A rapidly evolving campaign is using a Browser-in-the-Browser (BitB) overlay to impersonate Facebook’s login and siphon user credentials. The lure hinges on a deceptive CAPTCHA challenge that seamlessly morphs into a counterfeit Facebook session window, duping victims across desktops and…
Category: Cyber Security News
Bulletproof Hosting Provider Aeza Group Shifting Their Infrastructure to New Autonomous System
Following U.S. Treasury sanctions imposed on July 1, 2025, the notorious bulletproof hosting provider Aeza Group has rapidly migrated its infrastructure to a new autonomous system in an apparent attempt to evade enforcement measures. Cybersecurity researchers at Silent Push detected…
Hackers Leverage Google Forms Surveys to Trick Victims into Stealing Cryptocurrency
Google Forms, praised for friction-free data collection, has become the unlikely staging ground for rapidly spreading crypto-phishing campaign. First detected in late-2024 but surging in Q2 2025, the ploy begins with an unsolicited email containing a legitimate‐looking forms.gle link that…
Malicious Android Apps Mimic as Popular Indian Banking Apps Steal Login Credentials
Attackers are weaponizing India’s appetite for mobile banking by circulating counterfeit Android apps that mimic the interfaces and icons of public-sector and private banks. Surfacing in telemetry logs on 3 April 2025, the impostors travel through smishing texts, QR codes…
New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer
A newly uncovered campaign is exploiting gamers’ enthusiasm for off-beat indie titles to plant credential-stealing malware on machines. Branded installers for nonexistent games such as “Baruda Quest,” “Warstorm Fire,” and “Dire Talon” are pushed through slick YouTube trailers and Discord…
Fire Ant Hackers Exploiting Vulnerabilities in VMware ESXi and vCenter to Infiltrate Organizations
A sophisticated espionage campaign dubbed “Fire Ant” demonstrates previously unknown capabilities in compromising VMware virtualization infrastructure. Since early 2025, this threat actor has systematically targeted VMware ESXi hosts, vCenter servers, and network appliances using hypervisor-level techniques that evade traditional endpoint…
Hive0156 Hackers Attacking Government and Military Organizations to Deploy Remcos RAT
A sophisticated Russian-aligned threat actor known as Hive0156 has intensified its cyber espionage campaigns against Ukrainian government and military organizations, deploying the notorious Remcos Remote Access Trojan through carefully crafted social engineering attacks. The group has demonstrated remarkable persistence in…
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Spoofed Microsoft SharePoint notifications have been a familiar lure for corporate users, but a wave of campaigns traced between March and July 2025 shows a sharp uptick in both volume and sophistication. The operators register look-alike domains such as “sharepoint-online-docs-secure[.]co”…
BlackSuit Ransomware’s Data Leak and Negotiation Portal Seized
A major win against cybercrime happened this week, as authorities from around the world teamed up to take down key websites run by the BlackSuit ransomware gang. If you visit the group’s data leak site or their negotiation portal now,…
Hackers Injected Destructive System Commands in Amazon’s AI Coding Agent
A malicious pull request slipped through Amazon’s review process and into version 1.84.0 of the Amazon Q extension for Visual Studio Code, briefly arming the popular AI assistant with instructions to wipe users’ local files and AWS resources. The rogue…
Elephant APT Group Attacking Defense Industry Leveraging VLC Player, and Encrypted Shellcode
The Dropping Elephant advanced persistent threat group has launched a sophisticated cyber-espionage campaign targeting Turkish defense contractors, particularly companies manufacturing precision-guided missile systems. This malicious operation represents a significant evolution in the group’s capabilities, employing a complex five-stage execution chain…
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups
A critical zero-day vulnerability in Microsoft SharePoint servers has become a playground for threat actors across the cybercriminal spectrum, with attacks ranging from opportunistic hackers to sophisticated nation-state groups since mid-July 2025. On July 19, 2025, Microsoft confirmed that vulnerabilities…
TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing…
First Known LLM-Powered Malware From APT28 Hackers Integrates AI Capabilities into Attack Methodology
The newly revealed LAMEHUG campaign signals a watershed moment for cyber-def: Russian state-aligned APT28 has fused a large language model (LLM) directly into live malware, allowing each infected host to receive tailor-made shell commands on the fly. By invoking the…
NoName057(16)’s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months
The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published on July 22, 2025. The group, which emerged in March 2022 shortly after Russia’s full-scale…
Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files,…
New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy
WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike camera-based systems, this neural pipeline fingerprints the unique way a body distorts Wi-Fi channel state…
Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack
CitrixBleed 2 (CVE-2025-5777) erupted in 2025 when researchers uncovered an out-of-bounds read in Citrix NetScaler ADC and Gateway that lets an unauthenticated request siphon memory straight from the appliance. The flaw is triggered by a malformed POST sent to /p/u/doAuthentication.do,…
Chinese Hackers Attacking Windows Systems in Targeted Campaign to Deploy Ghost RAT and PhantomNet Malwares
Threat researchers are warning of twin Chinese-nexus espionage operations—“Operation Chat” and “Operation PhantomPrayers”—that erupted in the weeks preceding the Dalai Lama’s 90th birthday, exploiting heightened traffic to Tibetan-themed websites to seed Windows hosts with sophisticated backdoors. By compromising a legitimate…
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities
Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The module, designated as pull request #20409 in the Metasploit Framework repository, addresses CVE-2025-53770 and CVE-2025-53771,…