Threat

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is […]

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign

A large scale cryptocurrency mining campaign has been detected targeting cloud environments by abusing compromised Identity and Access Management credentials within Amazon Web Services. The operation leverages stolen IAM permissions to rapidly deploy crypto mining infrastructure across multiple AWS services. The activity was first identified on November 2, 2025, through automated threat detection systems operated

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign Read More »

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, calling for immediate patching of a critical React vulnerability amid escalating global exploitation. Agencies have now been instructed to apply fixes by December 12, 2025, underscoring the growing severity of the threat. The flaw, tracked as CVE-2025-55182 with a

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation Read More »