Cybercrime

Smishing Triad Connected to 194,000 Malicious Domains in Worldwide Phishing Campaign

A major ongoing smishing campaign has been traced to over 194,000 malicious domains since January 1, 2024, targeting a wide variety of services around the world, according to recent research from Palo Alto Networks Unit 42. Although many of these domains are registered through a Hong Kong-based registrar and utilize Chinese nameservers, the bulk of […]

Smishing Triad Connected to 194,000 Malicious Domains in Worldwide Phishing Campaign Read More »

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation

A large, persistent malicious operation has been abusing YouTube to distribute malware, publishing more than 3,000 deceptive videos since 2021. Check Point researchers call it the YouTube Ghost Network, and the volume of these videos has tripled this year. Google has removed a majority of the offending videos, but the campaign highlights how attackers weaponize

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation Read More »

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards

Cybersecurity researchers have exposed a cybercriminal group, known as Jingle Thief, that targets cloud systems used by retailers and consumer service companies, to carry out large scale gift card fraud. The group focuses on stealing credentials through phishing and smishing, then uses those credentials to access cloud-based gift card issuance workflows, issue high value cards,

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards Read More »

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files

A recent spear-phishing operation, named PhantomCaptcha, has targeted organizations involved in Ukraine’s humanitarian and war relief efforts. Cybersecurity researchers reported that the campaign delivers a remote access trojan (RAT) using WebSocket connections for command-and-control (C2), posing a serious threat to international relief organizations. Scope of the Attack On October 8, 2025, individual members of the

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files Read More »

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign

Iranian-affiliated cyber group MuddyWater has launched a large-scale espionage campaign targeting more than 100 organizations, mainly across the Middle East and North Africa (MENA) region. The group has reportedly used a compromised email account to distribute a backdoor malware called Phoenix, aiming to infiltrate high-value targets and gather intelligence, according to a technical report by

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign Read More »

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums

Monolock ransomware has appeared for sale on underground forums, with operators advertising version 1.0 and offering stolen corporate credentials alongside the malware. First observed in late September, the campaign spreads through phishing messages that deliver malicious Microsoft Word documents, which, when opened, trigger an embedded macro to download the ransomware binary from a compromised host.

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums Read More »

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules

Security researchers have uncovered a widespread campaign where attackers exploited publicly available ASP.NET machine keys to break into Windows IIS web servers, then installed a malicious IIS module to hijack traffic and profit from fake search rankings. The group, tracked as REF3927, leveraged keys published in places like Microsoft documentation and online forums, making many

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules Read More »

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025

The first day of Pwn2Own Ireland 2025 concluded with remarkable results, as security researchers discovered 34 distinct zero-day vulnerabilities across a variety of smart devices. Every single exploit attempt succeeded, resulting in a total prize payout of $522,500. The event, taking place in Cork, Ireland, from October 21 to 24, brings together elite hackers to

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025 Read More »

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable

Cybercriminals have compromised the official Xubuntu website, redirecting torrent download links to a malicious ZIP archive that delivers Windows-based malware. The attack, detected on October 18, 2025, underscores ongoing security weaknesses in community-managed Linux distribution platforms, particularly as users shift from outdated operating systems. Instead of legitimate Xubuntu ISO torrents, unsuspecting users were offered a

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable Read More »

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers

Google’s Threat Intelligence Group (GTIG) has revealed new details about the Russian-linked hacking group known as COLDRIVER, uncovering three newly developed malware families that reflect the group’s increasing cyber activity since May 2025. According to GTIG’s research, COLDRIVER has significantly expanded its malware arsenal just days after its previously known malware, LOSTKEYS, was publicly exposed.

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers Read More »