacenter GmbH & Co. KG in…

ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate victims into executing malicious code directly on their devices through deceptive copy-and-paste mechanisms. The threat has evolved beyond…

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus A sophisticated banking trojan named Herodotus has emerged as a significant threat to Android users worldwide. Operating as Malware-as-a-Service, this malicious application disguises itself as a legitimate tool to trick users into downloading and installing an APK file outside the official Play Store. Once…

AI Browsers Bypass Content PayWall Mimicking as a Human-User The emergence of advanced AI browsing platforms such as OpenAI’s Atlas and Perplexity’s Comet has created a sophisticated challenge for digital publishers worldwide. These tools leverage agentic capabilities designed to execute complex, multistep tasks that fundamentally transform how content is accessed and consumed online. Unlike traditional…

Sandworm Hackers Attacking Ukranian Organizations with Data Wiper Malwares The Russia-aligned Sandworm threat group has intensified its destructive cyberattacks against Ukrainian organizations, deploying sophisticated data wiper malware designed to cripple critical infrastructure and economic operations. Unlike traditional cyberespionage campaigns, Sandworm’s recent operations focus exclusively on destruction, targeting governmental entities, energy providers, logistics companies, and the…

APT-C-60 Attacking Job Seekers to Download Weaponized VHDX File from Google Drive to Steal Sensitive Data A sophisticated espionage campaign targeting recruitment professionals has emerged, with the APT-C-60 threat group weaponizing VHDX files to compromise organizations. The threat actors impersonate job seekers in spear-phishing emails sent to recruitment staff, exploiting trust relationships to deliver malicious…

Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks European organizations are facing an unprecedented wave of ransomware attacks as cybercriminals increasingly integrate artificial intelligence tools into their operations. Since January 2024, big game hunting threat actors have named approximately 2,100 Europe-based victims on more than 100 dedicated leak sites, representing a…

Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials Silent Lynx, a sophisticated threat group that has been tracked since 2024, continues its relentless espionage campaign against government entities across Central Asia. Seqrite analysts identified the group as the first to assign this nomenclature, distinguishing it from multiple overlapping aliases including YoroTrooper, Sturgeon…

Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish…

Hackers Weaponizing Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target European diplomatic entities across Hungary, Belgium, Serbia, Italy, and the Netherlands. Arctic Wolf researchers identified this sophisticated cyber espionage campaign operating throughout September and October 2025, representing a significant…

Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations across East and Southeast Asia. The campaign leverages carefully crafted ZIP file lures combined with region-specific web templates to deceive users into downloading staged malware droppers. Recent analysis…

Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access Threat actors operating under the control of North Korea’s regime have demonstrated continued technical sophistication by introducing advanced malware toolsets designed to establish persistent backdoor access and remote control over compromised systems. Recent findings have revealed that Kimsuky, known for orchestrating…

Threat Actors Weaponizes Judicial Documents to Deliver PureHVNC RAT Between August and October 2025, a sophisticated phishing campaign has emerged targeting Colombian and Spanish-speaking users through deceptive emails masquerading as official communications from Colombia’s Attorney General’s office. The campaign employs a carefully crafted social engineering strategy, luring victims with notifications about supposed lawsuits processed through…

Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics Ukrainian government organizations continue facing relentless cyber threats from Russian-backed threat actors employing sophisticated evasion techniques to maintain persistent network access. Recent investigations have uncovered coordinated campaigns targeting critical infrastructure and government entities, with attackers deploying advanced tactics that circumvent traditional security defenses. These operations represent…

New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network The Beast ransomware group has emerged as a significant threat in the cybersecurity landscape, evolving from the Monster ransomware strain to establish itself as a formidable Ransomware-as-a-Service operation. Officially launched in February 2025, the group rapidly expanded their infrastructure…

81% Router Usres Have Not Changed Default Admin Passwords, Exposing Devices to Hackers In late 2025, a staggering 81% of broadband users were found to have never changed their router’s default administrative password, opening the door to significant malware risk. This widespread negligence was revealed in Broadband Genie’s fourth major router security survey, where 3,242…

iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors for surveillance and espionage—have repeatedly demonstrated their ability to exploit zero-click…

Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control A sophisticated backdoor named Android.Backdoor.Baohuo.1.origin has been discovered in maliciously modified versions of Telegram X messenger, granting attackers complete control over victims’ accounts while operating undetected. The malware infiltrates devices through deceptive in-app advertisements and third-party app stores, masquerading as legitimate dating…

LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments The notorious LockBit ransomware operation has resurfaced with a vengeance after months of dormancy following Operation Cronos takedown efforts in early 2024. Despite law enforcement disruptions and infrastructure seizures, the group’s administrator, LockBitSupp, has successfully rebuilt the operation and launched LockBit 5.0, internally codenamed “ChuongDong.” This…

Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials Cybercriminals have adopted a sophisticated social engineering strategy that exploits the trust inherent in job hunting, according to a recent security advisory. A financially motivated threat cluster operating from Vietnam has been targeting digital advertising and marketing professionals through fake…

Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program Southeast Asia’s online gambling ecosystem has become a breeding ground for sophisticated cyber threats, with criminal networks leveraging seemingly legitimate platforms to distribute malicious software to millions of unsuspecting users. A recently uncovered operation demonstrates how threat actors exploit the region’s thriving…

New Caminho Malware Loader Uses LSB Steganography and to Hide .NET Payloads Within Image Files A sophisticated malware operation has emerged from Brazil, leveraging advanced steganographic techniques to conceal malicious payloads within seemingly harmless image files. The Caminho loader, active since at least March 2025, represents a growing threat to organizations across South America, Africa,…

New Text Message Based Phishing Attack from China Targeting Users Around the Globe A sophisticated text message phishing campaign originating from China has emerged as one of the most extensive cybersecurity threats targeting users worldwide. The operation, attributed to a threat collective known as the Smishing Triad, represents a massive escalation in SMS-based fraud, impersonating…

New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies…

Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories and sensitive data. This emerging threat exploits misconfigured storage access controls to establish persistence and exfiltrate valuable intellectual property. The…

New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment methods, threat actors are now…

Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised environments. These malicious actors are exploiting the fundamental trust mechanisms of cloud authentication systems, specifically targeting Microsoft Entra…

Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’ A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive government infrastructure…

Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in…

Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit…