Category: Threats

Threat Actors Attacking Job Seekers With Three New Unique Adversaries A significant surge in sophisticated recruitment scams has emerged, with cybercriminals exploiting economic vulnerabilities and the competitive job market to target desperate job seekers. These scams employ increasingly refined social engineering tactics that blend legitimate recruitment practices with fraudulent schemes, making them particularly effective at…

Hackers Attacking IT Admins by Poisoning SEO to Move Malware on Top of Search Results Cybersecurity experts have uncovered a sophisticated attack campaign targeting IT administrators through search engine optimization (SEO) poisoning tactics. Threat actors are leveraging advanced SEO techniques to push malicious versions of commonly used administrative tools to the top of search engine…

New Power Parasites Phishing Attack Targeting Energy Companies and Major Brands A sophisticated phishing campaign dubbed “Power Parasites” has been actively targeting global energy giants and major brands since 2024, according to a comprehensive threat report released this week. The ongoing campaign primarily exploits the names and branding of prominent energy companies including Siemens Energy,…

Russian VPS Servers With RDP, Proxy Servers Fuel North Korean Cybercrime Operations North Korea’s cybercrime operations have significantly expanded beyond the limited 1,024 IP addresses assigned to their national network through an elaborate scheme involving Russian infrastructure. According to recent findings, five Russian IP ranges, primarily located in the border towns of Khasan and Khabarovsk,…

Threat Actors Using Weaponized SVG Files to Redirect Users to Malicious Websites Phishing campaigns have evolved significantly in 2025, with threat actors increasingly leveraging unconventional file formats to bypass security solutions. A particularly concerning trend involves the weaponization of Scalable Vector Graphics (SVG) files, which are being embedded with malicious JavaScript code designed to redirect…

Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN A server briefly linked to the notorious KeyPlug malware has inadvertently exposed a comprehensive arsenal of exploitation tools specifically designed to target Fortinet firewall and VPN appliances. The infrastructure, which security researchers have attributed to the RedGolf threat group (overlapping with APT41),…

Threat Actors Weaponize Shell Techniques to Maintain Persistence and Exfiltrate Data Shells provide crucial command-line interfaces to operating systems. While legitimate for system administration tasks, when weaponized by threat actors, shells transform into dangerous avenues for unauthorized access, system control, and data theft across organizational networks. The misuse of these tools has become increasingly sophisticated,…

Sapphire Werewolf Enhances Toolkit With New Amethyst Stealer to Attack Energy Companies Cybersecurity experts have detected a sophisticated campaign targeting energy sector companies, as the threat actor known as Sapphire Werewolf deploys an enhanced version of the Amethyst stealer malware. The campaign represents a significant evolution in the group’s capabilities, featuring advanced evasion techniques and…

Google Unveils A2A Protocol That Enable AI Agents Collaborate to Automate Workflows Google has announced the launch of Agent2Agent Protocol (A2A), a groundbreaking open protocol designed to enable AI agents to communicate with each other, securely exchange information, and coordinate actions across enterprise platforms. Revealed on April 9, 2025, the protocol marks a significant advancement…

ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements…

Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing themes related to…

DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and covert threats to deep learning,…

Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented speeds. The evolution…

Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT A sophisticated phishing campaign is leveraging virtual hard disk (.vhd) files to distribute the dangerous VenomRAT malware. The attack begins with purchase order-themed emails containing archive attachments that, when extracted, reveal hard disk image files designed to evade traditional security measures. Batch file inside .vhd file…

Beware of Free File Word To PDF Converter That Delivers Malware The FBI has issued an urgent warning about the rising threat of malicious file conversion tools that are being used to spread malware across the United States. Cybercriminals are targeting users searching for free utilities to convert documents from one format to another, with…

North Korean IT Workers Using GitHub To Attack Organization Globally Cybersecurity research firm NISOS has uncovered a network of suspected North Korean IT workers who are leveraging GitHub to create elaborate fake personas aimed at securing employment with companies in Japan and the United States. These individuals pose as Vietnamese, Japanese, and Singaporean nationals while…

Google Silently Tracks Android Device Even No Apps Opened by User Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently track users without seeking…

Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server capabilities make it an attractive choice…

SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification process. The…

Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes. Google Tag Manager…

Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks A new threat to cybersecurity has emerged in the form of Devil-Traff, a bulk SMS platform designed to facilitate large-scale phishing campaigns. Leveraging advanced features such as sender ID spoofing, API integration, and support for malicious content, this platform has become a favorite tool…