A fresh wave of malicious Android Package Kit (APK) files is weaving together two of cybercrime’s most reliable revenue streams—click-fraud advertising and credential theft—into a single, adaptable threat that has begun circulating across Southeast Asia, Latin America, and parts of…
Tag: Cyber Security News
ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection
A critical security vulnerability in ExpressVPN Windows desktop application that could expose users’ real IP addresses when using Remote Desktop Protocol (RDP) connections. The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and…
Wireshark 4.4.8 Released With Bug Fixes and Updated Protocol Support
Wireshark Foundation has announced the availability of Wireshark 4.4.8, the latest maintenance release of the world’s most widely used network-protocol analyzer. Although the update does not introduce brand-new protocols, it delivers a focused package of stability improvements, expanded dissector capabilities,…
GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments
A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u…
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day
Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft confirmed over the weekend that threat actors are actively exploiting two zero-day vulnerabilities in on-premises SharePoint servers,…
Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack
Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients. The breach, discovered in May 2025, involved unauthorized access to customer databases containing…
Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT
A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics,…
DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools
A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named…
Developers Beware of npm Phishing Email That Steal Your Login Credentials
A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical…
Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens
A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate…
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
Cybercriminals have escalated their attack sophistication by utilizing legitimate cloud storage services to distribute advanced malware, as demonstrated in a recent campaign targeting a certified public accounting firm in the United States. The attack, discovered in May 2025, showcases how…
NailaoLocker Ransomware Attacking Windows Systems Using Chinese SM2 Cryptographic Standard
FortiGuard Labs has discovered a sophisticated new ransomware strain called NailaoLocker that represents a significant departure from conventional encryption malware. This Windows-targeting threat introduces the first documented use of China’s SM2 cryptographic standard in ransomware operations, marking a notable shift…
Weak Password Let Ransomware Gang Destroy 158-Year-Old Company
A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to…
Microsoft’s AppLocker Flaw Allows Malicious Apps to Run and Bypass Restrictions
A critical configuration flaw in Microsoft’s AppLocker block list policy has been discovered, revealing how attackers could potentially bypass security restrictions through a subtle versioning error. The issue centers on an incorrect MaximumFileVersion value that creates an exploitable gap in…
Surveillance Company Using SS7 Bypass Attack to Track the User’s Location Information
A surveillance company has been detected exploiting a sophisticated SS7 bypass technique to track mobile phone users’ locations. The attack leverages previously unknown vulnerabilities in the TCAP (Transaction Capabilities Application Part) layer of SS7 networks to circumvent security protections implemented…
CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild
CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-53770, poses a significant security risk to…
Dell Data Breach – Test Lab Platform Hacked by World Leaks Group
Dell Technologies has confirmed a security breach of its Customer Solution Centers platform by the World Leaks extortion group, marking another high-profile attack by the newly rebranded threat actor. The incident, which occurred earlier this month, targeted Dell’s isolated product…
APT41 Hackers Leveraging Atexec and WmiExec Windows Modules to Deploy Malware
The notorious Chinese-speaking cyberespionage group APT41 has expanded its operations into new territories, launching sophisticated attacks against government IT services across Africa using advanced Windows administration modules. This represents a significant geographical expansion for the group, which has previously concentrated…
New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies
A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025…
Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks
A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks. The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS…