Daily Cyber News

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections

The researchers describe a simple interposer, which can be assembled for about $50, that sits between the processor and the DDR4 memory modules. During system start, the interposer remains transparent and passes all integrity and trust checks. At runtime, however, the device can be flipped into an active mode, where it stealthily remaps physical addresses […]

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections Read More »

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Threat actors are exploiting the popularity of artificial intelligence (AI) by embedding malware into fake productivity and AI-enhanced tools, according to a recent Trend Micro report. This campaign, known as EvilAI, is targeting organizations worldwide across regions such as Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region. Global Impact and Targeted

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations Read More »

DataCenter Fire Knocks 600+ South Korean Government Websites Offline

A lithium-ion battery explosion at a major government data center in South Korea has disrupted more than 600 critical services, underscoring the risks of centralizing vital digital infrastructure. The fire broke out Friday night at the National Information Resources Service (NIRS) facility in Daejeon. According to officials, a disconnected battery exploded during relocation work around

DataCenter Fire Knocks 600+ South Korean Government Websites Offline Read More »

Threat Actors Exploit Dynamic DNS Providers for Malicious Activities

Cybersecurity experts are sounding the alarm over a rising threat vector, as malicious actors increasingly exploit Dynamic DNS (DDNS) providers to create resilient command and control (C2) infrastructure. These subdomain rental services, originally intended for legitimate hosting purposes, have become a preferred tool for cybercriminals seeking to bypass traditional security defenses and regulatory oversight. The

Threat Actors Exploit Dynamic DNS Providers for Malicious Activities Read More »

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information

A recent phishing campaign targeting Ukrainian organizations abuses Scalable Vector Graphics, SVG, files as the initial infection vector. The attackers use embedded HTML, spoofed interfaces, and chained fileless stages to deliver two payloads, PureMiner, and Amatera Stealer. The campaign relies on user deception, legitimate tools, and memory-only execution to evade detection and harvest credentials, browser

SVG Files Weaponized to Deliver PureMiner, Steal Sensitive Information Read More »

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT

Researchers have uncovered a new phishing campaign that impersonates Ukrainian government organizations to distribute CountLoader, which subsequently delivers Amatera Stealer and PureMiner. According to Fortinet FortiGuard Labs researcher Yurren Wan, “The phishing emails carry malicious Scalable Vector Graphics (SVG) files designed to deceive recipients into opening dangerous attachments.” In the attack scenarios analyzed by cybersecurity

Researchers Reveal Phishing Campaigns Distributing CountLoader and PureRAT Read More »

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The Russian advanced persistent threat (APT) group COLDRIVER has been linked to a new wave of ClickFix-style attacks, deploying two lightweight malware families identified as BAITSWITCH and SIMPLEFIX.Researchers at Zscaler ThreatLabz detected the multi-stage ClickFix campaign earlier this month. They describe BAITSWITCH as a downloader that eventually drops SIMPLEFIX, a PowerShell-based backdoor. COLDRIVER Expands Arsenal

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks Read More »

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The cybercriminal group known as Vane Viper has been exposed as a key operator in malicious ad technology (adtech). The group has relied on shell companies and unclear ownership structures to avoid accountability while powering large-scale cybercrime operations. According to a recent technical report published by Infoblox in collaboration with Guardio and Confiant, Vane Viper

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network Read More »

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure

Cybersecurity firm watchTowr Labs has revealed that attackers began exploiting a severe flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a full week before it was publicly disclosed. According to Benjamin Harris, CEO and Founder of watchTowr, this is not simply a CVSS 10.0 vulnerability in software often

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure Read More »

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module

Cybersecurity experts have identified a new variant of the well-known macOS malware XCSSET, now observed in limited-scale attacks. According to a report from the Microsoft Threat Intelligence team, this updated version introduces key changes that include browser-focused attacks, clipboard hijacking, and improved persistence techniques. The malware uses strong encryption, obfuscation methods, and run-only compiled AppleScripts

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module Read More »