Category: Threats

Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution Cybercriminals are exploiting TikTok’s massive user base to distribute sophisticated malware campaigns that promise free software activation but deliver dangerous payloads instead. The attack leverages social engineering tactics reminiscent of the ClickFix technique, where unsuspecting users are tricked into executing malicious PowerShell…

North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide. The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions, with attackers shifting tactics…

New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October 2025, with cybersecurity solutions blocking over 62,000 infection attempts in just the first…

NCSC Warns of UK Experiencing Four Cyber Attacks Every Week The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly. This alarming escalation represents a dangerous shift in the threat landscape, with the NCSC managing 204 nationally significant…

Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware stealer logs for unauthorized system entry. This transition marks a significant change…

Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials A newly identified pro-Russian hacktivist group has successfully infiltrated operational technology and industrial control systems belonging to critical infrastructure organizations, employing sophisticated techniques to steal login credentials and disrupt vital services. The threat actor, known as TwoNet, represents an emerging class of hacktivists who have expanded…

Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits the widespread trust users place in the popular Homebrew package manager by creating pixel-perfect replicas of the official…

175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide Socket’s Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages that collectively accumulated over 26,000 downloads. The campaign, dubbed “Beamglea” based on consistent artifacts across all packages, represents a novel abuse of npm’s public registry and the…

Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira ransomware on enterprise networks. Beginning in July, multiple incidents of initial access via unpatched SonicWall devices were reported across North America and EMEA. Attackers…

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques…

SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and social engineering. The malware’s operators craft convincing spear-phishing e-mails under aliases such as “CPA-Payment Files,” impersonating reputable financial and research firms. Recipients encounter ISO or…

New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp, Google Photos, TikTok, and YouTube to infiltrate devices and steal sensitive user data. The malware demonstrates remarkable adaptability…

Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and other organizations, Microsoft Threat Intelligence has revealed. These attacks represent a concerning evolution in cybercriminal tactics, where hackers compromise employee accounts to gain unauthorized…

Hackers Abuse CSS Properties With Messages to Inject Malicious Codes in Hidden Text Salting Attack A sophisticated technique known as hidden text salting has emerged as a significant threat to email security systems, allowing cybercriminals to bypass detection mechanisms through the strategic abuse of cascading style sheets (CSS) properties. This attack vector enables threat actors…

IRGC-Linked APT35 Structure, Tools, and Espionage Operations Disclosed Since emerging in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its tactics to target government entities, energy firms, and diplomatic missions across the Middle East and beyond. Initially focused on credential harvesting via targeted phishing campaigns, the group has evolved…

Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign has emerged, leveraging silent PHP code injections within theme files to serve unwanted third-party scripts. The attack blends seamlessly with…

Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor has now…

Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it. From…

Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archives. The malicious campaign leverages Microsoft Excel add-in files containing the CABINETRAT backdoor, representing a significant evolution…

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google’s brand reputation, crafting convincing recruitment emails that direct victims…

Hackers Exploit Cellular Router’s API to Send Malicious SMS Messages With Weaponized Links Hackers have recently leveraged a vulnerability in the web-based management interfaces of certain cellular routers to co-opt their built-in SMS functionality for nefarious purposes. By targeting exposed APIs, attackers are able to dispatch large volumes of malicious SMS messages containing weaponized links…

Threat Actors Leveraging Dynamic DNS Providers to Use for Malicious Purposes Cybersecurity researchers are raising alarms about a growing threat vector as malicious actors increasingly exploit Dynamic DNS providers to establish robust command and control infrastructure. These publicly rentable subdomain services, traditionally designed for legitimate hosting purposes, have become the preferred platform for threat actors…

Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner cryptominer and a data-stealing payload dubbed Amatera Stealer. Attackers masquerade as the Ukrainian police, sending emails that claim…

Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive data within workflow connections. Apache Airflow…

New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in cybercriminal tactics. The…

Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers…

LummaStealer Technical Details Uncovered Using ML-Based Detection Approach LummaStealer has emerged as one of the most prolific information-stealing malware families in recent years, targeting victims across multiple industry verticals including telecommunications, healthcare, banking, and marketing. The sophisticated malware gained widespread notoriety in early 2025 when cybercriminals extensively deployed it in coordinated campaigns worldwide. Although law…

Researchers Uncovered Connections Between LAPSUS$, Scattered Spider, and ShinyHunters Hacker Groups The cybersecurity landscape continues to evolve as three of the most notorious English-speaking cybercrime groups—LAPSUS$, Scattered Spider, and ShinyHunters—have been found to share significant operational connections, tactical overlaps, and direct collaboration since 2023. These relationships have created what security experts now describe as a…

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft A sophisticated new threat has emerged in the cybersecurity landscape that represents a significant evolution in malware development. The LAMEHUG malware family, first identified by CERT-UA in July 2025, marks a concerning advancement in cyber attack methodology by integrating artificial intelligence directly into its…

New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library, embedding malicious…

Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on…

New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing…

BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to data theft and system compromise. The malicious patch, deployed on August 30, 2025, demonstrates how threat actors are increasingly exploiting…

Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially…

Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication. Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with…

Threat Actors Selling New Undetectable RAT as ’ScreenConnect FUD Alternative’ A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect. The malware is being sold with a suite of advanced features designed to bypass…

Global Spyware Markets to Identify New Entities Entering The Market The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial assessment to 561 organizations, fundamentally…

New Phishing Attack Targets Facebook Users to Steal Login Credentials A sophisticated phishing campaign has recently emerged, targeting Facebook users with carefully crafted emails designed to harvest login credentials. Attackers leverage the platform’s own external URL warning system to cloak malicious links, presenting URLs that appear legitimate while redirecting victims to counterfeit Facebook login pages.…

Splunk Releases Guide to Detect Remote Employment Fraud Within Your Organization Detecting remote employment fraud has become a critical priority for organizations striving to secure their digital onboarding processes and safeguard sensitive systems. In recent months, threat actors posing as legitimate hires have leveraged sophisticated tactics to bypass pre-hire screenings and embed themselves within corporate…

Raven Stealer Attacking Google Chrome Users to Steal Sensitive Data Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware distinguishes itself through a modular architecture and stealthy design, allowing it to harvest sensitive information without alerting victims. Delivered predominantly…

Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT Python developers face a growing threat from typosquatted packages in the Python Package Index (PyPI), with malicious actors increasingly targeting this trusted repository to distribute sophisticated malware. Recent discoveries have exposed a concerning trend where threat actors create packages that closely mimic legitimate libraries, using…

SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader reemerged…

New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers that appear…

AISURU Botnet With 300,000 Hijacked Routers Behind The Recent Massive 11.5 Tbps DDoS Attack Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet leveraged…

New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. First documented on September 5 when a Sri Lankan food manufacturer fell victim, the threat actor behind Yurei adopted a double-extortion model:…

DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents to deliver a multi-stage JavaScript-based payload. Upon opening the archive, victims execute a VBE script that leverages Windows Script Host to…

New VoidProxy PhaaS Service Attacking Microsoft 365 and Google Accounts In recent months, security teams have observed a significant increase in sophisticated phishing campaigns leveraging a newly discovered Phishing-as-a-Service (PhaaS) platform dubbed VoidProxy. The operation, first detected in August 2025, combines multiple anti-analysis techniques and adversary-in-the-middle (AitM) capabilities to target Microsoft 365 and Google accounts…

New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits SVG (Scalable Vector Graphics) files and email attachments to distribute dangerous Remote Access Trojans, specifically XWorm and Remcos RAT. This emerging threat represents a significant evolution in attack methodologies, as threat actors…

Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints A sophisticated backdoor malware known as Backdoor.WIN32.Buterat has emerged as a significant threat to enterprise networks, demonstrating advanced persistence techniques and stealth capabilities that enable attackers to maintain long-term unauthorized access to compromised systems. The malware has been identified targeting government and corporate environments through…

New Malvertising Campaign Leverages GitHub Repository to Deliver Malware A sophisticated malvertising campaign has emerged, exploiting GitHub repositories through dangling commits to distribute malware via fake GitHub Desktop clients. This novel attack vector represents a significant evolution in cybercriminal tactics, leveraging the trust and legitimacy associated with GitHub’s platform to deceive unsuspecting users into downloading…

EvilAI as AI-enhanced Tools to Exfiltrate Sensitive Browser Data and Evade Detections A sophisticated malware campaign has emerged that leverages artificial intelligence to create deceptively legitimate applications, marking a significant evolution in cyberthreat tactics. The EvilAI malware family represents a new breed of threats that combines AI-generated code with traditional trojan techniques to infiltrate systems…

U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China U.S. federal authorities have launched an investigation into a sophisticated malware campaign that targeted sensitive trade negotiations between Washington and Beijing. The attack, which surfaced in July 2025, involved fraudulent emails purportedly sent by Representative John Moolenaar, chairman of the House Select Committee on Strategic…

