Tag: cyber-security-news

Microsoft Details Kazuar Malware’s Modular Architecture and P2P Botnet Operations A nation-state malware known as Kazuar has resurfaced with a far more dangerous design than anyone expected. What once started as a relatively standard backdoor has now grown into a fully modular, peer-to-peer botnet specifically engineered for long-term, covert espionage against high-value government and diplomatic…

Hackers Abuse Scheduled Tasks to Maintain Persistence in FrostyNeighbor Attacks A state-aligned hacking group known as FrostyNeighbor has resurfaced with a fresh wave of cyberattacks targeting government organizations in Ukraine, using a carefully designed infection chain that is harder than ever to detect. The group, active since at least 2016, has a long history of…

Langflow CVE-2026-33017 Exploited to Steal AWS Keys and Deploy NATS Worker Attackers are now abusing a fresh Langflow vulnerability to quietly steal cloud keys and turn victim systems into workers for a new NATS based botnet. This campaign shows how a single exposed AI workflow tool can become the start of large scale credential theft…

Packagist Urges Immediate Composer Update After GitHub Actions Token Leak Packagist is sounding the alarm for PHP developers everywhere. A flaw in Composer, the widely used PHP dependency manager, briefly caused GitHub authentication tokens to leak into publicly visible CI logs, raising urgent concerns about credential exposure across thousands of active software projects around the…

Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading Iran-linked hackers have been quietly breaking into networks around the world, and their latest campaign is more calculated than anything we have seen from them before. The group known as Seedworm, also tracked as MuddyWater, spent the first quarter of 2026 targeting at least…

New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks A serious security flaw has been found in Exim, one of the most widely deployed mail transfer agents on the internet today. The vulnerability, tracked as EXIM-Security-2026-05-01.1, allows a remote attacker to corrupt server memory and potentially execute malicious code without needing any special privileges or…

Google Enhances Android Mobile Security with New AI-Powered Protections Android smartphones have become the go-to device for billions of people around the world. From banking and messaging to storing personal photos and sensitive documents, people rely on them for almost everything. That reliance has made mobile devices a prime target for scammers, cybercriminals, and threat…

Microsoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2 Microsoft pushed out a significant cumulative update for Windows 11 on May 12, 2026, covering both version 25H2 and version 24H2. The update, identified as KB5089549, brings OS Builds 26200.8457 and 26100.8457 to users running these versions. It bundles the latest security fixes alongside…

Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notorious Magecart group are now hiding credit card skimmers inside Google Tag Manager (GTM) containers, turning…

TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the…

TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps A dangerous Android banking malware known as TrickMo has resurfaced with a powerful new variant, and this time it is more stealthy, more capable, and harder to stop than ever before. The threat is actively targeting users of banking apps, digital wallets, and authenticator applications…

Vidar Malware Targets Browser Credentials, Cookies, Crypto Wallets, and System Data A long-active information stealer is making headlines again, and this time it is targeting more than just passwords. Vidar malware, a credential-harvesting tool in circulation since late 2018, has been observed running through a sophisticated multi-stage attack chain designed to slip past modern security…

JDownloader Downloader Hacked to Infect Users With New Python RAT JDownloader, the popular open-source download manager trusted by millions of users worldwide, was at the center of a serious supply chain attack in early May 2026. Attackers quietly compromised the official jdownloader.org website and replaced legitimate installer download links with malicious files carrying a fully…

New PamDOORa Backdoor Attacking Linux Systems to Steal SSH Credentials A new backdoor called PamDOORa has emerged as a serious and growing threat to Linux systems, targeting one of the most trusted components of the operating system to silently steal SSH credentials. The malware was advertised for sale on a Russian-speaking cybercrime forum called Rehub,…

Hackers Used Claude AI to Attack on Water and Drainage Utility Systems A new threat intelligence report has revealed that an unknown group of hackers used a commercial AI tool to target the systems of a municipal water and drainage utility in Monterrey, Mexico. The attack, which took place in January 2026, marks one of…

New ClickFix Attack Targets macOS Users With Fake Disk Cleanup and Utility Lures A new wave of cyberattacks is putting macOS users in the crosshairs, and this time the bait looks almost too familiar. Attackers are disguising their malware as helpful disk cleanup tools and system utilities, tricking people into running dangerous commands directly on…

