Cybercriminals have shifted their approach to infiltration. Rather than launching quick attacks, they now work silently within networks, stealing important information, and waiting weeks or months before striking. This is exactly what happened in a recent attack discovered by Morphisec…
Tag: Cyber Security News
Threat Actors Hacked Global Companies via Leaked Cloud Credentials from Infostealer Infections
Dozens of major global enterprises have been breached through a surprisingly simple yet devastating attack vector: stolen credentials extracted from infostealer malware. A threat actor operating under the nickname “Zestix” and his alias “Sentap” has been systematically accessing corporate cloud…
$35M Cryptocurrency Theft Linked to LastPass Password Manager DataBreach
Blockchain intelligence firm TRM Labs has traced over $35 million in stolen cryptocurrency to the 2022 LastPass breach, revealing a sophisticated Russian cybercriminal laundering operation that remains active into 2025. In 2022, hackers breached LastPass and stole encrypted password vaults…
GravityRAT with Remote Access Capabilities Attacking Windows, Android, and macOS Systems
GravityRAT is a remote access trojan that has been targeting government agencies and military organizations since 2016. This malware originated as a Windows-only threat but has evolved into a cross-platform tool that can attack Windows, Android, and macOS systems. The…
WhatsApp Vulnerabilities Leak Users’ Metadata Including Device’s Operating System Details
WhatsApp’s multi-device encryption protocol has long leaked metadata, allowing attackers to fingerprint users’ device operating systems, aiding targeted malware delivery. Recent research highlights partial fixes by Meta, but transparency issues persist. Meta’s WhatsApp, with over 3 billion monthly active users,…
WhatsApp Vulnerabilities Leaks User’s Metadata Including Device’s Operating System
WhatsApp’s multi-device encryption protocol has long leaked metadata, allowing attackers to fingerprint users’ device operating systems, aiding targeted malware delivery. Recent research highlights partial fixes by Meta, but transparency issues persist. Meta’s WhatsApp, with over 3 billion monthly active users,…
Cyberattack on Higham Lane School Forced to Close its Doors to all Students and Staff
Higham Lane School and Sixth Form has been forced to close its doors to all students and staff this week following a significant cyber-attack that has paralyzed the institution’s IT infrastructure. The attack, confirmed by school leadership over the weekend,…
Gmail to Discontinue POP3 Mail Fetching for External Email Accounts
Google has announced that Gmail will discontinue support for two key features regarding third-party email accounts. Starting in January 2026, the platform will drop support for “Gmailify” and the widely utilized “Check mail from other accounts” feature via POP3 fetching.…
Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node
A dangerous new malware called Kimwolf has quietly infected over 2 million devices around the world, forcing them to act as illegal proxy servers without the owners knowing. The botnet has grown at an alarming speed and is currently being…
Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access
Recent findings indicate that a sophisticated threat actor is actively exploiting multiple outdated FortiWeb appliances to deploy the Sliver Command and Control (C2) framework. This campaign highlights a concerning trend where adversaries leverage open-source offensive tools to maintain persistent access…
Threat Group ‘Crimson Collective’ Allegedly Claim Breach of Largest Fiber Broadband Brightspeed
Brightspeed, one of America’s leading fiber broadband infrastructure providers, has become the latest victim of a significant cyberattack. The threat group known as Crimson Collective has publicly claimed responsibility for breaching the company’s systems and obtaining sensitive data. Brightspeed operates…
Critical GNU Wget2 Vulnerability Let Remote Attackers to Overwrite Sensitive Files
A critical security vulnerability has been discovered in GNU Wget2, a widely used command-line tool for downloading files from the web. `The flaw, tracked as CVE-2025-69194, allows remote attackers to overwrite arbitrary files on a victim’s system, potentially leading to…
Eaton Vulnerabilities Let Attackers Execute Arbitrary Code On the Host System
A critical security advisory addressing multiple vulnerabilities discovered in the Eaton UPS Companion (EUC) software. These security flaws, if exploited, could allow attackers to execute arbitrary code on the host system, potentially giving them complete control over affected devices. The…
GHOSTCREW – AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools
GHOSTCREW emerges as a game-changing open-source toolkit for red teamers and penetration testers. This AI-powered assistant leverages large language models, integrates the MCP protocol, and supports the optional RAG architecture to orchestrate security tools via natural-language prompts. Developed by GH05TCREW,…
Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes
A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication…
Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
QNAP has patched multiple security vulnerabilities in its License Center application that could allow attackers to access sensitive information or disrupt services on affected NAS devices. The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026. QNAP rated the flaws as Moderate severity and confirmed that the issues have…
Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network
Resecurity deploys synthetic data honeypots to outsmart threat actors, turning reconnaissance into actionable intelligence. A recent operation not only trapped an Egyptian-linked hacker but also duped the ShinyHunters group into false breach claims. Resecurity has refined deception technologies for counterintelligence,…
VVS Stealer Uses PyArmor Obfuscation to Evade Static Analysis and Signature Detection
The cybersecurity landscape is witnessing a rise in sophisticated malware that leverages legitimate tools to mask malicious intent. A prime example is VVS Stealer (also styled VVS $tealer). This Python-based malware family has been actively marketed on Telegram since April…
Finland Arrests Two Cargo Ship Crew Members Over Undersea Cable Damage
Finnish authorities have detained all 14 crew members of a cargo vessel suspected of deliberately damaging an undersea telecommunications cable connecting Helsinki to Estonia. The ship, named Fitburg, was sailing from St. Petersburg, Russia, to Haifa, Israel, under a St.…
Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting
A dangerous cybercrime feedback loop has emerged where stolen credentials from infostealer malware enable attackers to hijack legitimate business websites and turn them into malware distribution platforms. Recent research by the Hudson Rock Threat Intelligence Team reveals this self-sustaining cycle…