Threat

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Cybersecurity researchers are warning about a growing cybercrime cycle in which credentials stolen by infostealer malware are being used to compromise legitimate business websites and convert them into malware hosting platforms. According to recent findings from the Hudson Rock Threat Intelligence Team, this self reinforcing ecosystem allows attackers to repeatedly expand their infrastructure by turning […]

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting Read More »

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor

Cybersecurity researchers have uncovered a sophisticated attack by the Chinese threat actor Mustang Panda, which utilized a previously unknown kernel-mode rootkit driver to deploy the TONESHELL backdoor. The campaign, detected in mid-2025, primarily targeted government organizations in Southeast and East Asia, including Myanmar and Thailand. According to Kaspersky, the malicious driver, named ProjectConfiguration.sys, is digitally signed

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat group has been linked to a sophisticated cyber espionage campaign that relied on Domain Name System (DNS) poisoning to distribute the MgBot backdoor. The attacks targeted selected victims across Türkiye, China, and India, according to new findings from Kaspersky. Kaspersky researchers observed the activity between November 2022 and November 2024

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Cybersecurity experts have identified a new variant of the MacSync macOS information stealer that uses a digitally signed and notarized Swift application to bypass Apple’s Gatekeeper protections. The malware is disguised as a messaging app installer, fooling users into installing it. According to Jamf researcher Thijs Xhaflaire, unlike earlier MacSync variants that relied on drag-to-terminal

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper Read More »

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites

Cybersecurity researchers have uncovered two malicious Google Chrome extensions operating under the same name and published by the same developer, both designed to secretly intercept web traffic and steal user credentials on a massive scale. The extensions are promoted as a “multi location network speed test plug in” aimed at developers and professionals working in

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites Read More »

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty

A large scale law enforcement operation led by INTERPOL has resulted in the arrest of 574 suspects across Africa and the recovery of approximately three million dollars, marking a significant step in the global fight against cybercrime. The month long initiative, known as Operation Sentinel, was carried out between October 27 and November 27, 2025. The

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty Read More »

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme

The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »