Tag: cyber-security-news

New ‘Foxveil’ Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection A new malware loader called “Foxveil” has been discovered actively targeting systems through legitimate cloud platforms, raising concerns about how threat actors are weaponizing trusted services to bypass security measures. The malware has been operational since August 2025 and has since evolved significantly.…

Noodlophile Malware Creators Evolve Tactics with Fake Job Postings and Phishing Lures The Noodlophile information stealer, originally uncovered in May 2025, has significantly evolved its attack strategies to bypass security measures. Initially, this malware hid behind deceptive advertisements for fake AI video generation platforms on social media, tricking users into downloading malicious ZIP files. These…

Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings every 30 days, and manipulate security…

New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer A sophisticated social engineering campaign is targeting Windows users through fake CAPTCHA verification pages to deliver the StealC information stealer malware. The attack begins when victims visit compromised websites that display fraudulent Cloudflare security checks, tricking them into executing malicious PowerShell commands. The compromised…

Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign A sophisticated cyber campaign has compromised over 1,800 Windows servers globally, using a potent malware strain known as BADIIS. This operation targets Internet Information Services (IIS) environments, transforming legitimate infrastructure into a massive network for SEO poisoning. By hijacking these servers, threat…

Fake CAPTCHA Attacks Emerge as Key Entry Point for LummaStealer Malware Campaigns LummaStealer, a notorious information-stealing malware, has made a significant comeback following a major law enforcement disruption in 2025. This resurgence is characterized by a shift in distribution tactics, moving away from traditional exploit kits towards aggressive social engineering campaigns. Cybercriminals are now leveraging…

Bloody Wolf Hackers Attacking Organizations to Deploy NetSupport RAT and Gain Remote Access Stan Ghouls, a cybercriminal group also known as Bloody Wolf, has launched a sophisticated wave of targeted attacks against organizations across Russia and Uzbekistan. Active since at least 2023, the group focuses heavily on the manufacturing, finance, and IT sectors. While they…

Chinese Hackers Attacking Singapore’s Telecommunications Sector to Compromise Edge Devices Singapore’s telecommunications sector has recently been the target of a highly sophisticated cyber espionage campaign orchestrated by the Advanced Persistent Threat (APT) group known as UNC3886. The details of this extensive intrusion were formally disclosed following Operation CYBER GUARDIAN, a major multi-agency response led by…

Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols A new cyber espionage cluster has recently emerged, focusing its aggressive targeting on Russian government and defense organizations. Active since at least December 2025, the group, designated as Vortex Werewolf, employs a combination of social engineering and legitimate…

New Telegram Phishing Attack Abuses Authentication Workflows to Obtain Full Authorized User Sessions A sophisticated Telegram phishing campaign has re-emerged, marking a significant evolution in how threat actors compromise user accounts. Unlike traditional credential harvesting, this operation does not rely on cloning login pages to steal passwords but instead manipulates the platform’s legitimate authentication infrastructure.…

Transparent Tribe Hacker Group Attacking India’s Startup Ecosystem The threat landscape for India’s technology sector has taken an unexpected turn. A Pakistan-based hacking group called Transparent Tribe has shifted its focus from traditional government targets to the country’s vibrant startup ecosystem, particularly companies working in cybersecurity and intelligence domains. The group, also tracked as APT36,…

Bulletproof Hosting Providers Leverage Legitimate ISPsystem to Supply Servers for Cybercriminals In the constantly shifting landscape of online threats, cybercriminals have found a new way to strengthen their attacks by hiding behind legitimate technology. Late in 2025, a series of ransomware incidents revealed that attackers were using virtual machines provisioned through ISPsystem, a popular platform…

Hackers Leveraging Windows Screensaver to Deploy RMM Tools and Gain Remote Access to Systems Cybersecurity threats are constantly evolving, and a recent campaign highlights a deceptive new tactic where attackers leverage Windows screensaver (.scr) files to compromise systems. This method allows threat actors to deploy legitimate Remote Monitoring and Management (RMM) tools, granting them persistent…

Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts, or important documents.…

APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include maritime and transport organizations in nations such as Poland, Ukraine, and Turkey. The attackers are actively exploiting a critical vulnerability…

New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture A sophisticated new threat has surfaced in the wild, identified as the DesckVB RAT version 2.9. This modular Remote Access Trojan, built on the .NET framework, has been observed in active malware campaigns throughout early 2026. Unlike simple backdoors, this threat demonstrates a high level…

New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…

Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social engineering vector that…

GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but…

Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal…

Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to…

Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for…

DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts…

Google Uncovered Significant Expansion in ShinyHunters Threat Activity with New Tactics The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These cybercriminals use voice phishing and fake credential harvesting websites to steal login information from employees. Once they gain access, they extract sensitive data from…

UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and…

175,000 Exposed Ollama Hosts Enable Code Execution and External System Access A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly…

TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been…

Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting malicious websites. This tactic exploits the…

Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5060+ Downloads A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted malware code that…

Microsoft Exchange Online to Deprecate SMTP AUTH Basic Authentication for Tenants Microsoft is preparing a major security shift for cloud email customers as Exchange Online moves toward deprecating SMTP AUTH Basic Authentication for all tenants. The change targets one of the oldest and weakest ways to sign in to email systems, where usernames and passwords…

Attackers Targeting Canadian Citizens by Exploiting Their Reliance on Digital Services Attackers are increasingly targeting Canadian citizens by abusing their heavy dependence on online government and commercial services. From paying traffic fines and renewing licenses to tracking parcels and booking flights, people now expect these tasks to be quick and digital. Threat actors are taking…