Daily Cyber News

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India

The Pakistan-linked threat actor Transparent Tribe has adopted AI-powered coding tools to mass-produce malware implants aimed at Indian targets, including government entities and embassies abroad. According to Bitdefender, the campaign emphasizes quantity over sophistication, generating large volumes of disposable implants using niche programming languages like Nim, Zig, and Crystal while exploiting trusted services such as Slack, Discord, Supabase, and Google Sheets to […]

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India Read More »

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT

Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign, codenamed VOID#GEIST, which leverages batch scripts to deliver encrypted remote access trojans (RATs) including XWorm, AsyncRAT, and Xeno RAT. The research was published by Securonix Threat Research. At a technical level, the attack uses an obfuscated batch script to deploy a secondary batch, stage a legitimate embedded

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT Read More »

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team reveals that an Iranian state-sponsored hacking group has infiltrated multiple U.S. organizations, including banks, airports, a non-profit, and the Israeli division of a software company. The group, known as MuddyWater (also Seedworm), operates under the Iranian Ministry of Intelligence and Security (MOIS). Analysts believe

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor Read More »

Word

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks

A cyber espionage campaign linked to China has been targeting telecommunications infrastructure across South America since 2024. The attackers are focusing on Windows servers, Linux systems, and network edge devices, deploying multiple sophisticated malware implants to maintain long term access. Security researchers from Cisco Talos are monitoring this activity under the name UAT-9244, a threat cluster

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks Read More »

Microsoft-Reveals-ClickFix

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer

Microsoft security researchers have revealed a large scale ClickFix social engineering campaign that abuses the Windows Terminal application to execute malicious commands and ultimately deploy the Lumma Stealer malware. The campaign, detected in February 2026, introduces a new technique where attackers persuade victims to run commands inside Windows Terminal (wt.exe) instead of the commonly abused Windows Run dialog. Social Engineering Through Trusted Tools

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer Read More »

Hikvision

CISA Adds Critical Hikvision and Rockwell Automation CVSS 9.8 Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added two high severity vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence that the flaws are being actively exploited. Both vulnerabilities carry a CVSS score of 9.8, indicating a critical level of risk for affected systems. Vulnerability Affecting Hikvision Devices The first vulnerability, tracked as CVE-2017-7921,

CISA Adds Critical Hikvision and Rockwell Automation CVSS 9.8 Vulnerabilities to KEV Catalog Read More »

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited

Cisco has confirmed that two security vulnerabilities affecting Cisco Catalyst SD-WAN Manager (previously known as SD-WAN vManage) are currently being exploited in real-world attacks. The vulnerabilities identified by Cisco are CVE-2026-20122 and CVE-2026-20128, both of which impact organizations using the SD-WAN management platform. Details of the Exploited Vulnerabilities The first issue, CVE-2026-20122, carries a CVSS score of 7.1 and allows an

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited Read More »

GHOSTFORM-Malware

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware

Cybersecurity researchers have disclosed a campaign attributed to a suspected Iran-linked threat actor targeting Iraqi government officials. The attackers impersonated Iraq’s Ministry of Foreign Affairs to deliver previously unknown malware families, including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Observed by Zscaler ThreatLabz in January 2026, the campaign employs two distinct infection chains that ultimately deploy these malicious tools. A

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware Read More »

Ukraine-attack

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine

Cybersecurity researchers have revealed a new Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware families, BadPaw and MeowMeow. According to a report by ClearSky, the attack begins with a phishing email containing a link to a ZIP archive. Once extracted, an HTA file opens a decoy document in Ukrainian concerning border crossing appeals, designed to

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine Read More »

Europol-Led

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks

A major international cybersecurity operation has successfully dismantled Tycoon 2FA, a large phishing-as-a-service platform that enabled cybercriminals to launch advanced phishing attacks targeting organizations worldwide. The takedown was coordinated by the European law enforcement agency Europol along with multiple cybersecurity firms and global investigators. Authorities confirmed that the platform was responsible for tens of thousands of phishing incidents

Europol Led Operation Dismantles Tycoon 2FA Phishing as a Service Tied to 64,000 Attacks Read More »