Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small…
Category: Cyber Security News
Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs
A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals. The campaign represents one…
CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks
CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern…
Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection
A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive…
Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database
A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers…
New Android Spyware Disguised as an Antivirus Attacking Business Executives
In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward…
Hackers Using PUP Advertisements to Silently Drop Windows Malware
In recent weeks, cybersecurity investigators have uncovered a novel campaign in which hackers leverage seemingly benign potentially unwanted program (PUP) advertisements to deliver stealthy Windows malware. The lure typically begins with ads promoting free PDF tools or desktop assistants that…
Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts
Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download…
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that…
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware
A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms. By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation…
5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them
As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students,…
Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware
A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote Access Trojan (RAT). This malicious operation targets unsuspecting users by creating static HTML clones of…
Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered
In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the…
Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems. The Italian CRM solution,…
EDR vs MDR – What is the Difference and Which Solution Right for Your Organization?
As cybersecurity threats continue to evolve in complexity and sophistication, organizations face critical decisions about their security infrastructure. Two prominent approaches have emerged as frontrunners in enterprise security: Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). While both solutions aim…
Hackers Can Exploit (eval) or (exec) Python Calls to Execute Malicious Code
A sophisticated obfuscation technique that threat actors are using to bypass detection systems and exploit Python’s eval() and exec() functions for malicious code execution. With over 100 supply chain attacks reported on PyPI in the past five years, these techniques…
Chinese Hacker Jailed for Deploying Kill Switch on Ohio-based Key Company’s Global Network
A Chinese national has been sentenced to four years in federal prison for orchestrating a sophisticated insider cyberattack against his former employer’s global network infrastructure. Davis Lu, 55, utilized his privileged access as a software developer to deploy destructive malware…
Arch Linux Confirms Week-Long DDoS Attack Disrupted its Website, Repository, and Forums
The Arch Linux Project has officially confirmed that its primary infrastructure services have been subjected to an ongoing distributed denial-of-service (DDoS) attack that has persisted for over a week. The attack severely impacted user access to critical resources, including the…
Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools
Over the past year, security teams have observed an uptick in adversaries leveraging native Windows Scheduled Tasks to maintain footholds in compromised environments. Unlike elaborate rootkits or zero-day exploits, these techniques exploit built-in system functionality, enabling threat actors to persist…