Daily Cyber News

Threat Actors Exploit Dynamic DNS Providers for Malicious Activities

Cybersecurity experts are sounding the alarm over a rising threat vector, as malicious actors increasingly exploit Dynamic DNS (DDNS) providers to create resilient command and control (C2) infrastructure. These subdomain rental services, originally intended for legitimate hosting purposes, have become a preferred tool for cybercriminals seeking to bypass traditional security defenses and regulatory oversight. The […]

Threat Actors Exploit Dynamic DNS Providers for Malicious Activities Read More »

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information

A recent phishing campaign targeting Ukrainian organizations abuses Scalable Vector Graphics, SVG, files as the initial infection vector. The attackers use embedded HTML, spoofed interfaces, and chained fileless stages to deliver two payloads, PureMiner, and Amatera Stealer. The campaign relies on user deception, legitimate tools, and memory-only execution to evade detection and harvest credentials, browser

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information Read More »

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT

Researchers have uncovered a new phishing campaign that impersonates Ukrainian government organizations to distribute CountLoader, which subsequently delivers Amatera Stealer and PureMiner. According to Fortinet FortiGuard Labs researcher Yurren Wan, “The phishing emails carry malicious Scalable Vector Graphics (SVG) files designed to deceive recipients into opening dangerous attachments.” In the attack scenarios analyzed by cybersecurity

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT Read More »

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The Russian advanced persistent threat (APT) group COLDRIVER has been linked to a new wave of ClickFix-style attacks, deploying two lightweight malware families identified as BAITSWITCH and SIMPLEFIX.Researchers at Zscaler ThreatLabz detected the multi-stage ClickFix campaign earlier this month. They describe BAITSWITCH as a downloader that eventually drops SIMPLEFIX, a PowerShell-based backdoor. COLDRIVER Expands Arsenal

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks Read More »

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The cybercriminal group known as Vane Viper has been exposed as a key operator in malicious ad technology (adtech). The group has relied on shell companies and unclear ownership structures to avoid accountability while powering large-scale cybercrime operations. According to a recent technical report published by Infoblox in collaboration with Guardio and Confiant, Vane Viper

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network Read More »

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure

Cybersecurity firm watchTowr Labs has revealed that attackers began exploiting a severe flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a full week before it was publicly disclosed. According to Benjamin Harris, CEO and Founder of watchTowr, this is not simply a CVSS 10.0 vulnerability in software often

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure Read More »

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module

Cybersecurity experts have identified a new variant of the well-known macOS malware XCSSET, now observed in limited-scale attacks. According to a report from the Microsoft Threat Intelligence team, this updated version introduces key changes that include browser-focused attacks, clipboard hijacking, and improved persistence techniques. The malware uses strong encryption, obfuscation methods, and run-only compiled AppleScripts

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module Read More »

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) and Cisco have confirmed active exploitation of recently disclosed vulnerabilities in Cisco ASA firewalls to deploy highly persistent and evasive malware families, called RayInitiator and LINE VIPER. The campaign, attributed to a cluster named ArcaneDoor and linked to UAT4356 (aka Storm-1849), targets ASA 5500-X Series appliances, and in

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware Read More »

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection

Cybersecurity researchers have disclosed a major flaw in Salesforce Agentforce, a platform designed for building AI-powered agents. The vulnerability, codenamed ForcedLeak (CVSS score: 9.4), could have enabled attackers to exfiltrate sensitive data from Salesforce’s CRM system using an indirect AI prompt injection. The issue was discovered and reported by Noma Security on July 28, 2025.

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection Read More »

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers

Cybersecurity researchers have uncovered a new backdoor called AkdoorTea, linked to North Korean threat actors involved in the Contagious Interview campaign. This operation, also known by names such as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi, primarily targets developers working on cryptocurrency and Web3 projects across Windows, Linux, and macOS. According

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers Read More »