Threat

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

In a sophisticated evasion technique, the Russia-aligned threat actor known as Curly COMrades is now exploiting Windows’ native Hyper-V virtualization to create a hidden Linux environment. This covert space is used to host custom malware, effectively bypassing traditional Endpoint Detection and Response (EDR) security measures. A Hidden Virtual Environment for Stealthy Operations According to a […]

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection Read More »

Cisco Alerts Users to New Firewall Attack Exploiting CVE 2025 20333 and CVE 2025 20362

Cisco has issued a critical security alert, warning users of a new attack variant targeting its Secure Firewall appliances. This campaign exploits two specific vulnerabilities, CVE-2025-20333 and CVE-2025-20362, which can cause unpatched devices to crash and create a denial-of-service (DoS) condition, disrupting network operations. Exploited Vulnerabilities in Firewall Software The networking giant disclosed that it

Cisco Alerts Users to New Firewall Attack Exploiting CVE 2025 20333 and CVE 2025 20362 Read More »

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unidentified threat actor, aligned with Russian interests, has been discovered impersonating the cybersecurity firm ESET in a sophisticated phishing campaign against Ukrainian targets. The attacks, detected in May 2025, involved distributing malicious software installers that deployed a stealthy backdoor known as Kalambur. Deceptive Phishing Lures and Communication Channels The group, tracked by ESET

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine Read More »

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach

Network security giant SonicWall has officially confirmed that a sophisticated state-sponsored threat actor was responsible for a September security incident. The breach resulted in the unauthorized access of firewall configuration backup files from a specific cloud environment, though the company has assured customers that its core products and firmware remain unaffected. Isolated Breach in a

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach Read More »

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions

A previously unknown hacking group, codenamed “SmudgedSerpent,” has been uncovered targeting American academics and foreign policy specialists. This cyber espionage campaign, which occurred between June and August 2025, aligns with a period of significantly heightened tensions between Iran and Israel, pointing to a clear intelligence-gathering motive. Deceptive Lures and Established Playbooks The threat actor, identified

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions Read More »

U.S. Imposes Sanctions on 10 North Korean Entities for Laundering $12.7 Million Through Crypto and IT Fraud

In a significant move to disrupt North Korea’s illicit financing activities, the U.S. Treasury Department has sanctioned a network of ten individuals and entities. This action targets those accused of laundering millions of dollars generated through cybercrime and a global IT worker fraud scheme, directly channeling funds into the regime’s prohibited weapons development programs. Targeting

U.S. Imposes Sanctions on 10 North Korean Entities for Laundering $12.7 Million Through Crypto and IT Fraud Read More »

Unprecedented Cybercrime Alliance: Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

A new and alarming cyber alliance has surfaced, merging three of the most infamous hacker groups — Scattered Spider, LAPSUS$, and ShinyHunters. Together, they have formed a unified collective called Scattered LAPSUS$ Hunters (SLH), signaling a new phase of organized cybercrime that blends extortion, social engineering, and brand manipulation. A New Wave of Cyber Collaboration

Unprecedented Cybercrime Alliance: Scattered Spider, LAPSUS$, and ShinyHunters Join Forces Read More »

Critical React Native CLI Vulnerability Exposed Millions of Developers to Remote Attacks

A critical security vulnerability, tracked as CVE-2025-11953, has been discovered and patched in the widely used @react-native-community/cli npm package. This flaw could have allowed remote, unauthenticated attackers to execute arbitrary operating system commands on a developer’s machine, posing a severe risk to the software development ecosystem. Vulnerability Overview and Severity The vulnerability received the highest severity rating with

Critical React Native CLI Vulnerability Exposed Millions of Developers to Remote Attacks Read More »

Europol and Eurojust Dismantle 600 Million Euro Crypto Fraud Network in Global Operation

In a major international law enforcement operation, nine individuals have been arrested for their alleged roles in a sophisticated cryptocurrency money laundering network that defrauded victims of an estimated €600 million (approximately $688 million). The coordinated takedown highlights the global fight against increasingly professionalized crypto-enabled financial crimes. A Coordinated Cross-Border Takedown The operation, which took place between

Europol and Eurojust Dismantle 600 Million Euro Crypto Fraud Network in Global Operation Read More »

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations

A sophisticated cyber espionage campaign, dubbed Operation SkyCloak, is using weaponized phishing emails to deploy a highly stealthy backdoor on target systems. The malware establishes persistent remote access by combining a customized OpenSSH server with a Tor hidden service, creating a covert channel that is extremely difficult to trace. The Lure: Phishing with Military Documents The

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations Read More »