Cybercrime

SmartLoader Attack Leverages Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have uncovered a sophisticated campaign using a trojanized Model Context Protocol (MCP) server linked to Oura Health to deliver the StealC information stealer. According to Straiker’s AI Research (STAR) Labs, attackers cloned the legitimate Oura MCP server—which normally connects AI assistants to Oura Ring health data—and created fake forks, contributor accounts, and a deceptive infrastructure to build […]

SmartLoader Attack Leverages Trojanized Oura MCP Server to Deploy StealC Infostealer Read More »

Poland Arrests Suspect Tied to Phobos Ransomware Operation

Authorities in Poland have arrested a 47-year-old man suspected of involvement with the Phobos ransomware network. During the operation, police confiscated computers and mobile devices allegedly containing stolen login credentials, payment card details, and server access information. The arrest was carried out by officers from the Central Bureau of Cybercrime Control in the Małopolska region, with support from units in Katowice

Poland Arrests Suspect Tied to Phobos Ransomware Operation Read More »

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Cybersecurity researchers have identified a case in which an information-stealing malware successfully extracted sensitive configuration files linked to OpenClaw, the open-source AI agent platform previously known as Clawdbot and Moltbot. According to researchers at Hudson Rock, the incident represents a turning point in infostealer evolution. Instead of focusing solely on browser credentials, threat actors are now harvesting

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens Read More »

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Exfiltration

Cybersecurity experts have uncovered a new mobile spyware platform called ZeroDayRAT, being marketed on Telegram as a tool for stealing sensitive data and conducting real-time surveillance on Android and iOS devices. Daniel Kelley, a security researcher at iVerify, explained, “The developer operates dedicated channels for sales, customer support, and updates, giving buyers access to a fully functional

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Exfiltration Read More »

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks

Cybercriminals have launched a new wave of cryptocurrency phishing attacks by sending physical letters to users of Trezor and Ledger hardware wallets. The fraudulent mail is designed to trick recipients into revealing their wallet recovery phrases, ultimately enabling attackers to steal digital assets. QR Code Scam Delivered by Post Unlike traditional email phishing, this campaign

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks Read More »

Malicious Chrome Extensions Exposed for Stealing Business Data, Emails, and Browsing History

Browser extensions are once again under scrutiny after multiple investigations revealed coordinated campaigns abusing Google Chrome add ons to steal business intelligence, authentication codes, emails, and browsing history. Security researchers have identified several malicious extensions impersonating productivity tools, AI assistants, and social media customization plugins. These threats specifically target platforms such as Meta Business Suite, Facebook Business Manager, Google Chrome,

Malicious Chrome Extensions Exposed for Stealing Business Data, Emails, and Browsing History Read More »

First Malicious Outlook Add-In Discovered Stealing Over 4,000 Microsoft Credentials

Cybersecurity researchers have uncovered what is believed to be the first malicious Microsoft Outlook add-in observed in active attacks. The discovery highlights a new evolution in supply chain threats targeting trusted software marketplaces. According to security firm Koi Security, an unidentified attacker hijacked a previously legitimate but abandoned Outlook add-in domain to host a fraudulent

First Malicious Outlook Add-In Discovered Stealing Over 4,000 Microsoft Credentials Read More »

TeamPCP Worm Abuses Cloud Infrastructure to Build Criminal Operations

Cybersecurity experts have uncovered a large and coordinated malicious campaign that abuses cloud native environments to construct infrastructure used for cybercrime operations. Researchers describe the activity as a worm driven operation that spreads automatically across exposed cloud services. The campaign was first observed around December 25, 2025, and relies on publicly exposed Docker APIs, Kubernetes

TeamPCP Worm Abuses Cloud Infrastructure to Build Criminal Operations Read More »

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists

Germany’s Federal Office for the Protection of the Constitution, known as BfV, together with the Federal Office for Information Security BSI, have issued a joint cybersecurity alert regarding an active phishing campaign abusing the Signal messaging platform. According to the advisory, the campaign is attributed to a likely state-sponsored threat actor and is specifically aimed at politicians, military officials, diplomats,

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists Read More »

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms

CERT Polska, Poland’s national computer emergency response team, has disclosed details of a coordinated cyber attack campaign that targeted more than 30 wind and photovoltaic energy farms, a private manufacturing sector company, and a major combined heat and power plant supplying heat to nearly half a million customers. The attacks occurred on December 29, 2025,

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms Read More »