Cybercrime

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using […]

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems

Cybersecurity researchers have revealed a sophisticated Windows backdoor called NANOREMOTE that leverages the Google Drive API for command-and-control (C2) operations. Elastic Security Labs reported that the malware shows code similarities with FINALDRAFT (aka Squidoor), another implant using Microsoft Graph API for C2, attributed to the suspected Chinese threat cluster REF7707 (also known as CL-STA-0049, Earth

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems Read More »

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware

Canadian organizations have become the primary focus of a targeted cyber campaign led by the threat cluster STAC6565. Cybersecurity company Sophos investigated nearly 40 intrusions linked to the group between February 2024 and August 2025, finding strong overlaps with the hacking group Gold Blade, also tracked under names such as Earth Kapre, RedCurl, and Red

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware Read More »

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Cybersecurity researchers have identified four separate threat clusters using a malware loader called CastleLoader, reinforcing earlier assessments that this tool operates under a malware-as-a-service (MaaS) model, providing capabilities to multiple cybercriminal groups. The operator behind CastleLoader has been designated GrayBravo by Recorded Future’s Insikt Group, previously tracked as TAG-150. According to an analysis published by

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure Read More »

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities

Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities Read More »

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware

A long running operation linked to the threat actor ShadyPanda has been exposed for converting widely installed browser extensions into surveillance tools. The campaign has reportedly been active for about seven years and has accumulated more than 4.3 million installs. According to Koi Security, five extensions that originally functioned as legitimate utilities were altered in

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware Read More »

RomCom deploys Mythic Agent malware via SocGholish fake update attacks

Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign

RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

FBI reports $262M in ATO fraud as AI phishing and holiday scams

The U.S Federal Bureau of Investigation (FBI) has issued a new security alert, stating that cybercriminals are increasingly impersonating financial institutions to steal money and confidential information. These activities are directly linked to a major rise in account takeover fraud, a type of cybercrime that has already caused losses exceeding two hundred sixty two million

FBI reports $262M in ATO fraud as AI phishing and holiday scams Read More »

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft

A new supply chain attack has been identified across the npm ecosystem, marking a second wave of activity similar to the earlier Shai Hulud incident. Security companies report that thousands of repositories and hundreds of npm packages were compromised between November 21 and 23, 2025. The latest campaign has been named Sha1 Hulud and involves

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft Read More »