Tag: cyber-security-news

New ClickFix Attack Uses Fake Windows BSOD Screens to Trick Users into Executing Malicious Code A sophisticated malware campaign called PHALTBLYX has emerged, combining social engineering deception with advanced evasion techniques to compromise hospitality sector organizations. The attack chain begins with phishing emails impersonating Booking.com, featuring urgent reservation cancellation alerts with large financial charges displayed…

Threat Actors Hacked Global Companies via Leaked Cloud Credentials from Infostealer Infections Dozens of major global enterprises have been breached through a surprisingly simple yet devastating attack vector: stolen credentials extracted from infostealer malware. A threat actor operating under the nickname “Zestix” and his alias “Sentap” has been systematically accessing corporate cloud storage platforms, including…

Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication credentials that could…

Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically, not complete device access. The group…

RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to…

Potential Wallet Phishing Campaign Targets Cardano Users via ‘Eternl Desktop’ Announcement A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed for secure Cardano token…

Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics After a decade of disappearing from the cybersecurity landscape, the Careto threat group, also known as “The Mask,” has resurfaced with sophisticated new attack methods targeting high-profile organizations. Security researchers have identified fresh evidence of Careto’s activity, revealing how the group…

Self-Propagating GlassWorm Weaponizing VS Code Extensions to Attack macOS Users A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads. The fourth wave introduces several…

New Cybercrime Tool ErrTraffic Let Attackers Automate ClickFix Attacks A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages push people to manually execute malicious…

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational sophistication rarely seen…

Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits against enterprise software. This shift fundamentally challenges…

Threat Actors Advertising AI-Enhanced Metamorphic Crypter with Claims of Windows Defender Bypass Dark web forums have become a marketplace for sophisticated malware tools, with threat actors continuously refining their capabilities to stay ahead of security solutions. The latest concerning development involves an emerging AI-powered crypter service that promises unprecedented evasion abilities, putting enterprise environments at…

Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack demonstrates a significant…

Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses.…

EmEditor Editor Website Hacked to Deliver Infostealer Malware in Supply Chain Attack A major supply chain attack targeting EmEditor, a widely used text editor software, has exposed millions of users to sophisticated infostealer malware. Between December 19 and December 22, 2025, the official EmEditor website fell victim to unauthorized modification, serving compromised installer files to…

Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable disguised as a tax-related…

New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string “OUTL,” has been…

Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to another without facing obstacles. However,…

Evasive Panda APT Using AitM Attack and DNS Poisoning to Deliver Malware The Evasive Panda APT group, also known as Bronze Highland, Daggerfly, and StormBamboo, has been running targeted campaigns since November 2022, using advanced techniques to deliver the MgBot malware. The group employs adversary-in-the-middle attacks combined with DNS poisoning to compromise specific victims across…

Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations Security researchers at Seqrite Labs have identified a campaign called Operation IconCat, targeting Israeli organizations with weaponized documents designed to look like legitimate security tools. The attacks began in November 2025 and have compromised multiple companies across information technology, staffing services, and…

Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass A malicious actor known as AlphaGhoul has begun promoting a tool called NtKiller, designed to silently shut down antivirus software and endpoint detection tools. The tool was posted on an underground forum where criminals gather to buy and sell hacking services.…

WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users A new malware campaign has surfaced that uses GitHub repositories to spread the WebRAT malware by disguising it as proof-of-concept exploits and gaming utilities. The malware targets users searching for game cheats, pirated software, and application patches, particularly for popular titles like Rust,…

Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over 2,180 users through the…

Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The discovery reveals how sophisticated threat actors repurpose benign software to gain complete control over compromised systems while evading traditional security…

Hackers Using ClickFix Technique to Hide Images within the Image Files Threat actors have evolved their attack strategies by combining the deceptive ClickFix social engineering lure with advanced steganography techniques to conceal malicious payloads within PNG image files. This sophisticated approach, discovered by Huntress analysts, represents a significant shift in how cybercriminals deliver information-stealing malware…

Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are…

BlueDelta Hackers Attacking Users of Widely Used Ukrainian Webmail and News Service A new credential-harvesting campaign has been discovered targeting users of UKR.NET, a popular Ukrainian webmail and news platform. The attacks are linked to BlueDelta, a Russian state-sponsored hacker group also known as APT28, Fancy Bear, and Forest Blizzard. This group has been running…

Clop Ransomware Group Exploiting Gladinet CentreStack Servers to Steal Data The Clop ransomware group has launched a new data extortion campaign targeting Internet-facing Gladinet CentreStack file servers, marking another chapter in the threat actor’s pattern of exploiting file transfer solutions. The campaign appears to leverage multiple security weaknesses in CentreStack and its sister product Triofox,…

China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware A sophisticated cyberespionage campaign targeting governmental entities in Southeast Asia and Japan has unveiled a new China-aligned threat actor dubbed LongNosedGoblin. Active since at least September 2023, this advanced persistent threat (APT) group distinguishes itself by leveraging a diverse toolset of custom C#/.NET malware families.…

Kimwolf Android Botnet Hijacked 1.8 Million Android Devices Worldwide A massive botnet targeting Android devices has emerged as one of the most significant threats in the cybersecurity landscape today. Named Kimwolf, this sophisticated malware has compromised approximately 1.8 million Android devices worldwide, including smart TVs, set-top boxes, tablets, and other Android-based systems. Security researchers discovered…

New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within their own interface icons.…

BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass standard email security…

APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been recognized as a state-sponsored actor with…

Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift in tactics. Instead of focusing…