OpenAI has announced that it successfully disrupted three major cyber operations that attempted to exploit ChatGPT for malicious activities, including malware creation and phishing campaigns. Russian Threat Actor Used ChatGPT for Malware Development One of the disrupted groups was a Russian-language actor who misused ChatGPT to design and enhance a Remote Access Trojan (RAT) and […]
Researchers at Aryaka Threat Research Labs, Aditya K Sood and Varadharajan K, report that attackers impersonate recruiters, sending seemingly legitimate job descriptions and corporate documents that conceal malicious payloads. These lures are designed to look authentic, encouraging recipients to open files that initiate a multi-stage infection. How the attack works The campaign commonly uses ZIP
BatShadow Group Deploys Go-Based ‘Vampire Bot’ Malware Targeting Job Seekers Read More »
A new cybersecurity investigation has revealed a large-scale cyber fraud operation linked to a Chinese-speaking group named UAT-8099. This group is reportedly involved in SEO manipulation, data theft, and unauthorized access to systems via compromised Microsoft IIS servers. The attackers primarily target regions like India, Thailand, Vietnam, Canada, and Brazil, with victims including universities, tech
Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers Read More »
Cybersecurity researchers have uncovered two malicious Rust crates that were impersonating a legitimate library named fast_log in order to steal Solana and Ethereum wallet keys from source code. The rogue crates, titled faster_log and async_println, were published on May 25, 2025, by actors using the aliases rustguruman and dumbnbased. According to software supply chain security
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning about ongoing malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) platforms. Threat actors are actively exploiting two critical security flaws, CVE-2025-4427 and CVE-2025-4428, enabling complete system compromise and arbitrary code execution on affected servers. These attacks started shortly after Ivanti publicly disclosed the
CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware Read More »
Cybersecurity experts have recently uncovered an evolved form of a cryptojacking campaign that leverages the TOR network to target misconfigured Docker APIs. Akamai, which identified this activity in August 2025, reported that the attackers attempt to lock down exposed Docker APIs to prevent other threat actors from gaining access. This development expands on Trend Micro’s
TOR-based cryptojacking attack spreads through misconfigured Docker APIs Read More »
A new and highly coordinated malware campaign has surfaced in Indonesia, specifically preying on senior citizens who depend on the nation’s official pension system. The attackers are exploiting the credibility of PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund that manages more than $15.9 billion in assets for millions of retired
New Malware Exploits TASPEN to Target Indonesian Senior Citizens Read More »
Over the past year, the Underground ransomware group has risen as a major threat to organizations worldwide, spanning multiple industries and countries. Initially spotted in July 2023, the gang reappeared in May 2024 with a Dedicated Leak Site (DLS), signaling a shift toward more advanced and strategic operations. Their attacks now reach from the United
Underground Ransomware Gang Reveals New Global Attack Tactics Read More »
A 55-year-old Chinese national, Davis Lu, has been sentenced to four years in federal prison for executing a destructive insider cyberattack on the global IT infrastructure of his former employer in Beachwood, Ohio. Lu exploited his privileged role as a software developer to implant advanced malware that disrupted thousands of users across multiple countries. The
Chinese Hacker Sentenced for Using Kill Switch on Ohio Company’s Global Network Read More »
Growing Cybercrime Campaigns Targeting Servers and IoT Devices Cybersecurity experts are highlighting multiple ongoing campaigns where attackers exploit known security flaws, particularly in Redis servers, to conduct malicious activities. These include building IoT botnets, setting up residential proxies, and creating cryptocurrency mining infrastructures. One major focus is CVE-2024-36401 (CVSS 9.8), a critical remote code execution
GeoServer Exploits and Emerging Groups Expanding Cybercrime Beyond Botnets Read More »