A newly identified malware variant dubbed ACRStealer has been observed leveraging Google Docs as a command-and-control (C2) server to bypass traditional security defenses and harvest sensitive login credentials. This sophisticated attack vector exploits the trusted reputation of Google’s infrastructure to…
Tag: Cyber Security News
China Claim That NSA Allegedly Hacked Northwestern Polytechnical University
Chinese cybersecurity authorities have alleged that the U.S. National Security Agency (NSA) breached Northwestern Polytechnical University (NPU), a leading institution in aerospace and defense research, in a multi-year cyber espionage campaign. According to joint reports published on February 18, 2025,…
Darcula 3.0 Tool Automatically Generates Phishing Kit For Any Brand
The darcula phishing group has escalated cybercrime capabilities with its newly unveiled “darcula-suite 3.0,” a phishing-as-a-service (PhaaS) platform enabling criminals to automatically generate counterfeit websites for any brand within minutes. This tool represents a paradigm shift in cybercrime efficiency, leveraging…
CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale
The CL0P ransomware group has intensified attacks on critical infrastructure sectors, with telecommunications and healthcare organizations worldwide reporting mass data breaches and system encryption. Leveraging a zero-day vulnerability in Cleo integration software (CVE-2024-50623), the threat actors have compromised over 80…
Cyber Threat Actors Leveraging Exploits To Attack Financial Sector With Advanced Malware
The financial sector remains a prime target for cybercriminals and state-sponsored groups, with 2024 witnessing a surge in sophisticated attacks exploiting zero-day vulnerabilities, supply chain weaknesses, and advanced malware. Threat actors are increasingly adopting collaborative models, including Initial Access Brokers…
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) issued seven Industrial Control Systems (ICS) advisories detailing critical vulnerabilities in widely used systems. These advisories highlight critical vulnerabilities in ICS products from major vendors such ABB, Carrier, Siemens and Mitsubishi Electric, providing…
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia
Security researchers at Palo Alto Networks’ Unit 42 have uncovered a resurgence of the modular Bookworm malware in cyberattacks targeting government and diplomatic entities across Southeast Asia. The activity, attributed to the Chinese state-aligned threat actor Stately Taurus (also tracked…
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix
Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-0282) affecting its Connect Secure VPN appliances. This vulnerability, caused by improper handling of the strncpy function in the web server component, allowed attackers to execute arbitrary code remotely. JPCERT/CC confirmed multiple exploitation…
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors
Pegasus spyware, once considered a tool for targeting journalists and activists—is now being deployed against executives in the private sector, including finance, real estate, and logistics. In a December 2024 investigation, 11 new Pegasus infections were detected among 18,000 devices…
Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability
Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw allows authenticated administrators to execute arbitrary commands on…
New Active Directory Pentesting Tool For KeyCredentialLink Management
RedTeamPentesting has unveiled a new tool, keycred, which offers a robust solution for managing KeyCredentialLinks in Active Directory (AD) environments. This command-line interface (CLI) tool and library implements the KeyCredentialLink structures as defined in section 2.2.20 of the Microsoft Active…
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub
A GitHub repository titled Windows-WiFi-Password-Stealer has surfaced, raising concerns among cybersecurity professionals. This repository, hosted by the user “cyberthirty,” provides a Python-based script capable of extracting saved WiFi credentials from Windows systems and saving them to a text file. While…
New NailaoLocker Ransomware Attacking European Healthcare
European healthcare organizations are facing a sophisticated cyber threat from a newly identified ransomware strain called NailaoLocker, deployed as part of a campaign tracked as Green Nailao by Orange Cyberdefense CERT. The attacks, first detected between June and October 2024,…
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released
A cluster of four critical vulnerabilities in Ivanti Endpoint Manager (EPM) has entered a dangerous new phase with the public release of proof-of-concept (PoC) exploit code, escalating risks for organizations using the enterprise device management platform. Discovered by researchers in…
Beware of North Korean Job Interview Process Delivers Malware Via Fake Chrome Update
A new malware campaign attributed to North Korean threat actors has been identified, targeting individuals through fake job interview processes. Dubbed “Contagious Interview,” this operation delivers malicious Swift applications disguised as legitimate software updates, including a recently discovered “DriverEasy.app” masquerading…
Chinese Hackers Exploiting Check Point Firewall Vulnerability To Deploy Ransomware
A sophisticated cyber espionage campaign linked to Chinese state-aligned threat actors has targeted organizations across 15 countries using an updated variant of the Shadowpad malware to deploy previously undocumented ransomware. The attacks, analyzed by Trend Micro’s incident response team, exploit…
IBM OpenPages Vulnerability Let Attackers Steal Authentication Credentials
IBM has addressed multiple high-severity vulnerabilities in its OpenPages Governance, Risk, and Compliance (GRC) platform that could enable attackers to hijack user sessions, steal authentication credentials, and manipulate critical enterprise data. The flaws affect versions 8.3 and 9.0 of the…
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script
Researchers uncovered an ongoing campaign distributing the Rhadamanthys Infostealer through malicious Microsoft Management Console (MMC) files (.MSC), leveraging both a patched DLL vulnerability and legitimate MMC functionalities to execute scripts and deploy malware. This advanced attack vector highlights evolving techniques…
Free SOC Webinar – Better SOC with Interactive Malware Sandbox, Practical Use Cases 2025
If you work in a Security Operations Center (SOC), you know the struggle all too well: hundreds of alerts flood in daily, each demanding attention. Some are false positives, others are routine, but buried among them are real threats that…
Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs
A recent study by cybersecurity firm Hackmosphere reveals alarming gaps in phishing awareness among C-suite executives, with CEOs demonstrating particularly high susceptibility to socially engineered attacks. The research, conducted through simulated phishing campaigns, shows how even experienced decision-makers remain vulnerable…