Daily Cyber News

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting […]

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high severity flaw affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The vulnerability, tracked as CVE-2018-4063, allows remote code execution (RCE) through a specially crafted HTTP request. CVE-2018-4063 Overview The vulnerability involves an unrestricted

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

New React RSC Vulnerabilities Allow DoS Attacks and Source Code Exposure

The React development team has released security updates addressing two newly identified classes of vulnerabilities in React Server Components (RSC). If exploited, these weaknesses could allow attackers to trigger denial of service conditions or expose application source code, expanding the risk surface for environments already under pressure from recent React-related flaws. According to the React

New React RSC Vulnerabilities Allow DoS Attacks and Source Code Exposure Read More »

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, calling for immediate patching of a critical React vulnerability amid escalating global exploitation. Agencies have now been instructed to apply fixes by December 12, 2025, underscoring the growing severity of the threat. The flaw, tracked as CVE-2025-55182 with a

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation Read More »

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems

Cybersecurity researchers have revealed a sophisticated Windows backdoor called NANOREMOTE that leverages the Google Drive API for command-and-control (C2) operations. Elastic Security Labs reported that the malware shows code similarities with FINALDRAFT (aka Squidoor), another implant using Microsoft Graph API for C2, attributed to the suspected Chinese threat cluster REF7707 (also known as CL-STA-0049, Earth

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems Read More »

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

An advanced persistent threat (APT) group known as WIRTE has been linked to cyberattacks targeting government and diplomatic entities across the Middle East since 2020. The group deploys a previously undocumented malware suite called AshTag, designed for espionage and intelligence collection. Palo Alto Networks Unit 42 is tracking this cluster under the codename Ashen Lepus.

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor Read More »

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances

A newly discovered and unpatched security vulnerability in Gogs is being actively exploited in the wild, with more than 700 compromised instances currently accessible over the internet. The findings were disclosed by Wiz following an investigation into a real world malware incident. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, affects the

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances Read More »

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code

Cybersecurity researchers are warning of ongoing attacks targeting Gladinet CentreStack and Triofox deployments, where threat actors are actively exploiting a weakness caused by hard coded cryptographic keys. According to new findings from Huntress, at least nine organizations have already been impacted. Security researcher Bryan Masters explained that the flaw allows attackers to access sensitive configuration

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code Read More »