A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Tag: Cyber Security News
Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers
A sophisticated campaign in which threat actors are stealthily compromising NGINX servers to redirect web traffic to malicious destinations. The attackers, previously linked to “React2Shell” exploits, are now targeting NGINX configurations, specifically those using the Baota (BT) management panel, widely…
New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture
A sophisticated new threat has surfaced in the wild, identified as the DesckVB RAT version 2.9. This modular Remote Access Trojan, built on the .NET framework, has been observed in active malware campaigns throughout early 2026. Unlike simple backdoors, this…
APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies
Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include maritime and transport organizations in nations such as Poland, Ukraine, and Turkey. The attackers are…
Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems
A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their…
Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands
The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social…
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support #Scam Kit
A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device
TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the…
CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and…
False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It
False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal intent after real interaction. The result…
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
The Interlock ransomware group has emerged as a distinct threat in the cybersecurity landscape, particularly targeting the education sector in the United States and United Kingdom. Unlike many contemporary ransomware operations that function under a Ransomware-as-a-Service (RaaS) model, Interlock operates…
PhantomVAI Custom Loader Uses RunPE Utility to Attack Users
A sophisticated custom loader named PhantomVAI has emerged in global phishing campaigns, delivering various stealers and remote access trojans (RATs) to compromised systems. This malware loader operates by masquerading as legitimate software and employing process hollowing techniques to inject malicious…
SystemBC Botnet Hijacked 10,000 Devices Worldwide to Use for DDoS Attacks
The SystemBC malware family, a persistent threat first documented in 2019, has evolved into a massive botnet infrastructure controlling over 10,000 hijacked devices globally. Functioning primarily as a SOCKS5 proxy and a backdoor, this malware enables threat actors to mask…
CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks
A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise editions. The vulnerability, tracked as CVE-2021-39935, poses significant risks to…
Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users
Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, threat actors now host their malicious infrastructure on legitimate services like Microsoft…
ValleyRAT Mimic as LINE Installer Attacking Users to Steal Login Details
A sophisticated malware campaign has surfaced where threat actors are distributing the ValleyRAT backdoor disguised as a legitimate installer for the popular messaging application, LINE. This targeted attack primarily focuses on Chinese-speaking users, leveraging a deceptive executable to infiltrate systems…
Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware
The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several…
Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System
Google has released a critical security update for the Chrome Stable channel, addressing two high-severity vulnerabilities that expose users to potential arbitrary code execution (ACE) and denial-of-service (DoS) attacks. The update pushes the browser version to 144.0.7559.132/.133 for Windows and…
Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads
Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively…
Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms
Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools…