The 360 Advanced Threat Research Institute has uncovered a sophisticated cyber espionage campaign orchestrated by the North Korean-linked threat actor APT-C-28, also known as ScarCruft or APT37. The group, active since 2012, has shifted tactics to employ fileless malware delivery…
Tag: Cyber Security News
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild
Microsoft has confirmed active exploitation of a critical elevation-of-privilege vulnerability (CVE-2025-24989) in its Power Pages platform, a low-code tool organizations use to build business websites. The vulnerability, which allowed unauthorized attackers to bypass registration controls and escalate network privileges, underscores…
Ghost Ransomware Compromised Organisations Across 70+ Countries – CISA & FBI Warns
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning of widespread attacks by the Ghost ransomware group, which has compromised over 70 organizations across critical sectors globally. Operating under aliases…
NSA Added New Features to Supercharge Ghidra 11.3
The National Security Agency (NSA) has unveiled Ghidra 11.3, a transformative update to its open-source Software Reverse Engineering (SRE) framework, delivering advanced debugging tools, accelerated emulation, and modernized integrations for cybersecurity professionals. This version introduces critical enhancements tailored for kernel-level…
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges
Symantec, a division of Broadcom, has addressed a critical security flaw (CVE-2025-0893) in its Diagnostic Tool (SymDiag) that could allow attackers to escalate privileges on affected systems. The vulnerability, which impacted SymDiag versions prior to 3.0.79, received a CVSSv3 score…
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges
Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. Tracked as CVE-2025-21420, the vulnerability has a CVSS rating of 7.8 and could allow a threat actor to gain…
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution
Cloud Software Group issued urgent patches on February 18, 2025, for a high-severity vulnerability (CVE-2024-12284) affecting its NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. Rated 8.8 on the CVSS v4.0 scale, the flaw enables authenticated attackers to execute unauthorized…
Hackers Weaponize Jarsigner App To Execute XLoader Malware
Threat actors have been observed exploiting the legitimate Java Archive (JAR) signing tool jarsigner.exe to deploy the notorious XLoader malware, according to recent findings from the AhnLab Security Intelligence Center (ASEC). This attack leverages DLL side-loading techniques to bypass security…
Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely
Microsoft has addressed a critical security flaw in its Bing search engine, tracked as CVE-2025-21355, which could have allowed unauthorized attackers to execute arbitrary code remotely. The vulnerability, classified as a Missing authentication for a Critical Function flaw, posed significant…
New Snake Keylogger Attacking Chrome, Edge, and Firefox Users
A sophisticated new variant of the Snake Keylogger (detected as Autolt/Injector.GTY!tr) has emerged as a critical threat to Windows users. It leverages advanced evasion techniques to steal sensitive data from Chrome, Edge, and Firefox browsers. FortiGuard Labs reports over 280…
New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware
Security researchers at Proofpoint have uncovered a sophisticated web inject campaign targeting MacOS users with a new information-stealing malware called FrigidStealer. The operation involves two newly identified threat actors, TA2726 and TA2727, collaborating to compromise legitimate websites and redirect victims…
Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates
A surge in malicious web inject campaigns has introduced FrigidStealer, a new macOS-specific information stealer, deployed via fake browser update prompts. Cybersecurity firm Proofpoint identified two previously unknown threat actors, TA2726 and TA2727, collaborating to distribute this malware globally, marking…
Russian CryptoBytes Hackers Exploiting Windows Machines To Deploy UxCryptor Ransomware
The Russian cybercriminal group CryptoBytes has intensified its ransomware campaigns using a modified version of the UxCryptor malware, according to new findings from SonicWall’s Capture Labs threat research team. This financially motivated group, active since at least 2023, leverages leaked…
Beware! New Fake Browser Updates Deploy NetSupport RAT & StealC Malware on Your Windows
A sophisticated malware campaign attributed to the SmartApeSG threat actor (also tracked as ZPHP/HANEYMANEY) has targeted users through compromised websites since early 2024, deploying NetSupport RAT and StealC malware via fraudulent browser update notifications. The campaign exemplifies the growing sophistication…
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments
Since its emergence in March 2024, the BlackLock ransomware operation (aka El Dorado) has executed a meteoric rise through the ransomware-as-a-service (RaaS) ranks, leveraging custom-built malware and sophisticated anti-detection techniques to compromise Windows, VMWare ESXi, and Linux environments. By Q4…
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations
A coordinated cyber espionage campaign, attributed to North Korea’s state-sponsored Kimsuky group (APT43), has targeted South Korean businesses, government agencies, and cryptocurrency users since late 2024. Dubbed ‘DEEP#DRIVE’ by researchers at Securonix, the operation leverages phishing lures, obfuscated PowerShell scripts,…
Palo Alto Warns of Hackers Combining Vulnerabilities to Compromise Firewalls
Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. Coordinated attacks, which bypass chain authentication and privilege escalation flaws, enable unauthorized access…
Threat Actors Using $10 Infostealer Malware To Breach Critical US Security
A new class of cyber threats leveraging $10 infostealer malware kits has compromised critical U.S. military, defense contractor, and federal agency systems, exposing vulnerabilities in national security infrastructure. According to Hudson Rock’s cybercrime intelligence data, over 30,000 infected devices across…
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets
Recent advances in cybercrime strategies are reviving the carding sector, with threat actors leveraging stolen credit card data to create fraudulent Apple Pay and Google Wallet accounts. Dubbed “Ghost Tap,” this new attack methodology uses Near Field Communication (NFC) relay…
Lee Enterprises Ransomware Attack Compromises ‘Critical’ Systems
Lee Enterprises, one of the largest newspaper publishers in the U.S., has confirmed a cybersecurity attack involving adversarial encryption of critical business applications and data exfiltration through double-extortion ransomware tactics. The incident has disrupted print distribution, billing systems, and digital…