Phishing remains one of the most effective ways attackers infiltrate corporate environments. Today’s phishing campaigns are no longer just poorly written emails with obvious red flags. They’re sophisticated, well-disguised, and tailored to exploit trust in everyday tools your teams use. …
Tag: Cyber Security News
New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device
In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts…
Insecure GitHub Actions in Open Source Projects MITRE and Splunk Exposes Critical Vulnerabilities
A comprehensive security investigation has revealed widespread vulnerabilities in GitHub Actions workflows across major open source repositories, including those maintained by prestigious organizations such as MITRE and Splunk. The discovery highlights a concerning pattern of insecure continuous integration and continuous…
RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices
The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe. This sophisticated malware campaign represents one of the most persistent and evolving cyber threats currently plaguing internet-connected…
Microsoft Defender for Office 365 to Block Email Bombing Attacks
Microsoft has announced a new security capability within its Defender for Office 365 suite aimed at combating the growing threat of email bombing attacks. The feature, officially labeled “Mail Bombing Detection,” will automatically identify and quarantine high-volume email flooding campaigns…
PLA Rapidly Deploys AI Technology Across Military Intelligence Operations
China’s People’s Liberation Army has accelerated its integration of generative artificial intelligence across military intelligence operations, marking a significant shift in how the world’s largest military force approaches data collection, analysis, and strategic decision-making. This technological transformation represents the PLA’s…
Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities
A comprehensive new study reveals the sophisticated architecture behind Russia’s externalized cyber warfare strategy, exposing how the Kremlin systematically exploits private companies, hacktivist collectives, and cybercriminal groups to enhance its digital offensive capabilities while maintaining plausible deniability. The research demonstrates…
Beware of Fake CAPTCHA Pop-Up Windows That Silently Installs LightPerlGirl Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging fake CAPTCHA verification windows to trick users into manually executing malicious PowerShell commands. The newly identified threat, dubbed LightPerlGirl, represents a concerning evolution in social engineering tactics that exploits users’ trust…
System Admins Beware! Weaponized Putty Ads in Bing Installs Remote Access Tools
Cybersecurity experts are sounding the alarm about a sophisticated malware campaign that leverages malicious advertisements targeting system administrators through weaponized PuTTY downloads. This emerging threat represents a significant shift in attack vectors, with malicious advertisements now surpassing traditional phishing methods…
Qilin Emerges as a New Dominant Ransomware Attacking Windows, Linux, and ESXi Systems
Cybersecurity experts are raising alarms as a sophisticated new ransomware strain named Qilin has rapidly gained prominence in the threat landscape, demonstrating unprecedented cross-platform capabilities. The malware has been observed successfully compromising Windows workstations, Linux servers, and VMware ESXi hypervisors…
DMV-Themed Phishing Attacks Targeting U.S. Citizens to Steal Sensitive Data
A sophisticated phishing campaign targeting American citizens has emerged, exploiting the trusted reputation of state Departments of Motor Vehicles to harvest sensitive personal and financial information. In May 2025, cybercriminals launched a coordinated attack that impersonated multiple U.S. state DMVs,…
BlackHat AI Hacking Tool WormGPT Variant Powered by Grok and Mixtral
New variants of the notorious WormGPT hacking tool are emerging, now powered by commercial AI models like xAI’s Grok and Mistral AI’s Mixtral for malicious operations. The original WormGPT emerged in June 2023 as an uncensored generative AI tool built…
VMware Cloud Foundation 9.0 Released With Modern Workloads & AI Services
VMware has officially launched Cloud Foundation 9.0, marking a significant evolution in private cloud technology. Released on June 17, 2025, this major update redefines what a modern private cloud platform can deliver by combining public cloud flexibility with on-premises control,…
SCATTERED SPIDER Using Aggressive Social Engineering Techniques to Deceive IT Support Teams
A wave of sophisticated cyberattacks has swept across major organizations in the UK and US, with sectors ranging from hospitality and telecommunications to finance and retail falling victim to a threat actor known as SCATTERED SPIDER. Unlike traditional ransomware groups…
Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen
A threat actor named “hensi” has reportedly claimed unauthorized access to Scania Financial Services’ insurance[.]scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. While these claims remain unconfirmed by official sources, the incident highlights ongoing vulnerabilities in…
Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware
Cybersecurity researchers have documented a significant surge in attacks utilizing the ClickFix social engineering technique, which has emerged as one of the most effective methods for initial access in modern cyber campaigns. This deceptive tactic tricks users into executing malicious…
Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access
Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. Affecting millions worldwide, these vulnerabilities pose a severe security emergency that demands immediate patching. The first vulnerability exploits PAM configuration weaknesses in…
CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks
CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks. This improper ownership management flaw in the Linux kernel’s OverlayFS subsystem allows local attackers to…
Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!
Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems. The update, rolled out on Tuesday, June 17, 2025, patches three significant…
Threat Actors Attacking Windows System With New Winos 4.0 Malware
A sophisticated threat campaign targeting Windows systems has emerged, leveraging a new strain of malware known as winos 4.0 to compromise organizations across Taiwan. The attack, which has been active since January 2025, demonstrates the evolving tactics of cybercriminals who…