Threat

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web

A sophisticated technique, called LNK Stomping, abuses how Windows handles shortcut files to bypass the Mark of the Web, or MoTW, security control. Tracked as CVE-2024-38217 and patched on September 10, 2024, the vulnerability allows attackers to craft malicious LNK files that force Windows Explorer to normalize paths, accidentally strip the Zone.Identifier NTFS alternate data […]

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web Read More »

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies

Cybersecurity experts have uncovered a new malware campaign, codenamed GPUGate, that exploits Google Ads and manipulated GitHub commits to deliver malicious payloads. This operation primarily targets IT and software development companies in Western Europe and has been active since at least December 2024. Unlike typical malvertising attacks, this campaign introduces a unique twist. The attackers

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies Read More »

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month

SafePay ransomware has rapidly become one of 2025’s most dangerous cyber threats. Reports indicate that the group was responsible for 73 confirmed attacks in June and an additional 42 in July, bringing its total number of victims this year to over 270. Unlike ransomware-as-a-service (RaaS) groups that work with affiliate networks, SafePay functions as a

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month Read More »

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations

A newly identified cyber threat group known as TAG-150 has quickly established itself as a major security concern. Since March 2025, the group has demonstrated the ability to develop and launch multiple custom-built malware families, showcasing both technical skill and rapid evolution. Their arsenal includes CastleLoader, CastleBot, and the latest addition CastleRAT, a sophisticated Remote

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations Read More »

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed Federal Civilian Executive Branch (FCEB) agencies to urgently patch their Sitecore systems by September 25, 2025, after confirming that a critical flaw is actively being exploited. Details of the Vulnerability The flaw, tracked as CVE-2025-53690, holds a CVSS score of 9.0, marking it as highly

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack Read More »

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust

Emerging quietly in mid-2025, XWorm has transformed into a highly sophisticated backdoor malware that manipulates both user trust and system conventions to infiltrate networks. Early indications appeared when several organizations reported a surge in phishing emails containing .lnk shortcut files disguised as ordinary documents. Security analysts quickly noticed that opening these shortcuts triggered hidden PowerShell

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust Read More »

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses

A large-scale Internet Protocol Television (IPTV) piracy infrastructure has been uncovered, spreading over more than 1,100 domains and more than 10,000 IP addresses. This illegal ecosystem has been running for several years, offering unauthorized streams of premium digital content. The pirated material includes international sports leagues, paid subscription services, and on-demand platforms, all distributed without

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses Read More »

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems

A newly uncovered backdoor malware known as MystRodX has raised alarms in the cybersecurity community. Operating silently for more than 20 months, this advanced threat has been able to exfiltrate sensitive information using covert communication techniques that bypass standard defenses. Initially mistaken for a Mirai botnet variant, MystRodX is far more dangerous. Instead of relying

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems Read More »

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services

A highly advanced phishing campaign managed to stay undetected for more than three years while operating through Google Cloud and Cloudflare services. The attackers impersonated leading corporations, including major defense contractor Lockheed Martin, raising concerns about the detection gaps in two of the world’s most trusted internet infrastructure providers. How the Campaign Worked The operation

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services Read More »