A sophisticated text message phishing campaign originating from China has emerged as one of the most extensive cybersecurity threats targeting users worldwide. The operation, attributed to a threat collective known as the Smishing Triad, represents a massive escalation in SMS-based…
Category: Cyber Security News
New Caminho Malware Loader Uses LSB Steganography and to Hide .NET Payloads Within Image Files
A sophisticated malware operation has emerged from Brazil, leveraging advanced steganographic techniques to conceal malicious payloads within seemingly harmless image files. The Caminho loader, active since at least March 2025, represents a growing threat to organizations across South America, Africa,…
CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of…
New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts
A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies…
Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers
An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics and fraudulent financial aid promises. The campaign, dubbed “Vulnerability Vultures,” primarily focuses on older adults who represent lucrative targets for threat actors. According to the…
TransparentTribe Attack Linux-Based Systems of Indian Military Organizations to Deliver DeskRAT
TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage operations targeting Linux-based systems of Indian military and defense organizations. The campaign, initially documented in July 2025 by CYFIRMA with activity traced back to June…
Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks
As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on digital gift card systems. The Jingle Thief campaign, orchestrated by financially motivated threat actors based in Morocco, has emerged as a notorious campaign exploiting seasonal…
New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer
A sophisticated Python-based remote access trojan has emerged in the gaming community, disguising itself as a legitimate Minecraft client to compromise unsuspecting users. The malware, identified as a multi-function RAT, leverages the Telegram Bot API as its command and control…
Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave
The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with Warlock ransomware began exploiting a critical zero-day vulnerability in Microsoft SharePoint. Discovered on July 19, 2025, the ToolShell vulnerability, tracked as CVE-2025-53770, became a primary…
SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware
The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that leverages ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets across South Asia. In September 2025, security researchers detected a targeted campaign affecting…
New Red Teaming Tool RedTiger Attacking Gamers and Discord Accounts in the Wild
RedTiger is an open-source red-teaming tool repurposed by attackers to steal sensitive data from Discord users and gamers. Released in 2025 on GitHub, RedTiger bundles penetration-testing utilities, including network scanners and OSINT tools. But its infostealer module has gone rogue,…
MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations
The Advanced Persistent Threat group MuddyWater, widely recognized as an Iran-linked espionage actor, has orchestrated a sophisticated phishing campaign targeting more than 100 government entities and international organizations across the Middle East, North Africa, and beyond. The operation, which became…
Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet
Amazon Web Services (AWS), the backbone for countless websites and services, faced a severe outage last weekend that disrupted operations for millions. The incident, which unfolded in the early hours of October 20, 2025, exposed vulnerabilities in even the most…
New PhantomCaptcha RAT Weaponized PDFs to Deliver Malware Using ‘ClickFix’-Style Cloudflare Captcha Pages
A sophisticated spearphishing campaign has emerged targeting humanitarian organizations and Ukrainian government agencies, leveraging weaponized PDF attachments and fake Cloudflare verification pages to distribute a dangerous WebSocket-based remote access trojan. The operation, first uncovered in early October 2025, demonstrates a…
Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750
The hacking community celebrated the end of Pwn2Own Ireland 2025. Researchers demonstrated their skills by identifying 73 unique zero-day vulnerabilities across different devices. The event, hosted by the Zero Day Initiative (ZDI), distributed a staggering $1,024,750 in prizes, highlighting the…
HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID
The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook…
New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient
Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment…
Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen
Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer…
Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing…
SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels
A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design, utilizing the BNB Smart Chain Testnet as a resilient dead-drop resolver for its C2 infrastructure.…