A sophisticated phishing framework known as CoGUI has emerged as a significant threat, primarily targeting organizations in Japan with millions of phishing messages since October 2024. The kit impersonates popular consumer and finance brands, including Amazon, PayPay, Rakuten, and various…
Tag: Cyber Security News
Russian COLDRIVER Hackers Using LOSTKEYS Malware To Steal Sensitive Data
Cybersecurity researchers have uncovered a sophisticated malware campaign attributed to the Russian threat actor COLDRIVER, also known as Star Blizzard or Callisto. The newly identified malware, dubbed LOSTKEYS, has been observed targeting diplomatic institutions, defense contractors, and critical infrastructure organizations…
Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks
In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the unexpected disappearance of RansomHub, which…
Lockbit Ransomware Hacked – Leaked Database Exposes Internal Chats
The notorious LockBit ransomware operation has suffered a significant breach. Attackers defaced their dark web infrastructure and leaking a comprehensive database containing sensitive operational details on May 7. The hack represents a major blow to one of the world’s most…
Beware of Fake Social Security Statement That Tricks Users to Install Malware
A sophisticated phishing campaign targeting Americans is currently making rounds via fake Social Security Administration (SSA) emails. These convincingly crafted messages inform recipients that their Social Security Statement is available for download, encouraging them to click on an attached file.…
Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers
Cisco has disclosed a critical security vulnerability in its IOS XE Wireless LAN Controllers that could allow unauthorized attackers to gain complete control of affected devices. The flaw, assigned the maximum severity rating of 10.0, enables unauthenticated remote attackers to…
Agenda Ransomware Group Upgraded Their Arsenal With SmokeLoader and NETXLOADER
In a significant evolution of their attack capabilities, the Agenda ransomware group has recently incorporated SmokeLoader malware and a new .NET-based loader dubbed NETXLOADER into their arsenal. This development, observed in campaigns initiated during November 2024, marks a substantial upgrade…
Top Ransomware Actors Actively Attacking Financial Sector, 406 Incidents Publicly Disclosed
The financial sector has emerged as a prime target for sophisticated ransomware operations, with a staggering 406 publicly disclosed incidents recorded between April 2024 and April 2025. These attacks have demonstrated increasingly advanced technical capabilities and strategic targeting, causing significant…
Healthcare Sector Emerges as a Prime Target for Cyber Attacks in 2025
The healthcare industry has become increasingly vulnerable to sophisticated cyber threats in 2025, with malicious actors specifically targeting medical institutions’ growing cloud infrastructure and digital workflows. According to recent findings, threat actors have shifted their tactics to leverage trusted cloud…
Critical Open Source Easyjson Library Under Full Control of Russian Company
A critical security revelation has sent shockwaves through the cybersecurity community as researchers uncovered that easyjson, a widely adopted open-source Go package central to JSON serialization processes, is under complete control of developers based in Moscow who work for VK…
UK Government Sets Timeline to Replace Passwords With Passkeys
The UK government has unveiled plans to roll out passkey technology across its digital services as it seeks to reduce the risk of cyber-attacks to people’s GOV.UK accounts. Announced during the CYBERUK 2025 conference in Manchester, this initiative aims to…
Lampion Banking Malware Employs ClickFix Lures To Steal Banking Information
A sophisticated banking trojan known as Lampion has resurfaced with an evolved attack strategy, now exploiting fake ClickFix utility lures to harvest sensitive banking credentials from unsuspecting victims. This banking malware, first identified in late 2019, has undergone significant modifications…
DPRK’s Largest Cryptocurrency Heist via a Compromised macOS Developer and AWS Pivots – Researchers Emulated
North Korean state-sponsored hackers have executed what security experts are calling the largest cryptocurrency theft operation to date, successfully stealing an estimated $625 million through an elaborate attack chain that compromised a high-profile macOS developer’s environment and leveraged Amazon Web…
DragonForce – The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025
In the rapidly evolving cybersecurity landscape of 2025, DragonForce has emerged as a formidable ransomware threat, redefining the hybrid extortion model. First appearing in December 2023 with the launch of its “DragonLeaks” dark web portal, DragonForce has quickly established itself…
Top Cyber Attacks In April 2025 You Need to Aware
April wasn’t quiet in the world of cybersecurity. From sneaky fake CAPTCHAs to region-targeted phishing and revamped ransomware, attackers kept busy, refining their tricks and finding new ways to slip past defenses. Thanks to insights from ANY.RUN researchers, powered by…
PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers
A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers. The vulnerability, tracked as CVE-2025-30065 with a CVSS score of 10.0, affects a widely-used data…
Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
In a major blow to the cybercriminal ecosystem, Polish authorities have arrested four individuals who allegedly operated a network of Distributed Denial of Service (DDoS) platforms responsible for thousands of cyberattacks worldwide. The operation, announced on May 7, 2025, dismantled…
Wormable Linux Rootkit Attack Multiple Systems to Steal SSH Keys and Privilege Escalation
Cybersecurity researchers at ANY.RUN have uncovered a sophisticated attack leveraging the Diamorphine rootkit to deploy a cryptocurrency miner on Linux systems, highlighting the growing misuse of open-source tools in malicious campaigns. The detailed analysis with ANY.RUN Sandbox exposes a multi-stage…
New Sophisticated Phishing Attack Abuses Discord & Attacked 30,000 Users Worldwide
A sophisticated phishing campaign that targets cryptocurrency users through Discord. The campaign has victimized over 30,000 users and resulted in losses exceeding $9 million over the past six months alone, revealing the continued operation of the notorious Inferno Drainer despite…
Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware
Threat actors linked to the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows prior to its patching on April 8, 2025. The vulnerability, tracked as CVE-2025-29824, affects the Windows Common Log File System (CLFS) driver and allows attackers…