Atomic Stealer Disguised as Cracked Software Attacking macOS Users A sophisticated malware campaign targeting macOS users has emerged, exploiting the widespread desire for free software to deliver the notorious Atomic macOS Stealer (AMOS). This information-stealing malware masquerades as cracked versions of popular applications, tricking unsuspecting users into compromising their own systems while believing they are…

Lazarus APT Hackers Using ClickFix Technique to Steal Sensitive Intelligence Data The notorious Lazarus APT group has evolved its attack methodology by incorporating the increasingly popular ClickFix social engineering technique to distribute malware and steal sensitive intelligence data from targeted organizations. This North Korean-linked threat actor, internally tracked as APT-Q-1 by security researchers, has demonstrated…

Australian Authorities Uncovered Activities and Careers of Ransomware Criminal Groups Ransomware has emerged as one of the most devastating cybercrime threats in the contemporary digital landscape, with criminal organizations operating sophisticated billion-dollar enterprises that target critical infrastructure across multiple nations. Between 2020 and 2022, ransomware groups conducted over 865 documented attacks against organizations in Australia,…

SafePay Ransomware Claiming Attacks Over 73 Victim Organizations in a Single Month A new ransomware threat has emerged as one of 2025’s most prolific cybercriminal operations, with SafePay ransomware claiming attacks against 73 victim organizations in June alone, followed by 42 additional victims in July. This surge has positioned SafePay as a significant threat actor…

143,000 Malware Files Attacked Android and iOS Device Users in Q2 2025 Cybercriminals unleashed a massive wave of mobile malware attacks during the second quarter of 2025, with security researchers detecting nearly 143,000 malicious installation packages targeting Android and iOS devices. This surge represents a significant escalation in mobile cyber threats, affecting millions of users…

New Report Claims Microsoft Used China-Based Engineers For SharePoint Support and Bug Fixing A recent investigation has revealed that Microsoft employed China-based engineers to maintain and support SharePoint software, the same collaboration platform that was recently compromised by Chinese state-sponsored hackers. This revelation raises significant concerns about cybersecurity practices and potential insider threats within critical…

TAG-150 Hackers Deploying Self-Developed Malware Families to Attack Organizations A sophisticated new threat actor designated TAG-150 has emerged as a significant cybersecurity concern, demonstrating rapid development capabilities and technical sophistication in deploying multiple self-developed malware families since March 2025. The group has successfully created and deployed CastleLoader, CastleBot, and their latest creation, CastleRAT, a previously…

Colombian Malware Weaponizing SWF and SVG to Bypass Detection A previously unseen malware campaign began circulating in early August 2025, through email attachments and web downloads, targeting users in Colombia and beyond. By leveraging two distinct vector-based file formats—Adobe Flash SWF and Scalable Vector Graphics (SVG)—the attackers crafted a multiphase operation that evaded traditional antivirus…

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments Over the past several years, a concerted campaign by Chinese state-sponsored Advanced Persistent Threat (APT) groups has exploited critical vulnerabilities in enterprise-grade routers to establish long-term footholds within global telecommunications and government networks. These actors, often identified under monikers such as Salt Typhoon and OPERATOR…

Massive IPTV Hosted Across More Than 1,000 Domains and Over 10,000 IP Addresses A sprawling network of illicit Internet Protocol Television (IPTV) services has been discovered, operating across more than 1,100 domains and in excess of 10,000 IP addresses. This sprawling infrastructure, which has remained active for several years, delivers unauthorized streams of premium content—including…

New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source…

XWorm Malware With New Infection Chain Evade Detection Exploiting User and System Trust Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions. Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign documents. Security…

Threat Actors Attack PayPal Users in New Account Profile Set up Scam A sophisticated phishing campaign targeting PayPal’s massive user base has emerged, utilizing deceptive “Set up your account profile” emails to compromise user accounts through an ingenious secondary user addition scheme. The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass…

New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming infected machines…

New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a Windows service and an injected…

Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns and malicious downloads. These…

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to redirect unsuspecting visitors to malicious…

AI Waifu RAT Attacking Users With Novel Social Engineering Techniques A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative AI character enhancement tool that…

New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques to bypass Apple’s…

New Malware Attack Exploiting TASPEN’s Legacy to Target Indonesian Senior Citizens A sophisticated malware campaign has emerged, targeting Indonesia’s most vulnerable digital citizens through a calculated exploitation of trust in the nation’s pension fund system. The malicious operation impersonates PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund managing over $15.9 billion…

TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures Over the past year, a shadowy threat actor known as TAG-144—also tracked under aliases Blind Eagle and APT-C-36—has intensified operations against South American government institutions. First observed in 2018, this group has adopted an array of commodity remote access trojans (RATs) such as AsyncRAT,…

China-based Threat Actor Mustang Panda’s Tactics, Techniques, and Procedures Unveiled China-based threat actor Mustang Panda has emerged as one of the most sophisticated cyber espionage groups operating in the current threat landscape, with operations dating back to at least 2014. This advanced persistent threat (APT) group has systematically targeted government entities, nonprofit organizations, religious institutions,…

New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his wife with an infallible…

Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected…

Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared…

Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers infiltrated Fanava Group,…

Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS…

Chinese MURKY PANDA Attacking Government and Professional Services Entities A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation…

Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through the official Google…

New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are…

Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate…

New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS), developed by…

Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking collective “Yemen Cyber Army,” was sentenced…

Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool while secretly…

Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s advanced capabilities in leveraging both known…

Crypto Developers Attacked With Malicious npm Packages to Steal Login Details A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools.…

North Korean Hackers Stealthy Linux Malware Leaked Online In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article in Phrack Magazine, includes advanced exploit tactics,…

Palo Alto Networks Released A Mega Malware Analysis Tutorials Useful for Every Malware Analyst Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers the Remcos remote access trojan (RAT). The malware’s emergence highlights a trend in which threat actors increasingly abuse legitimate development environments…

Ransomware Actors Blending Legitimate Tools with Custom Malware to Evade Detection The cybersecurity landscape faces a new sophisticated threat as the Crypto24 ransomware group demonstrates an alarming evolution in attack methodology, seamlessly blending legitimate administrative tools with custom-developed malware to execute precision strikes against high-value targets. This emerging ransomware operation has successfully compromised organizations across…

Google Requires Crypto App Developers to Have License or Certification From Relevant Authorities Google Play has implemented comprehensive licensing requirements for cryptocurrency exchanges and software wallets, fundamentally reshaping the mobile app ecosystem for digital asset services. The policy mandates that developers seeking to publish cryptocurrency applications must obtain specific licenses and certifications from relevant financial…

Threat Actors Using CrossC2 Tool to Expand Cobalt Strike to Operate on Linux and macOS A sophisticated threat campaign has emerged that leverages CrossC2, an unofficial extension tool that expands Cobalt Strike’s notorious capabilities beyond Windows systems to target Linux and macOS environments. Between September and December 2024, cybersecurity incidents involving this cross-platform malware have…

Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot A sophisticated new malware campaign targeting Windows systems has emerged, employing a multi-stage framework dubbed “PS1Bot” that combines PowerShell and C# components to conduct extensive information theft operations. The malware represents a significant evolution in attack methodologies, utilizing modular architecture and in-memory execution techniques…

ShinyHunters Possibly Collaborates With Scattered Spider in Salesforce Attack Campaigns The notorious ShinyHunters cybercriminal group has emerged from a year-long hiatus with a sophisticated new wave of attacks targeting Salesforce platforms across major organizations, including high-profile victims like Google. This resurgence marks a significant tactical evolution for the financially motivated threat actors, who have traditionally…

Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 The cybersecurity landscape experienced an unprecedented escalation in digital threats during the first half of 2025, with Web Distributed Denial of Service (DDoS) attacks surging by 39% compared to the second half of 2024. The second quarter alone witnessed a staggering…

VexTrio Hackers Attacking Users via Fake CAPTCHA Robots and Malicious Apps into Google Play and App Store A sophisticated cybercriminal organization known as VexTrio has been orchestrating a massive fraud empire through deceptive CAPTCHA robots and malicious applications distributed across Google Play and the App Store. This criminal network, operating for over 15 years, has…

Ukrainian Web3team Weaponizing NPM Package to Attack Job Seekers and Steal Sensitive Data A sophisticated cybercriminal operation disguised as a Ukrainian Web3 development team has been targeting job seekers through weaponized NPM packages, security researchers warn. The attack leverages fake interview processes to trick unsuspecting candidates into downloading and executing malicious code that steals cryptocurrency…

Wikipedia Lost Legal Battle Against The UK’s Online Safety ACT Regulations Wikipedia has suffered a significant legal defeat in its attempt to avoid being classified under the UK’s stringent Online Safety Act regulations. The High Court ruled against the Wikimedia Foundation and a Wikipedia user, known only as “BLN,” who challenged the Secretary of State’s…