Cybersecurity researchers have identified sophisticated new variants of Chaos RAT, a remote administration tool that has evolved from an open-source project into a formidable cross-platform malware threat targeting both Windows and Linux systems. Originally documented in 2022, this malware has…
Tag: Cyber Security News
ASUS Armoury Crate Vulnerability Let Attackers Escalate to System User on Windows Machine
A critical authorization bypass vulnerability in ASUS Armoury Crate enables attackers to gain system-level privileges on Windows machines through a sophisticated hard link manipulation technique. The vulnerability, tracked as CVE-2025-3464 with a CVSS score of 8.8, affects the popular gaming…
New KimJongRAT Stealer Using Weaponized LNK File to Deploy Powershell Based Dropper
A sophisticated evolution of the KimJongRAT malware family has emerged, demonstrating advanced techniques for credential theft and system compromise through weaponized Windows shortcut files and PowerShell-based payloads. This latest campaign represents a significant advancement from previous variants, incorporating both Portable…
Google Chrome 0-Day Vulnerability Exploited by APT Hackers in the Wild
A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging previously unknown security flaws to compromise high-value targets. The vulnerability, which enables sandbox escape capabilities, has…
Critical sslh Vulnerabilities Let Hackers Trigger Remote DoS Attacks
Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port. The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exploited remotely to trigger denial-of-service (DoS) attacks. The vulnerabilities affect sslh versions prior…
Kimsuky and Konni APT Groups Accounts Most Active Attacks Targeting East Asia
North Korean state-sponsored advanced persistent threat (APT) groups Kimsuky and Konni have emerged as the most prolific cyber threat actors targeting East Asian nations, according to the latest threat intelligence findings. In April 2025, these groups orchestrated the highest number…
Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents
A newly identified malware campaign orchestrated by the notorious Kimsuky group has been leveraging password-protected research documents to infiltrate academic networks and compromise sensitive systems. This sophisticated attack represents a significant evolution in social engineering tactics, exploiting the academic community’s…
New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script
Security researchers have uncovered a sophisticated malware campaign utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy multiple types of remote access trojans (RATs). The campaign, discovered in June 2025, involves a cluster of 16 open directories containing obfuscated…
Hackers Deliver Fileless AsyncRAT Using Clickfix Technique via Fake Verification Prompt
A sophisticated fileless malware campaign targeting German-speaking users has emerged, employing deceptive verification prompts to distribute AsyncRAT through the increasingly popular Clickfix technique. The malware masquerades as a legitimate “I’m not a robot” CAPTCHA verification, tricking victims into executing malicious…
XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users
A sophisticated cyber espionage campaign attributed to the XDSpy threat actor has recently been discovered exploiting a zero-day vulnerability in Windows shortcut files. This threat actor, which has operated largely undetected from 2011 until its initial discovery in 2020, has…
Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port
A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders. The coordinated attack campaign, observed on June 16, 2025, represents a concentrated burst of malicious activity…
Threat Actors Exploits OEM Permissions on Android Devices to Perform Privilege Escalation Attacks
Android users face a sophisticated security threat as malicious actors increasingly leverage legitimate system features to gain unauthorized access to devices. A concerning trend has emerged where attackers exploit Original Equipment Manufacturer (OEM) permissions to perform privilege escalation attacks, creating…
CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists. The vulnerability, tracked as CVE-2025-43200, affects multiple Apple…
Malicious Loan App on iOS & Google Play Store Infected 150K+ Users Devices
A malicious loan application masquerading as a legitimate financial service has infected over 150,000 iOS and Android devices before being removed from official app stores. The app, identified as “RapiPlata,” achieved a Top 20 ranking in the finance category on…
Water Curse Hacker Group Weaponized 76 GitHub Accounts to Deliver Multistage Malware
A sophisticated threat actor known as Water Curse has exploited the inherent trust in open-source software by weaponizing at least 76 GitHub accounts to distribute malicious repositories containing multistage malware. The campaign represents a significant supply chain risk, targeting cybersecurity…
Threat Actors Abuse Windows Run Prompt to Execute Malicious Command and Deploy DeerStealer
Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits Windows’ built-in Run prompt to deliver DeerStealer, a powerful information stealer designed to harvest cryptocurrency wallets, browser credentials, and sensitive personal data. The malicious operation represents a concerning evolution in…
Apache Tomcat Vulnerabilities Allow Authentication Bypass and DoS Attacks
Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allowing authentication bypass. These vulnerabilities, identified as CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125, impact millions of web applications worldwide running…
Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet
Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy the sophisticated Flodrix botnet malware. The attacks demonstrate how cybercriminals are rapidly weaponizing newly disclosed…
Microsoft Investigating Teams and Exchange Online Services Disruption Impacting Users
Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the affected infrastructure. The company has confirmed that all services have now recovered following swift mitigative…
Gunra Ransomware Group Allegedly Leaks 40TB of Data from American Hospital
The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a major cyberattack. The group claims to have leaked 40 terabytes of sensitive data, including personal…