Threat

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services

A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed […]

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks

Cybersecurity analysts have identified a new trend in phishing operations, where browser notifications are being misused to push malicious links through a command and control platform known as Matrix Push C2. According to a recent report from BlackFog researcher Brenda Robb, the framework operates entirely within the browser environment, using push alerts, fake system style

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks Read More »

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains

A suspected China-linked cyber threat group known as APT24 has been actively deploying a previously undocumented malware called BADAUDIO as part of a prolonged espionage campaign. The operation, ongoing for nearly three years, has targeted organizations in Taiwan and compromised over 1,000 domains. Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains Read More »

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity

Salesforce has issued an alert after identifying unusual behavior involving applications published by Gainsight that integrate with the Salesforce platform. According to the company, the suspicious activity may have allowed unauthorized access to some customers data through the affected applications. In response, Salesforce has revoked all active access and refresh tokens tied to Gainsight published

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity Read More »

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet

A new wave of cyber attacks has emerged as Oligo Security reports active exploitation of a long standing security weakness in the Ray open source AI framework. This flaw, identified as CVE 2023 48022 with a critical 9.8 rating, is being used to compromise Ray clusters equipped with NVIDIA GPUs. The compromised infrastructure is then

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet Read More »

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows

Security analysts have revealed new insights about the Tsundere botnet, a rapidly expanding malware operation that targets Windows systems. Active since mid 2025, the threat uses JavaScript based payloads delivered from a remote command and control server, allowing attackers to execute arbitrary commands and flexibly modify botnet behavior. Propagation and Infection Mechanisms Although its initial

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows Read More »

Iran Linked Hackers Tracked Ship AIS Data Days Before an Attempted Real World Missile Strike

Recent findings indicate that Iranian-linked threat actors are increasingly combining cyber operations with real-world military objectives, a practice Amazon calls cyber-enabled kinetic targeting. By using digital reconnaissance to support physical attacks, these groups are demonstrating a significant evolution in modern warfare where cyber and kinetic domains are no longer separate. Blurring the Lines Between Cyber

Iran Linked Hackers Tracked Ship AIS Data Days Before an Attempted Real World Missile Strike Read More »

CTM360 Reveals a Global WhatsApp Hijacking Operation Called HackOnChat

Cybersecurity researchers at CTM360 have uncovered an expanding global campaign that hijacks WhatsApp accounts by exploiting deceptive login portals and impersonation tactics. The operation, called HackOnChat, imitates the familiar WhatsApp Web environment to manipulate users into compromising their own accounts. This campaign has grown quickly, targeting individuals across multiple regions and using sophisticated social engineering

CTM360 Reveals a Global WhatsApp Hijacking Operation Called HackOnChat Read More »

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign

A global malvertising operation known as TamperedChef is actively spreading malware through fake installers disguised as trusted software. Attackers are using deceptive tactics to make users download harmful programs, allowing them to establish remote access and persistent control over infected systems. Recent findings from the Acronis Threat Research Unit show that the campaign remains active,

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign Read More »

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar

A new phishing campaign is leveraging advanced techniques to steal credentials from unsuspecting users. The Phishing-as-a-Service (PhaaS) kit called Sneaky 2FA has integrated Browser-in-the-Browser (BitB) functionality, making it easier for less experienced attackers to perform large-scale credential theft operations. How BitB Works Security researchers at Push Security reported that the technique is being used to

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar Read More »