Cybercrime

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware

A long running operation linked to the threat actor ShadyPanda has been exposed for converting widely installed browser extensions into surveillance tools. The campaign has reportedly been active for about seven years and has accumulated more than 4.3 million installs. According to Koi Security, five extensions that originally functioned as legitimate utilities were altered in […]

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware Read More »

RomCom deploys Mythic Agent malware via SocGholish fake update attacks

Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign

RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

FBI reports $262M in ATO fraud as AI phishing and holiday scams

The U.S Federal Bureau of Investigation (FBI) has issued a new security alert, stating that cybercriminals are increasingly impersonating financial institutions to steal money and confidential information. These activities are directly linked to a major rise in account takeover fraud, a type of cybercrime that has already caused losses exceeding two hundred sixty two million

FBI reports $262M in ATO fraud as AI phishing and holiday scams Read More »

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft

A new supply chain attack has been identified across the npm ecosystem, marking a second wave of activity similar to the earlier Shai Hulud incident. Security companies report that thousands of repositories and hundreds of npm packages were compromised between November 21 and 23, 2025. The latest campaign has been named Sha1 Hulud and involves

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft Read More »

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet

A new wave of cyber attacks has emerged as Oligo Security reports active exploitation of a long standing security weakness in the Ray open source AI framework. This flaw, identified as CVE 2023 48022 with a critical 9.8 rating, is being used to compromise Ray clusters equipped with NVIDIA GPUs. The compromised infrastructure is then

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet Read More »

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows

Security analysts have revealed new insights about the Tsundere botnet, a rapidly expanding malware operation that targets Windows systems. Active since mid 2025, the threat uses JavaScript based payloads delivered from a remote command and control server, allowing attackers to execute arbitrary commands and flexibly modify botnet behavior. Propagation and Infection Mechanisms Although its initial

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows Read More »

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks

Phishing remains one of the most consistent cyber threats faced by organizations worldwide. Attackers continuously refine their strategies to steal credentials and sensitive data, and a recently uncovered phishing framework shows how far these tactics have evolved. Security analysts discovered a multi layered phishing system designed to impersonate Aruba S.p.A, an Italian IT and web

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks Read More »

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies

The U.S. Department of Justice (DoJ) announced on Friday that five people have admitted guilt in connection with aiding North Korea’s illicit revenue schemes by facilitating IT worker fraud, violating international sanctions. Defendants Involved The individuals are: Phagnasay, Salazar, and Travis admitted to one count of wire fraud conspiracy. They knowingly allowed IT workers outside

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies Read More »

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts

Security researchers have raised alarms over a critical authentication bypass vulnerability in Fortinet FortiWeb Web Application Firewall (WAF). Exploiting this flaw allows attackers to take control of admin accounts, potentially compromising the entire device. Vulnerability Overview According to watchTowr, active exploitation of a vulnerability patched silently in FortiWeb version 8.0.2 has been observed in the

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts Read More »