Beware of Fake ‘Notepad++ for Mac’ Website, Possibly Could Harm your Machine A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as the official release…

pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain Risk The npm ecosystem has long been a target for supply chain attacks, where threat actors exploit the open nature of public package registries to push malicious code into developer environments. With pnpm 11, the package manager takes a direct step…

Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed The way cyberattacks are launched has fundamentally changed. Threat actors are no longer spending months hunting for software flaws by hand. With artificial intelligence in their toolkit, they can now discover and exploit zero-day vulnerabilities in minutes, placing organizations across every sector…

Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks A new wave of cyberattacks is targeting employees through a combination of inbox flooding and fake IT support contacts on Microsoft Teams, tricking users into handing over remote access to their own devices. These attacks have been growing steadily since the start…

EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins A new and well-planned malware campaign has been actively targeting enterprise administrators, DevOps engineers, and security analysts by hijacking their everyday search habits. Rather than using mass phishing or broad spam waves, threat actors behind this operation have carefully crafted a delivery chain…

China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign A China-aligned threat group has been carrying out a carefully planned espionage campaign against government agencies and critical infrastructure across Asia. The group, tracked under the temporary designation SHADOW-EARTH-053, has been active since at least December 2024, quietly targeting organizations in at least…

Claude-Generated Commit Adds PromptMink Malware to Crypto Trading Agent A new threat has quietly taken root in the software development world, using an AI coding assistant as an unknowing participant in a supply chain attack. A malicious npm package campaign called PromptMink surfaced after being introduced into an open-source autonomous crypto trading project through a…

Novel KarstoRAT RAT Enables Webcam Monitoring, Audio Recording, and Remote Payload Execution A newly identified remote access trojan called KarstoRAT has been found in sandbox analyses and malware repositories since early 2026. The malware gives attackers a broad set of remote-control capabilities over compromised Windows machines, including webcam capture, audio recording, keylogging, screenshot theft, and…

New Vect 2.0 RaaS Operation Targets Windows, Linux, and ESXi Systems A new ransomware group known as Vect 2.0 has entered the global cyberthreat landscape, operating as a full Ransomware-as-a-Service (RaaS) platform that targets Windows, Linux, and VMware ESXi systems. The group first appeared in December 2025 and rapidly scaled its activity through February 2026,…

New VECT 2.0 Ransomware Destroys Files Over 128 KB Across Windows, Linux, and ESXi A newly documented ransomware strain called VECT 2.0 has drawn serious attention from the cybersecurity community for a deeply damaging flaw in its design. Unlike typical ransomware that locks files and demands payment for decryption, VECT 2.0 permanently destroys any file…

New BlueNoroff Campaign Uses Fileless PowerShell and AI-Generated Zoom Lures A dangerous new cyber campaign from North Korea’s Lazarus Group is targeting cryptocurrency and Web3 professionals using fake Zoom meeting interfaces, fileless PowerShell scripts, and AI-generated deepfake content. The group behind this activity is BlueNoroff, a financially motivated subgroup known for stealing digital assets. This…

OilRig Hides C2 Configuration in Google Drive Image Using LSB Steganography A well-known Iranian state-sponsored hacking group called OilRig, also tracked as APT34 and Helix Kitten, has been found hiding its command-and-control (C2) server configuration inside a regular-looking image file stored on Google Drive. The threat group used a technique called LSB (Least Significant Bit)…

Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Evade Detection Vidar, one of the most active information-stealing malware families, has taken on a new shape in 2026. Researchers have found that its latest version now conceals second-stage payloads inside JPEG image files and TXT documents, making it much harder for security tools…

‘fast16’ Malware with Sabotage Capabilities Attacking Ultra expensive Targets The fast16 malware is a recently exposed sabotage‑capable threat designed to target extremely high‑value environments and ultra‑expensive systems with precision. It does not behave like common commodity malware that aims for broad infections, but instead focuses on select victims where disruption or long‑term control can cause…

Hackers Use Fake CAPTCHA Pages to Trigger Costly International SMS Fraud Most internet users are familiar with CAPTCHA tests, simple challenges like selecting traffic lights or typing distorted letters to confirm they are human. But cybercriminals have found a way to weaponize this process. Hackers are now building fake CAPTCHA pages that trick users into…

Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built around a tool called “Bissa scanner,” targeted internet-facing web applications at a massive…