Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature that allows business owners to report ransom demands directly to malicious actors who threaten them…
Category: Cyber Security News
Hackers Hijack Samsung Galaxy Phones via 0-Day Exploit Using a Single WhatsApp Image
A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp. This campaign, active since mid-2024, allowed attackers to deploy commercial-grade Android malware capable of full…
Threat Actors Leveraging RDP Credentials to Deploy Cephalus Ransomware
A newly identified ransomware group, Cephalus, has emerged as a significant threat to organizations worldwide, exploiting stolen Remote Desktop Protocol (RDP) credentials to gain access to networks and deploy powerful encryption attacks. The AhnLab researchers observed in mid-June 2025 that…
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to numerous high-risk hosting networks. Operating from its primary facility at Tornado Datacenter GmbH & Co.…
ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process
ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate victims into executing malicious code directly on their devices through deceptive copy-and-paste mechanisms. The threat…
Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain
Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers have demonstrated that these supposedly safe network management tools can be weaponized to launch powerful…
Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus
A sophisticated banking trojan named Herodotus has emerged as a significant threat to Android users worldwide. Operating as Malware-as-a-Service, this malicious application disguises itself as a legitimate tool to trick users into downloading and installing an APK file outside the…
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn’t a Teams user. This feature raises security…
New Android Malware ‘Fantasy Hub’ Intercepts SMS Messages, Contacts and Call Logs
Russian-based threat actors are distributing a sophisticated Android Remote Access Trojan through underground channels, offering it as a subscription service to other criminals. The malware, identified as Fantasy Hub, enables attackers to conduct widespread surveillance operations on compromised mobile devices,…
New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model
LockBit 5.0 made its debut in late September 2025, marking a significant upgrade for one of the most notorious ransomware-as-a-service (RaaS) groups. With roots tracing back to the ABCD ransomware in 2019, LockBit rapidly grew in sophistication, consistently updating its…
New Phising Attack Targeting Travellers from Hotel’s Compromised Booking.com Account
A sophisticated phishing campaign is actively targeting hotel establishments and their guests through compromised Booking.com accounts, according to research uncovered by security experts. The campaign, dubbed “I Paid Twice” due to evidence of victims paying twice for their reservations, has…
15+ Weaponized npm Packages Attacking Windows Systems to Deliver Vidar Malware
A sophisticated supply-chain attack has emerged targeting Windows systems through compromised npm packages, marking a critical vulnerability in open-source software distribution. Between October 21 and 26, 2025, threat actors published 17 malicious npm packages containing 23 releases designed to deliver…
LeakyInjector and LeakyStealer Malwares Attacks Users to Steal Crypto’s and Browser History
A dangerous two-stage malware threat, LeakyInjector and LeakyStealer, that targets cryptocurrency wallets and personal browser information explicitly. The malware duo works in tandem to steal sensitive data from infected Windows computers. The attack begins when LeakyInjector, the first stage, quietly…
Researchers Evaded Elastic EDR’s Call Stack Signatures by Exploiting Call Gadgets
Security researchers have successfully evaded Elastic EDR’s call stack signature detection by exploiting a technique involving “call gadgets” to bypass the security tool’s behavioral analysis. The Almond research builds on Elastic’s transparent approach to security, as the company publicly shares…
Chinese Hackers Organization Influence U.S. Government Policy on International Issues
China-linked threat actors have intensified their focus on influencing American governmental decision-making processes by targeting organizations involved in shaping international policy. In April 2025, a sophisticated intrusion into a U.S. non-profit organization revealed the persistent efforts of these attackers to…
Amazon WorkSpaces For Linux Vulnerability Let Attackers Extract Valid Authentication Token
Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux that could allow unauthorized users to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpaces. The vulnerability, tracked as CVE-2025-12779, affects multiple client versions…
Cavalry Werewolf Attacking Government Organizations to Deploy Backdoor for Network Access
In July 2025, a sophisticated hacker group known as Cavalry Werewolf executed a targeted campaign against Russian government institutions, compromising critical infrastructure through coordinated phishing operations. The discovery of this campaign reveals a complex attack chain designed to establish persistent…
FreeBSD-based OPNsense Firewall Released for Security Issues and Improvements
OPNsense has released an update focused on eliminating security vulnerabilities and improving firewall performance. The latest version includes third-party security updates, firewall improvements, and fixes that make the system more reliable for network administrators and security professionals. The development team…
Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly
A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a…
NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code
NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems. Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant…