In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that […]
Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud
A severe security weakness found in the Sneeit Framework plugin for WordPress is currently being abused across live sites, based on information shared by Wordfence. The flaw, tracked as CVE-2025-6389 with a CVSS rating of 9.8, affects every version up to 8.3. Developers fixed the issue in version 8.4 released on August 5, 2025. The
A new campaign linked to the threat actor Silver Fox is targeting Chinese speaking users through a deceptive installer that pretends to be Microsoft Teams. The operation appears to be a false flag attempt designed to resemble activity from a Russian group, although the final payload is ValleyRAT, a malware family associated with Chinese cybercrime
Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer Read More »
Cybercriminals linked to the financially motivated group GoldFactory have launched a new wave of mobile attacks across Indonesia, Thailand, and Vietnam by posing as government authorities and local service providers. According to a technical assessment released by Group IB, the campaign has been active since October 2024 and relies on doctored versions of legitimate banking
Brazil is facing a growing wave of cyberattacks as the threat actor known as Water Saci rolls out a more advanced infection chain that spreads banking malware through WhatsApp Web and relies on layered delivery techniques using PDF and HTA files. WhatsApp Worm Used to Deliver Banking Trojan Threat analysts from Trend Micro reported that
Brazil Faces Banking Trojan Spread Through WhatsApp Worm and RelayNFC Relay Fraud Read More »
The notorious supply chain threat, GlassWorm, has resurfaced, targeting developers by infiltrating both the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate widely-used developer frameworks and tools, including Flutter, React, Tailwind, Vim, and Vue. Originally documented in October 2025, GlassWorm uses the Solana blockchain to manage command-and-control operations, harvest
Israeli organizations across academia, engineering, local government, manufacturing, technology, transportation, and utilities have become targets of a sophisticated campaign by Iranian-linked hackers deploying a new backdoor called MuddyViper. ESET attributed the attacks to the MuddyWater group, also known as Mango Sandstorm or TA450, linked to Iran’s Ministry of Intelligence and Security (MOIS). One Egyptian technology
Iran Linked Hackers Hit Israeli Sectors With New MuddyViper Backdoor Read More »
A newly advertised Android malware called Albiriox has surfaced as a powerful malware as a service [MaaS] platform, offering attackers a broad toolkit designed for on device fraud, remote interaction, and advanced screen manipulation. Security analysts report that Albiriox is rapidly gaining traction within cybercrime forums because of its extensive capabilities and its ability to
New Albiriox MaaS Malware Hits Over 400 Apps With Fraud and Screen Control Read More »
A new wave of cyber attacks linked to the threat actor known as Tomiris has been identified targeting foreign ministries, intergovernmental bodies, and government institutions inside Russia. According to researchers, the actor aims to gain remote access inside sensitive networks and deploy additional malicious tools for long term operations. Kaspersky analysts Oleg Kupreev and Artem