Daily Cyber News

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust

Emerging quietly in mid-2025, XWorm has transformed into a highly sophisticated backdoor malware that manipulates both user trust and system conventions to infiltrate networks. Early indications appeared when several organizations reported a surge in phishing emails containing .lnk shortcut files disguised as ordinary documents. Security analysts quickly noticed that opening these shortcuts triggered hidden PowerShell […]

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust Read More »

Threat Actors Target PayPal Users with New Account Profile Setup Scam

A new and sophisticated phishing campaign is currently targeting PayPal users, exploiting deceptive emails titled “Set up your account profile” to compromise accounts through a clever secondary user addition scheme. This scam uses advanced email spoofing and psychological manipulation to bypass traditional security measures, marking a notable evolution in online financial fraud. The fraudulent emails

Threat Actors Target PayPal Users with New Account Profile Setup Scam Read More »

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Networks

Over recent years, Chinese state-backed Advanced Persistent Threat (APT) groups have actively targeted critical flaws in enterprise routers, enabling long-term access to global telecom and government networks. Groups known by names like Salt Typhoon and OPERATOR PANDA have systematically attacked provider edge (PE) and customer edge (CE) devices from top vendors, leveraging publicly disclosed Common

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Networks Read More »

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses

A large-scale Internet Protocol Television (IPTV) piracy infrastructure has been uncovered, spreading over more than 1,100 domains and more than 10,000 IP addresses. This illegal ecosystem has been running for several years, offering unauthorized streams of premium digital content. The pirated material includes international sports leagues, paid subscription services, and on-demand platforms, all distributed without

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses Read More »

Apache DolphinScheduler Default Permissions Vulnerability Patched, Update Immediately

A serious security flaw has been patched in Apache DolphinScheduler, a widely used open-source workflow scheduling platform. The Apache Software Foundation is urging all users to update immediately, as the vulnerability exposes systems to unauthorized access and data compromise. Nature of the Vulnerability The issue stems from overly permissive default settings in DolphinScheduler. During the

Apache DolphinScheduler Default Permissions Vulnerability Patched, Update Immediately Read More »

New NotDoor Malware Targets Outlook Users to Steal Data and Compromise Systems

A newly discovered backdoor, linked to the infamous Russian cyber-espionage group APT28 (Fancy Bear), is targeting Microsoft Outlook users. The malware enables attackers to steal sensitive information, upload malicious files, and execute commands to take full control of compromised devices. What is NotDoor? Researchers at LAB52, the threat intelligence division of Spanish cybersecurity firm S2

New NotDoor Malware Targets Outlook Users to Steal Data and Compromise Systems Read More »

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems

A newly uncovered backdoor malware known as MystRodX has raised alarms in the cybersecurity community. Operating silently for more than 20 months, this advanced threat has been able to exfiltrate sensitive information using covert communication techniques that bypass standard defenses. Initially mistaken for a Mirai botnet variant, MystRodX is far more dangerous. Instead of relying

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems Read More »

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services

A highly advanced phishing campaign managed to stay undetected for more than three years while operating through Google Cloud and Cloudflare services. The attackers impersonated leading corporations, including major defense contractor Lockheed Martin, raising concerns about the detection gaps in two of the world’s most trusted internet infrastructure providers. How the Campaign Worked The operation

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services Read More »

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access

The Cybersecurity and Infrastructure Security Agency (CISA) has released a high-priority security advisory concerning a critical flaw in SunPower PVS6 solar monitoring devices. This weakness, registered as CVE-2025-9696, could give cyber attackers full administrative control over affected systems, creating serious risks for solar energy infrastructure across the globe. Overview of the Vulnerability The flaw arises

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access Read More »

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »