Cybersecurity researchers at Trustwave have discovered a sophisticated malware campaign targeting Microsoft Outlook users to steal their login credentials. The Strela Stealer, named after the Russian word for “Arrow,” has been actively targeting systems since late 2022, with a precise…
Tag: Cyber Security News
Developer Pleads Guilty For Sabotaging Company’s Computer Systems With Malware
A federal jury convicted Davis Lu, a 55-year-old former software developer at Eaton Corp., on charges of intentionally crippling the company’s internal computer systems through malicious code designed to activate upon his termination. The verdict, delivered Friday after a six-day…
Medusa Ransomware Attacks Grown By 42% With New Tools & Techniques
Medusa ransomware attacks have surged by 42% between 2023 and 2024, with activity continuing to escalate into 2025. Almost twice as many Medusa attacks were observed in January and February 2025 compared to the first two months of 2024, indicating…
New PyPI Malware Tricking Developers To Gain Access To Ethereum Wallets
The Socket Research Team has discovered a sophisticated malicious PyPI package named ‘set-utils’ designed to steal Ethereum private keys from unsuspecting developers. This package, which has been downloaded over 1,000 times since January 29, 2025, disguises itself as a simple…
Threat Actor Allegedly Selling Bruteforcer for Cisco VPN
A threat actor has surfaced on underground forums, allegedly offering tools designed to exploit Cisco VPNs via brute force and credential-checking attacks. These tools, marketed as a “checker” and “bruteforcer,” are tailored to target Cisco VPN services, raising significant cybersecurity…
Researchers Jailbreaked 17 Popular LLM Models To Communicate Sensitive Data
A comprehensive study by Palo Alto Networks’ Unit 42 has revealed that 17 popular generative AI web applications remain vulnerable to various jailbreaking techniques. These vulnerabilities potentially allow malicious actors to bypass AI safety mechanisms to extract sensitive information or…
Phantom Goblin Leveraging Social Engineering Tactics To Deliver Stealer Malware
Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated malware operation named ‘Phantom Goblin’ that employs deceptive social engineering techniques to distribute information-stealing malware. The attack begins with RAR file attachments containing malicious shortcut (LNK) files disguised as legitimate…
New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser
SquareX’s research team has recently uncovered a sophisticated browser attack technique that allows malicious extensions to impersonate any extension installed on a victim’s browser. This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and…
Threat Actors Exploited PHP-CGI RCE Vulnerability To Attack Windows Machines
Cisco Talos recently uncovered a series of sophisticated cyberattacks exploiting a critical PHP vulnerability to compromise Windows machines. The malicious activities conducted by unknown attackers have been ongoing since January 2025, predominantly targeting organizations in Japan across various business sectors…
Thinkware Dashcam Vulnerability Let Attackers Extract the Credentials in Plain-text
A series of critical vulnerabilities in Thinkware’s F800 Pro dashcam has revealed systemic security flaws, including the exposure of user credentials in plain text, default authentication bypasses, and insecure data storage practices. These issues, disclosed between November 2024 and March…
Peaklight Malware Attacking Users To Exfiltrate Login Credentials, Browser History & Financial Data
A sophisticated information stealer known as Peaklight is actively targeting Windows users worldwide. This malware, identified on March 6, 2025, is designed to harvest sensitive information from compromised endpoints, creating significant risks for both individuals and organizations. Peaklight utilizes a…
New North Korean Moonstone Sleet Employs Creative Tactics To Deploy Custom Ransomware
Cybersecurity researchers have identified a sophisticated ransomware campaign attributed to a North Korean threat actor dubbed “Moonstone Sleet.” The group has deployed an advanced custom ransomware strain targeting financial institutions and cryptocurrency exchanges across Southeast Asia and Europe, demonstrating evolving…
Apache Traffic Server Vulnerabilities Let Attackers Perform Malformed Requests
The Apache Software Foundation has issued urgent patches for multiple high-severity vulnerabilities in Apache Traffic Server (ATS), its enterprise-grade caching proxy server. Four distinct flaws (CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202) enable threat actors to execute request smuggling attacks, bypass access…
Akira Ransomware Attacking Windows Server via RDP & Evades EDR Using Webcam
A sophisticated ransomware group called Akira has been responsible for approximately 15% of cybersecurity incidents in 2024. The threat actor has deployed novel techniques to bypass security defenses, most notably by exploiting unsecured webcams to circumvent Endpoint Detection and Response…
Commvault Webserver Vulnerability Let Attackers Compromise Webserver
Commvault, a global leader in enterprise data protection and management solutions, has urgently patched a high-severity webserver vulnerability that enables attackers to compromise systems by creating and executing malicious webshells. The flaw affects multiple versions of Commvault’s software across Linux…
Microsoft WinDbg RCE Vulnerability Let Attackers Execute Arbitrary Code Remotely
A high-severity vulnerability CVE-2025-24043, remote code execution (RCE) through improper cryptographic signature validation in the SOS debugging extension. The vulnerability affects critical .NET diagnostic packages including dotnet-sos, dotnet-dump, and dotnet-debugger-extensions, which are integral to .NET Core application debugging workflows. According…
1 Million Devices Infected by Malwares Hosted on GitHub, Microsoft Warns
Microsoft Threat Intelligence detected a large-scale malvertising campaign in early December 2024 that infected nearly one million devices globally in an opportunistic attack designed to steal information. The campaign impacted a wide range of organizations and industries, affecting both consumer…
Hackers Leveraging Compromised Email Server To Send Fraudulent Emails
In a sophisticated business email compromise (BEC) attack recently uncovered by Trend Micro Managed XDR team, threat actors exploited a compromised third-party email server to conduct fraudulent financial transactions between business partners. The scheme, which unfolded over several days, involved…
Popular Python Library Vulnerability Exposes 43 million Installations to Code Execution Attacks
A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations to potential remote code execution (RCE) attacks through a dependency chain flaw. Tracked as GHSA-wmxh-pxcx-9w24 and scoring 8.8/10 on the CVSS…
Notorious Black Basta Tactics, Techniques and Procedures Uncovered From Leak
A significant leak of internal chat logs from the Black Basta ransomware group has provided cybersecurity researchers with unprecedented insight into their operations. A Telegram user named ExploitWhispers unveiled the leak contained approximately 200,000 chat messages dated between September 2023…