A sophisticated cyber intrusion targeting critical national infrastructure (CNI) in the Middle East has been uncovered, revealing a long-term espionage operation attributed to an Iranian state-sponsored threat group. The attack, which persisted from May 2023 to February 2025, with potential…
Category: Cyber Security News
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies
Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. A concerning trend has emerged where cybercriminals are successfully bypassing MFA through adversary-in-the-middle…
New MintsLoader Drops GhostWeaver via Phishing & ClickFix Attack
A sophisticated new malware loader dubbed “MintsLoader” has emerged in the cybersecurity landscape, serving as a delivery mechanism for a previously undocumented backdoor called “GhostWeaver.” Security researchers have observed a significant spike in targeted attacks against financial institutions and healthcare…
New Subscription-Based Scams Attacking Users to Steal Credit Card Data
A sophisticated wave of subscription-based scams is sweeping across the internet, specifically designed to steal credit card information from unsuspecting users. These fraudulent operations have evolved beyond simple phishing attempts, now employing complex psychological tactics and convincing digital storefronts to…
New StealC V2 Expands to Include Microsoft Software Installer Packages and PowerShell Scripts
StealC, a popular information stealer and malware downloader that has been active since January 2023, has received a significant update with the introduction of version 2 (V2) in March 2025. This latest iteration brings substantial enhancements to the malware’s capabilities,…
New Report Warns of Ransomware Actors Building Organizational Structure For Complex Attacks
A new report by Coveware reveals a significant shift in the ransomware landscape, with threat actors evolving their organizational structures to execute increasingly complex attacks. As we approach the one-year anniversary of the collapse of prominent ransomware groups LockBit and…
New Stealthy NodeJS Backdoor Infects Users via CAPTCHA Verifications
A sophisticated malware campaign has emerged that deploys stealthy NodeJS backdoors through deceptive CAPTCHA verification screens, security researchers revealed today. This campaign represents a growing trend of threat actors exploiting seemingly legitimate security measures to distribute malicious code, targeting users…
Microsoft Exchange Online Flagging Gmail Emails as Spam – Fixes Issued
Microsoft has resolved a widespread issue with its Exchange Online service that caused legitimate emails from Gmail accounts to be incorrectly identified as spam and quarantined. The problem, which began on April 25, affected numerous organizations using Microsoft 365 and…
Hackers Weaponizing Go Modules to Deliver Disk-Wiping Malware Leads to Data Loss
A devastating new supply-chain attack has emerged in the Go ecosystem, with attackers deploying highly destructive disk-wiping malware through seemingly legitimate modules. This sophisticated attack exploits the inherent openness of Go’s package ecosystem, where developers routinely source modules directly from…
ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats
ANY.RUN, a leading cybersecurity firm, has released its Q1 2025 Malware Trends Report, offering critical insights into the dynamic cyber threat landscape. Drawing from data analyzed by 15,000 companies and 500,000 analysts within ANY.RUN’s Interactive Sandbox delivers actionable intelligence to…
macOS Sandbox Escape Vulnerability Allows Keychain Deletion and Replacement
A security vulnerability in macOS has been discovered. It allows malicious actors to escape the App Sandbox protection by manipulating security-scoped bookmarks. Tracked as CVE-2025-31191, this vulnerability enables a threat actor to delete and replace a keychain entry critical for authenticating file…
Unmasking AI in Cybersecurity – From Dark-Web Tactics to Next-Gen Defenses
Artificial intelligence is fundamentally reshaping the cybersecurity landscape, introducing both unprecedented defensive capabilities and alarming new attack vectors. The rapid evolution of generative AI and large language models (LLMs) has created a technological inflection point where digital identity verification mechanisms-including…
State-Sponsored Hacktivism Attacks on The Rise, Rewrites Cyber Threat Landscape
The global cybersecurity landscape is witnessing an alarming paradigm shift as state-sponsored hacktivism attacks have surged dramatically in recent months, blurring the traditional boundaries between politically motivated activism and sophisticated nation-state operations. These hybrid threats combine the ideological zeal of…
15 Billion User Gain Passwordless Access to Microsoft Account Using Passkeys
As the first-ever World Passkey Day replaces the traditional World Password Day, Microsoft joins the FIDO Alliance in celebrating a milestone achievement: over 15 billion online accounts now have access to passwordless authentication through passkeys. This significant shift marks a…
15 PostgreSQL Monitoring Tools – 2025
PostgreSQL monitoring tools are essential for database administrators to ensure the optimal performance, availability, and reliability of PostgreSQL databases. These tools provide real-time insights into performance metrics, such as query execution times, CPU usage, memory consumption, and disk I/O, helping…
CISA Releases ICS Advisories Targeting Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released two Industrial Control Systems (ICS) advisories today, addressing critical security vulnerabilities that could potentially impact multiple critical infrastructure sectors including healthcare, manufacturing, energy, transportation, and water systems. The advisories, labeled ICSA-25-121-01…
Hackers Abuse IPv6 Stateless Address For AiTM Attack Via Spellbinder Tool
A sophisticated cyber threat has emerged in recent weeks as threat actors have developed a new technique leveraging IPv6 stateless addressing to conduct Adversary-in-the-Middle (AiTM) attacks. The attack relies on a novel tool called “Spellbinder” that manipulates IPv6 neighbor discovery…
7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands
A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google’s SMTP infrastructure as a command-and-control mechanism. The campaign involved seven malicious packages – Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb – which…
Windows RDP Bug Allows Login With Expired Passwords – Microsoft Confirms No Fix
Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log into Windows machines using passwords that have already been changed or revoked. The company says it has no plans to change this behavior, describing it as an…
Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware
Cybersecurity experts have identified a sophisticated hacking tool called “Eye Pyramid” being actively deployed in malicious campaigns since mid-January 2025. This tool, originally open-sourced on GitHub in 2022, has only recently gained traction among threat actors, leveraging Python to deploy…