Cybercrime

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums

Monolock ransomware has appeared for sale on underground forums, with operators advertising version 1.0 and offering stolen corporate credentials alongside the malware. First observed in late September, the campaign spreads through phishing messages that deliver malicious Microsoft Word documents, which, when opened, trigger an embedded macro to download the ransomware binary from a compromised host. […]

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums Read More »

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules

Security researchers have uncovered a widespread campaign where attackers exploited publicly available ASP.NET machine keys to break into Windows IIS web servers, then installed a malicious IIS module to hijack traffic and profit from fake search rankings. The group, tracked as REF3927, leveraged keys published in places like Microsoft documentation and online forums, making many

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules Read More »

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025

The first day of Pwn2Own Ireland 2025 concluded with remarkable results, as security researchers discovered 34 distinct zero-day vulnerabilities across a variety of smart devices. Every single exploit attempt succeeded, resulting in a total prize payout of $522,500. The event, taking place in Cork, Ireland, from October 21 to 24, brings together elite hackers to

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025 Read More »

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable

Cybercriminals have compromised the official Xubuntu website, redirecting torrent download links to a malicious ZIP archive that delivers Windows-based malware. The attack, detected on October 18, 2025, underscores ongoing security weaknesses in community-managed Linux distribution platforms, particularly as users shift from outdated operating systems. Instead of legitimate Xubuntu ISO torrents, unsuspecting users were offered a

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable Read More »

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers

Google’s Threat Intelligence Group (GTIG) has revealed new details about the Russian-linked hacking group known as COLDRIVER, uncovering three newly developed malware families that reflect the group’s increasing cyber activity since May 2025. According to GTIG’s research, COLDRIVER has significantly expanded its malware arsenal just days after its previously known malware, LOSTKEYS, was publicly exposed.

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers Read More »

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams

Meta has announced a new set of security tools aimed at strengthening protection for WhatsApp and Messenger users against online scams. According to Meta, these new updates are designed to help users identify and prevent fraudulent attempts that target personal data, financial information, and digital identities. Screen-Sharing Warnings on WhatsApp WhatsApp is rolling out new

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams Read More »

China’s MSS Accuses NSA of Using 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

China’s Ministry of State Security (MSS) has accused the United States National Security Agency (NSA) of executing a planned cyberattack against the National Time Service Center (NTSC). The Chinese agency described the U.S. as a “hacker empire” and “the greatest source of chaos in cyberspace.” According to MSS, the attack targeted China’s official time infrastructure,

China’s MSS Accuses NSA of Using 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems Read More »

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks

Microsoft has taken decisive action against a cyber campaign linked to the Rhysida ransomware group by revoking more than 200 fraudulent code-signing certificates. These certificates were misused by a threat actor known as Vanilla Tempest to disguise malicious software as legitimate Microsoft Teams installers. Discovery and Disruption According to the Microsoft Threat Intelligence team, the

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks Read More »

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months

A Chinese-linked cyber threat group, known as Jewelbug, has successfully infiltrated a Russian IT service provider for five months, marking the group’s expansion beyond its traditional targets in Southeast Asia and South America. This operation, running from January to May 2025, underscores the continued reach of Chinese cyber espionage. Background on Jewelbug and Related Clusters

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months Read More »

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks

In mid-2025, cybersecurity researchers at Lab539 detected an unexpected rise in a new browser-based malware campaign known as ClickFix. First appearing quietly in July, this threat quickly grew by registering over 13,000 unique domains aimed at tricking users into running malicious commands on their own devices. How ClickFix Works ClickFix attacks utilize compromised or low-cost

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks Read More »