Threat

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have uncovered a fresh phishing campaign that appears aimed at organizations in Russia’s automotive and e-commerce sectors, using a previously unseen .NET implant, named CAPI Backdoor. According to Seqrite Labs, attackers distributed a ZIP attachment to trigger infection, and the ZIP artifact was uploaded to VirusTotal on October 3, 2025. image import–phishing-zip-sample Attack […]

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs Read More »

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks

Microsoft has taken decisive action against a cyber campaign linked to the Rhysida ransomware group by revoking more than 200 fraudulent code-signing certificates. These certificates were misused by a threat actor known as Vanilla Tempest to disguise malicious software as legitimate Microsoft Teams installers. Discovery and Disruption According to the Microsoft Threat Intelligence team, the

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks Read More »

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets

An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites

Cybersecurity researchers have observed a financially motivated threat actor, tracked as UNC5142, leveraging blockchain smart contracts to distribute information-stealing malware targeting both Windows and macOS systems. This operation demonstrates how attackers combine traditional web compromises with modern Web3 technology to evade detection and increase operational resilience. Malware Distribution via WordPress and Blockchain According to the

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites Read More »

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security

Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »

Banking Malware Exploits WhatsApp to Take Remote Control of Computers

A newly discovered malware campaign is spreading rapidly across Brazil, using WhatsApp as its main delivery channel. Cybersecurity experts have identified this advanced banking Trojan as “Maverick”, a threat capable of taking remote control of infected computers and stealing sensitive financial data. Massive Scale of Infection Researchers report that over 62,000 infection attempts were blocked

Banking Malware Exploits WhatsApp to Take Remote Control of Computers Read More »

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months

A Chinese-linked cyber threat group, known as Jewelbug, has successfully infiltrated a Russian IT service provider for five months, marking the group’s expansion beyond its traditional targets in Southeast Asia and South America. This operation, running from January to May 2025, underscores the continued reach of Chinese cyber espionage. Background on Jewelbug and Related Clusters

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks

In mid-2025, cybersecurity researchers at Lab539 detected an unexpected rise in a new browser-based malware campaign known as ClickFix. First appearing quietly in July, this threat quickly grew by registering over 13,000 unique domains aimed at tricking users into running malicious commands on their own devices. How ClickFix Works ClickFix attacks utilize compromised or low-cost

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks Read More »