Threat

Medusa Ransomware

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks

A cyber threat group associated with China, identified as Storm-1175, has been observed conducting rapid and highly coordinated cyberattacks by exploiting both undisclosed (zero-day) and known (N-day) vulnerabilities. The group is primarily focused on deploying Medusa ransomware across compromised systems. Security researchers from Microsoft Threat Intelligence report that the attackers are capable of executing high-speed intrusions, often breaching systems within […]

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks Read More »

Iran-Linked Password Spraying Campaign Targets Over 300 Israeli Microsoft 365 Organizations

A large-scale cyber operation believed to be connected to Iran has been identified targeting Microsoft 365 environments, primarily focusing on organizations in Israel and the United Arab Emirates. The campaign comes amid rising geopolitical tensions in the Middle East and highlights the increasing use of cloud-focused cyberattacks. According to findings released by Check Point Software Technologies,

Iran-Linked Password Spraying Campaign Targets Over 300 Israeli Microsoft 365 Organizations Read More »

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows

Microsoft has issued a warning about a newly discovered cyber campaign that uses WhatsApp to distribute malicious Visual Basic Script (VBS) files. The attack chain is designed to compromise Windows systems, establish persistence, and gain elevated privileges through stealth techniques. Attack Begins with Social Engineering The campaign, first observed in late February 2026, relies heavily on social engineering

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows Read More »

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains

A sophisticated cybercrime group known as Silver Fox, also tracked as SwimSnake, Valley Thief, UTG-Q-1000, and Void Arachne, has escalated its operations in Asia using a previously undocumented remote access trojan (RAT) named AtlasCross RAT. The campaign specifically targets Chinese-speaking users by leveraging typosquatted domains impersonating trusted software brands. Attack Vectors and Targeted Applications The group is

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains Read More »

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account

A major supply chain security incident has impacted Axios, one of the most widely used HTTP clients in the JavaScript ecosystem. Attackers successfully introduced malicious code into the npm package by compromising a maintainer account, enabling the distribution of a cross-platform remote access trojan (RAT). Compromised npm Account Used to Publish Malicious Versions Security researchers revealed

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account Read More »

OpenAI Fixes ChatGPT Data Exfiltration Flaw and Codex Vulnerability Exposing GitHub Tokens

A critical security issue affecting AI systems has been resolved after researchers discovered vulnerabilities in ChatGPT and Codex that could have exposed sensitive user data and developer credentials. ChatGPT Flaw Enabled Covert Data Exfiltration Researchers from Check Point uncovered a previously unknown weakness in ChatGPT that allowed hidden data exfiltration without user awareness. The flaw made it possible for

OpenAI Fixes ChatGPT Data Exfiltration Flaw and Codex Vulnerability Exposing GitHub Tokens Read More »

DeepLoad Malware

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials

Cybersecurity researchers have identified a newly emerging malware campaign distributing a previously undocumented loader called DeepLoad, leveraging ClickFix social engineering techniques to infect systems and steal sensitive data. ClickFix Lure Initiates the Attack Chain The infection begins with a deceptive ClickFix prompt that convinces users to execute a PowerShell command manually. Victims are instructed to

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials Read More »

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels

Cybersecurity researchers have uncovered a sophisticated Russian-origin remote access toolkit called CTRL, which is distributed through malicious Windows shortcut (LNK) files disguised as private key folders. The toolkit enables credential theft, keylogging, and RDP session hijacking, while using Fast Reverse Proxy (FRP) tunnels to maintain stealthy command and control (C2). Multi-Stage Deployment According to Censys Censys, the

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels Read More »

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025

A coordinated cyber espionage campaign involving three China-aligned threat clusters has targeted a Southeast Asian government organization throughout 2025, deploying sophisticated malware and backdoor tools. Multiple Threat Clusters Identified The activity has been traced to the following clusters: Palo Alto Networks Unit 42 researchers Palo Alto Networks Unit 42 noted, “The overlapping tactics, techniques, and procedures suggest

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025 Read More »

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker

A cyber espionage campaign linked to Iran has compromised the personal email account of Kash Patel, while also targeting major U.S. healthcare firm Stryker in a destructive cyberattack. FBI Director’s Personal Emails Leaked Online The breach was claimed by the hacktivist group Handala Hack, which published a collection of emails, photos, and documents allegedly belonging to the FBI

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker Read More »