Tag: cyber-security-news

Chinese National Jailed to 46 Months for Laundering Millions of Dollars Stolen from American Investors A Chinese national named Jingliang Su has been sentenced to 46 months in prison for his involvement in a major cryptocurrency fraud scheme targeting American investors. On January 27, 2026, federal courts ordered Su to serve his sentence and pay…

Fake CAPTCHA Attack Leverages Microsoft Application Virtualization (App-V) to Deploy Malware A newly discovered campaign demonstrates a sophisticated approach to delivering information-stealing malware through a combination of social engineering and legitimate Windows components. The attack begins with a deceptive CAPTCHA prompt that tricks users into executing commands manually through the Windows Run dialog, presenting the…

HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe. Recent security research has revealed that this advanced hacker collective is actively upgrading its digital arsenal with enhanced…

Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files Caminho Loader is a new Loader-as-a-Service threat that blends steganography, fileless execution, and cloud abuse to quietly deliver malware across several regions. First seen in March 2025 and believed to originate from Brazil, this service hides .NET payloads inside harmless-looking image files hosted on…

APT Hackers Attacking Indian Government Using GOGITTER Tool and GITSHELLPAD Malware Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The campaign, identified as Gopher Strike, emerged in September 2025 and represents a significant escalation in targeted cyber…

China-Aligned APTs Use PeckBirdy C&C Framework in Multi-Vector Attacks, Exploiting Stolen Certificates Since 2023, a dangerous malware framework called PeckBirdy has emerged as a primary weapon used by Chinese-aligned hacking groups. This JavaScript-based tool serves as a command-and-control platform designed to work across multiple system environments, giving attackers remarkable flexibility in how they deploy their…

New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective at bypassing…

Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware Late December 2025 brought alarming news to Poland as its energy infrastructure became the target of what security experts describe as the country’s largest cyberattack in years. The Russian-aligned Sandworm group, known for orchestrating some of the most damaging attacks on critical infrastructure, emerged as…

20,000 WordPress Sites Affected by Backdoor Vulnerability Allowing Malicious Admin User Creation A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of websites at risk…

North Korean Hackers Adopted AI to Generate Malware Attacking Developers and Engineering Teams North Korea–aligned hackers have launched a new campaign that turns artificial intelligence into a weapon against software teams. Using AI-written PowerShell code, the group known as KONNI is delivering a stealthy backdoor that blends real project content with malicious scripts. This operation…

New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older…

New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the scenes…

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use more than 2,500 validly…

New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework The cybersecurity landscape has entered a dangerous new chapter with the discovery of VoidLink, the first documented advanced malware framework built almost entirely by artificial intelligence. Unlike earlier attempts where inexperienced hackers used AI to create basic malicious…

Attackers Leverages LinkedIn to Deliver Remote Access Trojan Targeting Corporate Environments A sophisticated phishing campaign is actively exploiting LinkedIn’s trusted social media platform to distribute a dangerous remote access trojan to corporate employees. Attackers are leveraging the professional credibility of LinkedIn to craft convincing messages that appear legitimate, making employees more likely to download and…

Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the user’s clipboard,…

Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting credentials, documents, keystrokes, and screenshots…

Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users searching for appliance manuals…

CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy tools online, malicious advertisements…

17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,”…

Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from providers like Google, Microsoft…

Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that attacks targeting these systems…

Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers Threat actors linked to Chinese hosting infrastructure have established a massive network of over 18,000 active command-and-control servers across 48 different hosting providers in recent months. This widespread abuse highlights a serious issue in how malicious infrastructure can hide within trusted networks and…

Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks targeting multiple sectors including federal…

Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web blog to pressure…

New Magecart Attack Steals Customers Credit Cards from Website Checkout Pages A sophisticated web-skimming campaign targeting online shoppers has emerged with renewed intensity in 2026, compromising e-commerce websites and extracting sensitive payment information during checkout processes. The attack, identified as part of the broader Magecart family of threats, represents an evolving challenge to online retail…

Hackers Leverage Browser-in-the-browser Tactic to Trick Facebook Users and Steal Logins Facebook users are increasingly becoming targets of a sophisticated phishing technique that bypasses conventional security measures. With over three billion active users on the platform, Facebook represents an attractive target for attackers seeking to compromise accounts and harvest personal credentials. The primary objective of…

AsyncRAT Leveraging Cloudflare’s Free-Tier Services to Mask Malicious Activities and Detection A recent AsyncRAT campaign is using Cloudflare’s free tier services and TryCloudflare tunnels to hide remote access activity inside normal looking cloud traffic. In these attacks, threat actors send phishing emails that link to a Dropbox hosted ZIP archive named to look like an…

ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details A new wave of attacks is using the ValleyRAT_S2 malware to quietly break into organizations, stay hidden for long periods, and steal sensitive financial information. ValleyRAT_S2 is the second-stage payload of the ValleyRAT family and is written in C++. Once inside a network, it…

Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware Cybersecurity threats continue to evolve with attackers using more creative social engineering techniques to target organizations. A recent threat has emerged involving the Guloader malware, which is being disguised as employee performance reports to trick users into downloading and executing malicious files. This sophisticated attack…

Everest Hacking Group Allegedly Claims Breach of Nissan Motors Everest hacking group has allegedly claimed a major breach of Nissan Motor Co., Ltd., raising fresh concerns about data security at large automotive manufacturers. According to early reports, the cybercrime group says it exfiltrated around 900 GB of sensitive data from the Japanese carmaker, a volume…

New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped, these malicious apps exploit Near Field Communication (NFC) technology, the same wireless technology that powers contactless payments.…