Daily Cyber News

Russian Hackers Gamaredon And Turla Join Forces To Deploy Kazuar Backdoor In Ukraine

Cybersecurity researchers have uncovered strong indications that two well-known Russian threat groups, Gamaredon and Turla, are actively working together to target Ukrainian systems. According to Slovak cybersecurity company ESET, the Gamaredon toolset (notably PteroGraphin and PteroOdd) was leveraged in February 2025 to run Turla’s Kazuar backdoor on a Ukrainian endpoint. This suggests that Turla is […]

Russian Hackers Gamaredon And Turla Join Forces To Deploy Kazuar Backdoor In Ukraine Read More »

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed advisory highlighting the discovery of two different malware strains that exploited security flaws in Ivanti Endpoint Manager Mobile (EPMM). The malicious activity was identified inside the network of an unnamed organization, where attackers leveraged vulnerabilities CVE-2025-4427 and CVE-2025-4428 to compromise systems. How the

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428 Read More »

SonicWall urges password resets after cloud backup breach impacting less than 5 percent of customers

SonicWall has issued a strong advisory urging its customers to reset their credentials after detecting a security incident involving its cloud backup service. The breach exposed firewall configuration backup files linked to MySonicWall accounts, though the company emphasized that less than 5 percent of customers were impacted. Suspicious Activity Detected in Cloud Backups According to

SonicWall urges password resets after cloud backup breach impacting less than 5 percent of customers Read More »

CountLoader expands Russian ransomware campaigns with multi-version malware loader

Cybersecurity experts have identified a new malware loader, dubbed CountLoader, being actively used by Russian ransomware operators. This loader is designed to deliver post-exploitation frameworks such as Cobalt Strike and AdaptixC2, along with a remote access trojan known as PureHVNC RAT. According to Silent Push, CountLoader is deployed either as part of an Initial Access

CountLoader expands Russian ransomware campaigns with multi-version malware loader Read More »

SilentSync RAT distributed through two malicious PyPI packages targeting Python developers

Both packages pose as useful developer libraries, however, they contain hidden functionality that fetches and runs additional Python code, which implants SilentSync. The trojan supports remote command execution, file theft, and screen capture, and it specifically targets browser data such as saved credentials, history, autofill information, and cookies from Chrome, Brave, Edge, and Firefox, according

SilentSync RAT distributed through two malicious PyPI packages targeting Python developers Read More »

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts

According to an analysis by Proofpoint, the intrusions impersonated senior figures and organizations involved in U.S.-China relations, including the Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party, and the U.S.-China Business Council. The emails specifically targeted people working on trade, economic policy, and bilateral relations, implying

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts Read More »

SlopAds fraud ring exploits 224 Android apps to push 2.3 billion ad bids every day

A large-scale advertising and click fraud scheme known as SlopAds has been uncovered, involving 224 Android applications with a combined 38 million downloads across 228 countries and territories. According to the Satori Threat Intelligence and Research Team at HUMAN, these malicious apps employ steganography and create hidden WebViews to secretly connect to attacker-controlled websites, generating

SlopAds fraud ring exploits 224 Android apps to push 2.3 billion ad bids every day Read More »

New FileFix variant spreads StealC malware via multilingual phishing site

Cybersecurity researchers are tracking a fresh campaign that uses a new FileFix variant to deliver the StealC information stealer malware. The attack relies on a convincing, multilingual phishing site, advanced obfuscation, and anti-analysis tricks to avoid detection, according to an Acronis researcher, Eliad Kimhy, in a report shared with The Hacker News. How the attack

New FileFix variant spreads StealC malware via multilingual phishing site Read More »

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack

Cybersecurity researchers have uncovered a major software supply chain attack targeting the npm registry, compromising more than 180 packages in its initial phase and eventually spreading to over 500 packages. The attack leverages a self-replicating worm, making it one of the most serious threats seen in the JavaScript ecosystem. How the Attack Works The malicious

Over 180 npm packages targeted by self-replicating worm to steal credentials in recent supply chain attack Read More »

AI-powered Villager penetration testing tool surpasses 11,000 PyPI downloads amid abuse concerns

A recently released AI-driven penetration testing framework, called Villager, has been downloaded nearly 11,000 times from the Python Package Index (PyPI), sparking worries that threat actors could repurpose it for criminal activity. The package, linked to a China-based entity, is presented as a red teaming solution designed to automate and accelerate security testing workflows. Origins

AI-powered Villager penetration testing tool surpasses 11,000 PyPI downloads amid abuse concerns Read More »