The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets…
Category: Cyber Security News
4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities
Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and…
Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware
A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers…
H2Miner Attacking Linux, Windows, and Containers to Mine Monero
The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux…
Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics
Iranian state-sponsored threat actors have significantly escalated their cyber operations, employing sophisticated artificial intelligence-enhanced phishing campaigns to target cybersecurity researchers and academic institutions across Western nations. The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound),…
UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks
Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations…
Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms
An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in…
UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages
A sophisticated espionage campaign targeting multiple Asian jurisdictions has emerged, utilizing weaponized shortcut files and deceptive social engineering techniques to infiltrate high-value targets across China, Hong Kong, and Pakistan. The threat actor, designated UNG0002 (Unknown Group 0002), has demonstrated remarkable…
Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data
Emerging in mid-2023 as an apparent successor to Meiya Pico’s notorious MFSocket, the newly identified Android application Massistant has begun surfacing on confiscated handsets at Chinese border checkpoints and police stations. Unlike conventional spyware that relies on covert remote delivery,…
1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files
A critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure (OCI) Code Editor that allowed attackers to silently hijack victim Cloud Shell environments through a single click. The vulnerability, now remediated, affected Code Editor’s integrated services, including Resource Manager,…
NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution
NVIDIA has released critical security updates addressing two significant vulnerabilities in its Container Toolkit and GPU Operator that could allow attackers to execute arbitrary code with elevated permissions. The vulnerabilities, identified as CVE-2025-23266 and CVE-2025-23267, affect all platforms running NVIDIA…
PyPI Bans Inbox.ru Domains Following Massive 1,500+ Fake Project Uploads
The Python Package Index (PyPI) has implemented an immediate ban on inbox.ru email domain registrations following a sophisticated spam campaign that resulted in over 1,500 fake project uploads across a month-long period. The attack, which began on June 9, 2025,…
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part
A newly disclosed remote code execution (RCE) vulnerability in Microsoft SharePoint has been identified, affecting the deserialization process of WebPart properties. The vulnerability enables attackers to execute arbitrary code through carefully crafted XML payloads embedded within SharePoint Web Parts, potentially…
Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration
Cybercriminals are increasingly leveraging DNS (Domain Name System) tunneling to establish covert communication channels that bypass traditional network security measures. This sophisticated technique exploits the fundamental trust placed in DNS traffic, which typically passes through corporate firewalls with minimal inspection…
GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability
A highly sophisticated malware campaign targeting Microsoft Exchange servers in government and high-tech organizations across Asia. The malware, dubbed GhostContainer, exploits known N-day vulnerabilities to establish persistent backdoor access to critical infrastructure. Key Takeaways1. GhostContainer uses CVE-2020-0688 vulnerability to create…
Threat Actors Weaponized 28+ New npm Packages to Infect Users With Protestware Scripts
A sophisticated protestware campaign has emerged targeting Russian-language users through a network of compromised npm packages, with threat actors weaponizing at least 28 new packages containing nearly 2,000 versions of malicious code. The campaign represents a significant escalation in supply…
Europol Disrupted “NoName057(16)” Hacking Group’s Infrastructure of 100+ Servers Worldwide
A coordinated international cybercrime operation successfully dismantled the pro-Russian hacking network NoName057(16), taking down over 100 servers worldwide and disrupting their central attack infrastructure. The joint operation, dubbed “Eastwood,” coordinated by Europol involved 12 countries and resulted in multiple arrests,…
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure
Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced. This memory overread vulnerability in Citrix NetScaler appliances enables adversaries to exfiltrate sensitive data from kernel space by sending malformed DTLS packets. …
Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025
The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured…
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware
SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP. The operation, attributed to the financially motivated group UNC6148,…