Korean cybersecurity researchers have uncovered a sophisticated malware campaign targeting cryptocurrency users worldwide, with ViperSoftX emerging as a persistent threat that continues to evolve its attack methodologies. First identified by Fortinet in 2020, this malware has demonstrated remarkable longevity and…
Category: Cyber Security News
New PathWiper Malware Attacking Critical Infrastructure To Deploy Administrative Tools
A sophisticated cyber attack campaign has emerged targeting Ukraine’s critical infrastructure, utilizing a previously unknown destructive malware variant that researchers have designated “PathWiper.” This latest threat represents a significant escalation in the ongoing cyber warfare landscape, demonstrating advanced capabilities designed…
Beware of Fake AI Business Tools That Hides Ransomware
Cybercriminals are exploiting the growing demand for artificial intelligence solutions by disguising ransomware within legitimate-looking AI business tools, according to recent security research. This emerging threat specifically targets small businesses and entrepreneurs seeking to integrate AI capabilities into their operations,…
Chrome Extensions Vulnerability Exposes API Keys, Secrets, and Tokens
A significant security vulnerability affecting millions of Chrome extension users has been discovered, revealing widespread exposure of sensitive API keys, secrets, and authentication tokens directly embedded in extension code. This critical flaw stems from developers hardcoding credentials into their JavaScript…
Microsoft Unveils European Security Program to Target Cybercriminal Networks
To combat malicious actors across Europe, Microsoft has introduced a comprehensive European Security Program designed to tackle sophisticated cybercriminal networks targeting European infrastructure. Announced in Berlin on June 4, 2025, the initiative specifically targets ransomware groups and state-sponsored threat actors…
US to Offer $10 Million Reward for Details About RedLine Malware Developer
The United States Department of State’s Rewards for Justice program has announced a substantial bounty of up to $10 million for information leading to the identification or location of individuals involved in malicious cyber activities against U.S. critical infrastructure. The…
BADBOX 2.0 Infected Over 1 Million Android Devices Worldwide
A sophisticated new variant of the BADBOX malware has successfully compromised over one million Android devices across multiple continents, representing one of the most significant mobile security breaches of 2025. This advanced persistent threat demonstrates enhanced evasion capabilities and has…
HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code
Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse directories, and access sensitive information. The vulnerabilities affect versions prior to 7.15.0.646 and pose significant risks to enterprise infrastructure management…
Iranian APT ‘BladedFeline’ Stays Silent in Organizations Network for 8 Years
A sophisticated Iranian cyberespionage group has maintained undetected access to government networks across Iraq and the Kurdistan Regional Government for nearly eight years, representing one of the longest-running advanced persistent threat campaigns in the Middle East. The group, designated as…
Hackers Using New Sophisticated iMessage 0-Click Exploit to Attack iPhone Users
A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…
AMOS macOS Stealer Distributed Via Clickfix Bypasses macOS Security & Execute Malware
A sophisticated malware campaign has emerged targeting macOS users through typo-squatted domains mimicking Spectrum, the major U.S. telecommunications provider. The attack employs a new variant of Atomic macOS Stealer (AMOS) disguised as a CAPTCHA verification system, demonstrating cybercriminals’ evolving tactics…
CISA Warns of Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code
CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine that is being actively exploited by cybercriminals to execute arbitrary code on victims’ systems. On June 5, 2025, CISA added CVE-2025-5419 to its…
DCRat Attacking Users In Latin America To Steal Banking Credentials
A sophisticated malware campaign targeting Latin American users has emerged as a significant threat to the region’s banking sector, with cybercriminals deploying the DCRat banking trojan through elaborate phishing schemes designed to steal financial credentials. The malicious operations, which have…
SCATTERED SPIDER Hackers Attacking IT Support Teams & Bypass Multi-Factor Authentication
A sophisticated cybercriminal group known as SCATTERED SPIDER has emerged as one of the most dangerous threats facing organizations today, demonstrating an alarming ability to bypass multi-factor authentication through cunning social engineering tactics targeting IT support teams. This threat actor,…
Threat Actors Using Malware Loaders To Bypass Android 13+ Accessibility Restrictions
Cybercriminals have successfully circumvented Google’s Android 13 security enhancements designed to prevent malicious applications from abusing accessibility services, according to recent threat intelligence findings. The tech giant implemented these restrictions specifically to block accessibility access for sideloaded applications, a measure…
Cisco IMC Vulnerability Attackers to Access Internal Services with Elevated Privileges
A significant vulnerability in Cisco’s Integrated Management Controller (IMC) that allows malicious actors to gain elevated privileges and access internal services without proper authorization. This vulnerability poses substantial risks to enterprise networks relying on Cisco’s server management infrastructure, potentially enabling…
New Eleven11bot Hacked 86,000 IP Cameras for Massive DDoS Attack
The cybersecurity landscape faces a growing threat from sophisticated botnet operations targeting Internet of Things (IoT) devices, with recent developments highlighting the vulnerability of connected cameras and smart devices. While specific details about the Eleven11bot malware remain limited in publicly…
Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate as Managed Devices
A high-severity vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC) that could allow unauthenticated attackers to impersonate managed network devices through compromised SSH connections. The vulnerability, tracked as CVE-2025-20163, carries a CVSS base score of 8.7 and…
VMware NSX XSS Vulnerability Allows Attackers to Inject Malicious Code
Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway…
WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins
A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security. Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges,…