Daily Cyber News

CountLoader expands Russian ransomware campaigns with multi-version malware loader

Cybersecurity experts have identified a new malware loader, dubbed CountLoader, being actively used by Russian ransomware operators. This loader is designed to deliver post-exploitation frameworks such as Cobalt Strike and AdaptixC2, along with a remote access trojan known as PureHVNC RAT. According to Silent Push, CountLoader is deployed either as part of an Initial Access […]

CountLoader expands Russian ransomware campaigns with multi-version malware loader Read More »

SilentSync RAT distributed through two malicious PyPI packages targeting Python developers

Both packages pose as useful developer libraries, however, they contain hidden functionality that fetches and runs additional Python code, which implants SilentSync. The trojan supports remote command execution, file theft, and screen capture, and it specifically targets browser data such as saved credentials, history, autofill information, and cookies from Chrome, Brave, Edge, and Firefox, according

SilentSync RAT distributed through two malicious PyPI packages targeting Python developers Read More »

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts

According to an analysis by Proofpoint, the intrusions impersonated senior figures and organizations involved in U.S.-China relations, including the Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party, and the U.S.-China Business Council. The emails specifically targeted people working on trade, economic policy, and bilateral relations, implying

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts Read More »

SlopAds fraud ring exploits 224 Android apps to push 2.3 billion ad bids every day

A large-scale advertising and click fraud scheme known as SlopAds has been uncovered, involving 224 Android applications with a combined 38 million downloads across 228 countries and territories. According to the Satori Threat Intelligence and Research Team at HUMAN, these malicious apps employ steganography and create hidden WebViews to secretly connect to attacker-controlled websites, generating

SlopAds fraud ring exploits 224 Android apps to push 2.3 billion ad bids every day Read More »

New FileFix variant spreads StealC malware via multilingual phishing site

Cybersecurity researchers are tracking a fresh campaign that uses a new FileFix variant to deliver the StealC information stealer malware. The attack relies on a convincing, multilingual phishing site, advanced obfuscation, and anti-analysis tricks to avoid detection, according to an Acronis researcher, Eliad Kimhy, in a report shared with The Hacker News. How the attack

New FileFix variant spreads StealC malware via multilingual phishing site Read More »

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack

Cybersecurity researchers have uncovered a major software supply chain attack targeting the npm registry, compromising more than 180 packages in its initial phase and eventually spreading to over 500 packages. The attack leverages a self-replicating worm, making it one of the most serious threats seen in the JavaScript ecosystem. How the Attack Works The malicious

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack Read More »

AI-powered Villager penetration testing tool surpasses 11,000 PyPI downloads amid abuse concerns

A recently released AI-driven penetration testing framework, called Villager, has been downloaded nearly 11,000 times from the Python Package Index (PyPI), sparking worries that threat actors could repurpose it for criminal activity. The package, linked to a China-based entity, is presented as a red teaming solution designed to automate and accelerate security testing workflows. Origins

AI-powered Villager penetration testing tool surpasses 11,000 PyPI downloads amid abuse concerns Read More »

CISA warns of active exploitation of critical CVE-2025-5086 in DELMIA Apriso

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability, CVE-2025-5086, to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active attacks targeting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software. Details of the Vulnerability The flaw, rated CVSS 9.0 (critical), affects DELMIA Apriso versions from Release 2020

CISA warns of active exploitation of critical CVE-2025-5086 in DELMIA Apriso Read More »

TOR-based cryptojacking attack spreads through misconfigured Docker APIs

Cybersecurity experts have recently uncovered an evolved form of a cryptojacking campaign that leverages the TOR network to target misconfigured Docker APIs. Akamai, which identified this activity in August 2025, reported that the attackers attempt to lock down exposed Docker APIs to prevent other threat actors from gaining access. This development expands on Trend Micro’s

TOR-based cryptojacking attack spreads through misconfigured Docker APIs Read More »

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies

Cybersecurity experts have uncovered a new malware campaign, codenamed GPUGate, that exploits Google Ads and manipulated GitHub commits to deliver malicious payloads. This operation primarily targets IT and software development companies in Western Europe and has been active since at least December 2024. Unlike typical malvertising attacks, this campaign introduces a unique twist. The attackers

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies Read More »