RansomHub emerged in February 2024, just as Operation Cronos dismantled major ransomware players BlackCat and LockBit. This new ransomware-as-a-service operation quickly attracted affiliates with generous terms—keeping 90% of ransom payments and offering direct wallet transfers. By July 2024, RansomHub had…
Tag: Cyber Security News
New FamousSparrow Malware Attacking Hotels & Engineering Companies to New Backdoor
In a recent discovery, cybersecurity experts have identified renewed activity from FamousSparrow, a China-aligned APT group previously thought to be inactive since 2022. The threat actor has resurfaced with two previously undocumented versions of its signature backdoor, SparrowDoor, targeting organizations…
PlayBoy Locker Ransomware Attacking Windows, NAS and ESXi Operating Systems
A new ransomware variant known as PlayBoy Locker has emerged, targeting multiple operating systems including Windows, NAS, and ESXi. First discovered in September 2024, this malware initially operated as a Ransomware-as-a-Service (RaaS) platform, offering cybercriminals a versatile tool for their…
Hackers Abuse MailChimp Email Marketing Platform via Phishing, and Social Engineering Tactics
Hackers have launched sophisticated attacks targeting MailChimp, one of the most widely used email marketing platforms. These attacks leverage advanced phishing techniques and social engineering tactics to gain unauthorized access to corporate MailChimp accounts, potentially exposing sensitive subscriber data and…
Redcurl Actors New Ransomware Exclusively Attacking Hyper-V Servers
A new ransomware strain has been discovered targeting virtualized environments, specifically Microsoft Hyper-V servers. This targeted approach marks a significant evolution in ransomware tactics, as the malware focuses exclusively on hypervisors rather than encrypting all endpoint devices, creating maximum damage…
Blacklock Ransomware Infrastructure Intruded to Uncover Their Planned Attacks
Blacklock ransomware, also known as “El Dorado” or “Eldorado,” emerged as one of the most aggressive ransomware-as-a-service (RaaS) operations in early 2025. The group rapidly accelerated attacks across multiple sectors including electronics, academia, religious organizations, defense, healthcare, technology, and government…
Cloudflare Announces OpenPubkey SSH to Integrate Single-Sign-on With SSH
Cloudflare announced the open-sourcing of OPKSSH (OpenPubkey SSH) on March 25, 2025. This technology integrates single sign-on (SSO) with SSH authentication, eliminating the need for manual SSH key management. Previously owned by BastionZero (acquired by Cloudflare), the code has been…
Meta AI Will Begin Rolling Out Across 41 European Countries
After nearly a year of regulatory hurdles, Meta has finally begun deploying its conversational AI assistant across the European Union and neighboring countries this week. The rollout, which covers 41 European countries and 21 overseas territories, marks Meta’s largest global…
GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries
A critical vulnerability in GLPI, a widely-used open-source IT Service Management (ITSM) platform tracked as CVE-2025-24799, enables unauthenticated attackers to perform SQL injection attacks through the inventory endpoint. This flaw can lead to remote code execution (RCE), potentially resulting in…
Kuala Lumpur Airport Suffered Cyberattack – Hackers Demanded US$10 Million Ransom
Malaysia’s Prime Minister Anwar Ibrahim confirmed on Tuesday that hackers demanded a US$10 million ransom following a sophisticated cyberattack that disrupted critical systems at Kuala Lumpur International Airport (KLIA) over the weekend. The security breach, which occurred on March 23,…
Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware
Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform. The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking…
Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day
Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems. The patch comes shortly after Google…
New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections
A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains.…
Tor Browser 14.0.8 Released Emergency Update for Windows Users
The Tor Project has issued an emergency update for Windows users on March 27, 2025, releasing Tor Browser 14.0.8 with critical security patches. This Windows-only release addresses “very urgent” security vulnerabilities in Firefox, the browser framework underpinning Tor Browser, and…
CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, affects the Chromium-based browsers on Windows systems…
Arkana Ransomware Group Claims Compromise of US Telecom Companies
The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group. The attack, which security researchers trace to an infostealer infection from September 2024, has reportedly compromised over 403,000 customer accounts and granted…
Cloud Attacks Raises by Five Times Attacking Sensitive IAM Service Accounts
Organizations are facing an unbelievable surge in cloud-based security threats, with attacks nearly five times more frequent at the end of 2024 compared to the beginning of the year. Most concerning is the targeted attack on Identity and Access Management…
GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries
A new botnet named “GorillaBot,” has orchestrated over 300,000 attack commands across more than 100 countries within a span of just three weeks. Built on the infamous Mirai botnet framework, GorillaBot represents a sophisticated malware evolution. It leverages advanced encryption…
Windows Server 2025 Security Update Freezes Remote Desktop Sessions Connection
A recent security update for Windows Server 2025, released on February 11, 2025 (KB5051987), has caused a significant issue for users relying on Remote Desktop Protocol (RDP). The update, part of Microsoft’s February Patch Tuesday, has led to RDP sessions…
Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions
Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). Users have reported unexpected disconnections, particularly after the release of the March 2025…