Cybercrime

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce

The cybercriminal collective known as Scattered Lapsus$ Hunters has intensified their extortion efforts by launching a dedicated leak portal aimed at publishing stolen Salesforce data. This alliance, which includes prominent threat actors such as ShinyHunters, Scattered Spider, and Lapsus$, represents a new level of sophistication in ransomware-as-a-service operations, specifically targeting one of the most widely […]

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce Read More »

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed

Since surfacing in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its methods to target government agencies, energy companies, and diplomatic missions across the Middle East and beyond. What began as credential-harvesting phishing campaigns has matured into a modular, multi-stage toolkit that supports deep network infiltration and prolonged espionage.

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed Read More »

AI Emerges as Russia’s Latest Cyber Weapon in Its War on Ukraine

Russian hackers have taken their cyber offensive to a new level by integrating artificial intelligence (AI) into cyber attacks against Ukraine, according to a report published by the State Service for Special Communications and Information Protection of Ukraine (SSSCIP). The report revealed that during the first half of 2025 (H1 2025), hackers began using AI

AI Emerges as Russia’s Latest Cyber Weapon in Its War on Ukraine Read More »

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns

Cybersecurity teams have uncovered a coordinated campaign that compromises WordPress websites to inject malicious JavaScript, with the goal of redirecting visitors to fraudulent, malware laden pages. These drive by injections impersonate legitimate checks, tricking users into following steps that ultimately deliver malware or credential theft. What researchers found, and how the injection works Researchers at

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns Read More »

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign

Threat actors believed to be linked to China have repurposed a legitimate open-source monitoring framework, Nezha, to conduct a coordinated cyberattack, researchers found. The campaign, observed in August 2025 by Huntress, used a log poisoning technique to plant a PHP web shell on vulnerable web servers, then leveraged that access to deploy Nezha and ultimately

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign Read More »

OpenAI Blocks Russian, North Korean, and Chinese Hackers Exploiting ChatGPT for Cyberattacks

OpenAI has announced that it successfully disrupted three major cyber operations that attempted to exploit ChatGPT for malicious activities, including malware creation and phishing campaigns. Russian Threat Actor Used ChatGPT for Malware Development One of the disrupted groups was a Russian-language actor who misused ChatGPT to design and enhance a Remote Access Trojan (RAT) and

OpenAI Blocks Russian, North Korean, and Chinese Hackers Exploiting ChatGPT for Cyberattacks Read More »

BatShadow Group Deploys Go-Based ‘Vampire Bot’ Malware Targeting Job Seekers

Researchers at Aryaka Threat Research Labs, Aditya K Sood and Varadharajan K, report that attackers impersonate recruiters, sending seemingly legitimate job descriptions and corporate documents that conceal malicious payloads. These lures are designed to look authentic, encouraging recipients to open files that initiate a multi-stage infection. How the attack works The campaign commonly uses ZIP

BatShadow Group Deploys Go-Based ‘Vampire Bot’ Malware Targeting Job Seekers Read More »

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers

A new cybersecurity investigation has revealed a large-scale cyber fraud operation linked to a Chinese-speaking group named UAT-8099. This group is reportedly involved in SEO manipulation, data theft, and unauthorized access to systems via compromised Microsoft IIS servers. The attackers primarily target regions like India, Thailand, Vietnam, Canada, and Brazil, with victims including universities, tech

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers Read More »

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed

Cybersecurity researchers have uncovered two malicious Rust crates that were impersonating a legitimate library named fast_log in order to steal Solana and Ethereum wallet keys from source code. The rogue crates, titled faster_log and async_println, were published on May 25, 2025, by actors using the aliases rustguruman and dumbnbased. According to software supply chain security

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed Read More »

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning about ongoing malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) platforms. Threat actors are actively exploiting two critical security flaws, CVE-2025-4427 and CVE-2025-4428, enabling complete system compromise and arbitrary code execution on affected servers. These attacks started shortly after Ivanti publicly disclosed the

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware Read More »