Threat

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known […]

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches

Cybersecurity authorities have linked the notorious Black Cat gang to an ongoing SEO poisoning campaign that targets popular software searches, tricking users into downloading malicious backdoors capable of stealing sensitive information. Fraudulent Sites Target Popular Software According to reports by CNCERT/CC and Beijing Weibu Online (ThreatBook), the threat actors manipulate search engine results on platforms

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches Read More »

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code

Cybersecurity researchers have uncovered a new Python based information stealing malware known as VVS Stealer, also referred to as VVS $tealer, which is actively targeting Discord users by harvesting account credentials and authentication tokens. According to an analysis published by Palo Alto Networks Unit 42, this stealer has been circulating in underground Telegram channels since at least

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code Read More »

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Cybersecurity researchers are warning about a growing cybercrime cycle in which credentials stolen by infostealer malware are being used to compromise legitimate business websites and convert them into malware hosting platforms. According to recent findings from the Hudson Rock Threat Intelligence Team, this self reinforcing ecosystem allows attackers to repeatedly expand their infrastructure by turning

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting Read More »

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor

Cybersecurity researchers have uncovered a sophisticated attack by the Chinese threat actor Mustang Panda, which utilized a previously unknown kernel-mode rootkit driver to deploy the TONESHELL backdoor. The campaign, detected in mid-2025, primarily targeted government organizations in Southeast and East Asia, including Myanmar and Thailand. According to Kaspersky, the malicious driver, named ProjectConfiguration.sys, is digitally signed

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat group has been linked to a sophisticated cyber espionage campaign that relied on Domain Name System (DNS) poisoning to distribute the MgBot backdoor. The attacks targeted selected victims across Türkiye, China, and India, according to new findings from Kaspersky. Kaspersky researchers observed the activity between November 2022 and November 2024

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Cybersecurity experts have identified a new variant of the MacSync macOS information stealer that uses a digitally signed and notarized Swift application to bypass Apple’s Gatekeeper protections. The malware is disguised as a messaging app installer, fooling users into installing it. According to Jamf researcher Thijs Xhaflaire, unlike earlier MacSync variants that relied on drag-to-terminal

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper Read More »

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »