Tag: cyber-security-news

Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials A newly identified pro-Russian hacktivist group has successfully infiltrated operational technology and industrial control systems belonging to critical infrastructure organizations, employing sophisticated techniques to steal login credentials and disrupt vital services. The threat actor, known as TwoNet, represents an emerging class of hacktivists who have expanded…

Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits the widespread trust users place in the popular Homebrew package manager by creating pixel-perfect replicas of the official…

175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide Socket’s Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages that collectively accumulated over 26,000 downloads. The campaign, dubbed “Beamglea” based on consistent artifacts across all packages, represents a novel abuse of npm’s public registry and the…

Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira ransomware on enterprise networks. Beginning in July, multiple incidents of initial access via unpatched SonicWall devices were reported across North America and EMEA. Attackers…

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques…

SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and social engineering. The malware’s operators craft convincing spear-phishing e-mails under aliases such as “CPA-Payment Files,” impersonating reputable financial and research firms. Recipients encounter ISO or…

New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp, Google Photos, TikTok, and YouTube to infiltrate devices and steal sensitive user data. The malware demonstrates remarkable adaptability…

Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and other organizations, Microsoft Threat Intelligence has revealed. These attacks represent a concerning evolution in cybercriminal tactics, where hackers compromise employee accounts to gain unauthorized…

Hackers Abuse CSS Properties With Messages to Inject Malicious Codes in Hidden Text Salting Attack A sophisticated technique known as hidden text salting has emerged as a significant threat to email security systems, allowing cybercriminals to bypass detection mechanisms through the strategic abuse of cascading style sheets (CSS) properties. This attack vector enables threat actors…

IRGC-Linked APT35 Structure, Tools, and Espionage Operations Disclosed Since emerging in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its tactics to target government entities, energy firms, and diplomatic missions across the Middle East and beyond. Initially focused on credential harvesting via targeted phishing campaigns, the group has evolved…

Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign has emerged, leveraging silent PHP code injections within theme files to serve unwanted third-party scripts. The attack blends seamlessly with…

Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it. From…

Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor has now…

Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archives. The malicious campaign leverages Microsoft Excel add-in files containing the CABINETRAT backdoor, representing a significant evolution…

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google’s brand reputation, crafting convincing recruitment emails that direct victims…

Hackers Exploit Cellular Router’s API to Send Malicious SMS Messages With Weaponized Links Hackers have recently leveraged a vulnerability in the web-based management interfaces of certain cellular routers to co-opt their built-in SMS functionality for nefarious purposes. By targeting exposed APIs, attackers are able to dispatch large volumes of malicious SMS messages containing weaponized links…

Threat Actors Leveraging Dynamic DNS Providers to Use for Malicious Purposes Cybersecurity researchers are raising alarms about a growing threat vector as malicious actors increasingly exploit Dynamic DNS providers to establish robust command and control infrastructure. These publicly rentable subdomain services, traditionally designed for legitimate hosting purposes, have become the preferred platform for threat actors…

Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner cryptominer and a data-stealing payload dubbed Amatera Stealer. Attackers masquerade as the Ukrainian police, sending emails that claim…

Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive data within workflow connections. Apache Airflow…

New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in cybercriminal tactics. The…

Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers…

LummaStealer Technical Details Uncovered Using ML-Based Detection Approach LummaStealer has emerged as one of the most prolific information-stealing malware families in recent years, targeting victims across multiple industry verticals including telecommunications, healthcare, banking, and marketing. The sophisticated malware gained widespread notoriety in early 2025 when cybercriminals extensively deployed it in coordinated campaigns worldwide. Although law…

Researchers Uncovered Connections Between LAPSUS$, Scattered Spider, and ShinyHunters Hacker Groups The cybersecurity landscape continues to evolve as three of the most notorious English-speaking cybercrime groups—LAPSUS$, Scattered Spider, and ShinyHunters—have been found to share significant operational connections, tactical overlaps, and direct collaboration since 2023. These relationships have created what security experts now describe as a…

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft A sophisticated new threat has emerged in the cybersecurity landscape that represents a significant evolution in malware development. The LAMEHUG malware family, first identified by CERT-UA in July 2025, marks a concerning advancement in cyber attack methodology by integrating artificial intelligence directly into its…

New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library, embedding malicious…

Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on…

New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing…