Category: Cyber Security News

A sophisticated banking trojan known as Lampion has resurfaced with an evolved attack strategy, now exploiting fake ClickFix utility lures to harvest sensitive banking credentials from unsuspecting victims. This banking malware, first identified in late 2019, has undergone significant modifications…

Read more →

North Korean state-sponsored hackers have executed what security experts are calling the largest cryptocurrency theft operation to date, successfully stealing an estimated $625 million through an elaborate attack chain that compromised a high-profile macOS developer’s environment and leveraged Amazon Web…

Read more →

In the rapidly evolving cybersecurity landscape of 2025, DragonForce has emerged as a formidable ransomware threat, redefining the hybrid extortion model. First appearing in December 2023 with the launch of its “DragonLeaks” dark web portal, DragonForce has quickly established itself…

Read more →

April wasn’t quiet in the world of cybersecurity. From sneaky fake CAPTCHAs to region-targeted phishing and revamped ransomware, attackers kept busy, refining their tricks and finding new ways to slip past defenses.  Thanks to insights from ANY.RUN researchers, powered by…

Read more →

A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers.  The vulnerability, tracked as CVE-2025-30065 with a CVSS score of 10.0, affects a widely-used data…

Read more →

In a major blow to the cybercriminal ecosystem, Polish authorities have arrested four individuals who allegedly operated a network of Distributed Denial of Service (DDoS) platforms responsible for thousands of cyberattacks worldwide.  The operation, announced on May 7, 2025, dismantled…

Read more →

Cybersecurity researchers at ANY.RUN have uncovered a sophisticated attack leveraging the Diamorphine rootkit to deploy a cryptocurrency miner on Linux systems, highlighting the growing misuse of open-source tools in malicious campaigns. The detailed analysis with ANY.RUN Sandbox exposes a multi-stage…

Read more →

A sophisticated phishing campaign that targets cryptocurrency users through Discord. The campaign has victimized over 30,000 users and resulted in losses exceeding $9 million over the past six months alone, revealing the continued operation of the notorious Inferno Drainer despite…

Read more →

Threat actors linked to the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows prior to its patching on April 8, 2025. The vulnerability, tracked as CVE-2025-29824, affects the Windows Common Log File System (CLFS) driver and allows attackers…

Read more →

CISA along with the FBI, EPA, and Department of Energy, issued an urgent advisory, warning that cyber actors are actively targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems within the U.S. oil and natural gas…

Read more →

A critical security vulnerability in AWS Amplify Studio has been identified, potentially allowing authenticated users to execute arbitrary JavaScript code during component rendering and build processes.  Amazon Web Services (AWS) disclosed and patched this high-severity flaw, tracked as CVE-2025-4318, on…

Read more →

A sophisticated new smishing kit dubbed “Panda Shop” has emerged from China, enabling cybercriminals to steal financial data including Google Pay, Apple Pay, and credit card details. This kit leverages advanced social engineering tactics by impersonating trusted organizations like USPS,…

Read more →

Elastic has disclosed a critical security vulnerability in Kibana, its popular data visualization platform, that could allow attackers to execute arbitrary code.  The vulnerability, identified as CVE-2025-25014, affects multiple versions of Kibana and has received a CVSS score of 9.1…

Read more →

Google has released a critical security update for Chrome, addressing a vulnerability that could allow attackers to execute malicious code through the browser’s WebAudio component.  According to an announcement published on Tuesday, May 6, 2025, the stable channel has been…

Read more →

The cybersecurity landscape has once again been disrupted by the resurgence of the notorious Mirai botnet, which has been actively exploiting command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. This latest campaign leverages two critical vulnerabilities-CVE-2024-6047 and…

Read more →

A devastating ransomware attack has forced Knights of Old, a 160-year-old haulage firm based in Kettering, Northamptonshire, into administration, resulting in 730 job losses and prompting a stark warning from its director to other businesses. Paul Abbott, who served on…

Read more →

A major security breach at Deutsche Bank’s New York datacenter has come to light through a lawsuit filed by a former Computacenter manager who claims he was wrongfully terminated after reporting unauthorized access incidents.  James Papa, previously a service delivery…

Read more →

A federal jury in California has ordered Israeli spyware maker NSO Group to pay WhatsApp approximately $168 million in damages, marking a watershed moment in the fight against commercial cyberespionage. The verdict, delivered on Tuesday, concludes a six-year legal battle…

Read more →

The cybercriminal group UNC3944, which overlaps with public reporting on Scattered Spider, has demonstrated a significant evolution in tactics over the past two years. Initially focusing on telecommunications-related organizations to facilitate SIM swap operations, the group has transformed into a…

Read more →

Artificial Intelligence is rapidly transforming every aspect of technology, offering unprecedented efficiency and business growth opportunities. However, as AI integration deepens in data analytics platforms, a concerning pattern emerges where advanced functionality may inadvertently undermine carefully established security controls. The…

Read more →