Tag: cyber-security-news

Wikipedia Lost Legal Battle Against The UK’s Online Safety ACT Regulations Wikipedia has suffered a significant legal defeat in its attempt to avoid being classified under the UK’s stringent Online Safety Act regulations. The High Court ruled against the Wikimedia Foundation and a Wikipedia user, known only as “BLN,” who challenged the Secretary of State’s…

Scattered Spider With New Telegram Channel List Organizations It Attacked In early August 2025, a previously quiet cybercrime collective known as Scattered Spider resurfaced with a striking new Telegram channel that aggregates proof of its intrusions and data exfiltration operations. The channel name fuses ShinyHunters, Scattered Spider, and Lapsus$, signaling a collaboration—or at least a…

Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package Index (PyPI). The attack leverages typosquatting techniques to deceive developers and users into installing compromised versions of legitimate Bittensor packages, ultimately resulting in…

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan…

5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines A sophisticated cybercriminal enterprise operating over 5,000 fraudulent online pharmacy websites has been exposed in a comprehensive investigation, revealing one of the largest pharmaceutical fraud networks ever documented. This massive operation, orchestrated by a single threat actor group, targets vulnerable individuals seeking prescription medications through deceptive digital…

DarkCloud Stealer Employs New Infection Chain and ConfuserEx-Based Obfuscation A sophisticated information-stealing malware campaign has emerged, utilizing advanced obfuscation techniques and multiple infection vectors to evade traditional security controls. The DarkCloud Stealer, first documented in recent threat intelligence reports, represents a significant evolution in cybercriminal tactics, employing a complex multi-stage delivery mechanism that begins with…

Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen $1 Million from Victims A sophisticated cybercriminal operation known as GreedyBear has orchestrated one of the most extensive cryptocurrency theft campaigns to date, deploying over 650 malicious tools across multiple attack vectors to steal more than $1 million from unsuspecting victims. Unlike traditional threat groups that…

HashiCorp Vault 0-Day Vulnerabilities Let Attackers Execute Remote Code Security researchers uncovered a series of critical zero-day vulnerabilities in HashiCorp Vault in early August 2025, the widely adopted secrets management solution. These flaws, spanning authentication bypasses, policy enforcement inconsistencies, and audit-log abuse, create end-to-end attack paths that culminate in remote code execution (RCE) on Vault…

Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data Cybercriminals are increasingly exploiting Remote Monitoring and Management (RMM) software to gain unauthorized access to corporate systems, with a sophisticated new attack campaign demonstrating how legitimate IT tools can become powerful weapons in the wrong hands. This emerging threat leverages the…

Bing Search Poisoned to Deliver Bumblebee Malware for ‘ManageEngine OpManager’ Searches A sophisticated search engine optimization (SEO) poisoning campaign that exploited Bing search results to distribute Bumblebee malware, ultimately leading to devastating Akira ransomware attacks. The campaign, active throughout July 2025, specifically targeted users searching for legitimate IT management software, demonstrating how threat actors continue…

New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data A sophisticated new Android malware campaign has emerged targeting Indian banking customers through convincing impersonations of popular financial applications. The malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and…

Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account named “Widevineleak,” has triggered…

Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious commands on victim…

Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025, this state-sponsored operation…

SafePay Ransomware Infected 260+ Victims Across Multiple Countries A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity targeting just over 20 victims, has dramatically…

Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the…

LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries…

Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been considered “more art…

Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing embedded links…

Navigating APTs – Singapore’s Cautious Response to State-Linked Cyber Attacks Singapore’s cybersecurity landscape faced a significant challenge in July 2025 when Coordinating Minister K. Shanmugam disclosed that the nation was actively defending against UNC3886, a highly sophisticated Advanced Persistent Threat (APT) group targeting critical infrastructure. The revelation, announced during the Cyber Security Agency’s 10th anniversary…

APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks The maritime industry, which facilitates approximately 90% of global trade, has emerged as a critical battleground for advanced persistent threat (APT) groups deploying sophisticated ransomware campaigns. This surge in cyber warfare represents a paradigm shift where state-sponsored hackers and financially motivated threat actors are…

Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature A sophisticated new Linux variant of Gunra ransomware has emerged, marking a significant escalation in the threat group’s cross-platform capabilities since its initial discovery in April 2025. The ransomware, which drew inspiration from the notorious Conti ransomware techniques, has…

Qilin Ransomware Leverages TPwSav.sys Driver to Disable EDR Security Measures Cybercriminals have once again demonstrated their evolving sophistication by weaponizing an obscure Toshiba laptop driver to bypass endpoint detection and response systems. The Qilin ransomware operation, active since July 2022, has incorporated a previously unknown vulnerable driver called TPwSav.sys into their attack arsenal, enabling them…

Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web A financially motivated threat actor known as Lionishackers has emerged as a significant player in the illicit marketplace for corporate data in recent months. Leveraging opportunistic targeting and a preference for Asian-based victims, the group employs automated SQL injection tools to breach database servers,…

Malicious Android Apps Mimic as Popular Indian Banking Apps Steal Login Credentials Attackers are weaponizing India’s appetite for mobile banking by circulating counterfeit Android apps that mimic the interfaces and icons of public-sector and private banks. Surfacing in telemetry logs on 3 April 2025, the impostors travel through smishing texts, QR codes and search-engine poisoning,…

New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer A newly uncovered campaign is exploiting gamers’ enthusiasm for off-beat indie titles to plant credential-stealing malware on machines. Branded installers for nonexistent games such as “Baruda Quest,” “Warstorm Fire,” and “Dire Talon” are pushed through slick YouTube trailers and Discord download links…

GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u cybercrime forum, marketing it as…

Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social…