Threat

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites

Cybersecurity researchers have uncovered two malicious Google Chrome extensions operating under the same name and published by the same developer, both designed to secretly intercept web traffic and steal user credentials on a massive scale. The extensions are promoted as a “multi location network speed test plug in” aimed at developers and professionals working in […]

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites Read More »

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty

A large scale law enforcement operation led by INTERPOL has resulted in the arrest of 574 suspects across Africa and the recovery of approximately three million dollars, marking a significant step in the global fight against cybercrime. The month long initiative, known as Operation Sentinel, was carried out between October 27 and November 27, 2025. The

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty Read More »

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme

The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have uncovered a malicious software package hosted on the npm repository that masquerades as a fully functional WhatsApp API while secretly stealing sensitive user data and granting attackers persistent access to victims’ WhatsApp accounts. The package, called lotusbail, has been downloaded more than 56,000 times since it was published in May 2025 by

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Read More »

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale

Cybersecurity researchers are warning about a rapidly evolving Android malware ecosystem where threat actors are combining malicious droppers, SMS stealing functions, and full remote access capabilities to target users at scale. Recent investigations show that users in Uzbekistan are being actively targeted through fake applications that silently deploy advanced malware once installed. According to an

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale Read More »

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Threat intelligence researchers have identified renewed cyber activity linked to an Iranian advanced persistent threat group known as Infy, also referred to as Prince of Persia, nearly five years after the group was last observed conducting attacks in Sweden, the Netherlands, and Turkey. Security experts now believe the scope and persistence of Infy’s operations were

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence Read More »

U.S. DOJ Charges 54 Suspects in ATM Jackpotting Scheme Using Ploutus Malware

The U.S. Department of Justice (DoJ) has formally charged 54 individuals in connection with a large scale ATM jackpotting operation that caused tens of millions of dollars in losses across the United States. According to federal prosecutors, the accused were involved in a coordinated campaign that used a sophisticated malware strain known as Ploutus to

U.S. DOJ Charges 54 Suspects in ATM Jackpotting Scheme Using Ploutus Malware Read More »

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations,

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »

Cracked Software and YouTube Videos Used to Spread CountLoader and GachiLoader Malware

Cybersecurity researchers have uncovered an active malware campaign that abuses cracked software websites and popular video platforms to distribute advanced loader malware, primarily CountLoader and GachiLoader. The activity highlights how threat actors continue to exploit user trust in free software and online tutorials to silently compromise systems. Researchers from Cyderes revealed that cracked software distribution

Cracked Software and YouTube Videos Used to Spread CountLoader and GachiLoader Malware Read More »

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard has issued an urgent security advisory after confirming active exploitation of a critical vulnerability in its Fireware OS. The flaw affects VPN functionality and has already been observed being abused in real world attacks, prompting immediate patching recommendations for all affected customers. The vulnerability, tracked as CVE-2025-14733, carries a CVSS score of 9.3 and is

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability Read More »