Threat

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities

A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS). According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based […]

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities Read More »

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware

Over the past two and a half years, a China-linked, state-aligned cyber espionage group, known as Phantom Taurus, has been observed targeting government and telecommunications organizations across Africa, the Middle East, and Asia. The group focuses on intelligence collection, aiming to obtain sensitive diplomatic and defense-related data, often aligning its operations with major geopolitical events

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware Read More »

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The Russian advanced persistent threat (APT) group COLDRIVER has been linked to a new wave of ClickFix-style attacks, deploying two lightweight malware families identified as BAITSWITCH and SIMPLEFIX.Researchers at Zscaler ThreatLabz detected the multi-stage ClickFix campaign earlier this month. They describe BAITSWITCH as a downloader that eventually drops SIMPLEFIX, a PowerShell-based backdoor. COLDRIVER Expands Arsenal

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks Read More »

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The cybercriminal group known as Vane Viper has been exposed as a key operator in malicious ad technology (adtech). The group has relied on shell companies and unclear ownership structures to avoid accountability while powering large-scale cybercrime operations. According to a recent technical report published by Infoblox in collaboration with Guardio and Confiant, Vane Viper

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network Read More »

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers

Cybersecurity researchers have uncovered a new backdoor called AkdoorTea, linked to North Korean threat actors involved in the Contagious Interview campaign. This operation, also known by names such as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi, primarily targets developers working on cryptocurrency and Web3 projects across Windows, Linux, and macOS. According

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers Read More »

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike

A cyber espionage cluster previously identified in large-scale campaigns across Africa, Asia, North America, South America, and Oceania has now been assessed as a Chinese state-sponsored threat group. Threat intelligence firm Recorded Future, which earlier tracked this activity under the identifier TAG-100, has elevated the group’s status and assigned it the name RedNovember. Microsoft is

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike Read More »

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web

A sophisticated technique, called LNK Stomping, abuses how Windows handles shortcut files to bypass the Mark of the Web, or MoTW, security control. Tracked as CVE-2024-38217 and patched on September 10, 2024, the vulnerability allows attackers to craft malicious LNK files that force Windows Explorer to normalize paths, accidentally strip the Zone.Identifier NTFS alternate data

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web Read More »

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies

Cybersecurity experts have uncovered a new malware campaign, codenamed GPUGate, that exploits Google Ads and manipulated GitHub commits to deliver malicious payloads. This operation primarily targets IT and software development companies in Western Europe and has been active since at least December 2024. Unlike typical malvertising attacks, this campaign introduces a unique twist. The attackers

GPUGate Malware Leverages Google Ads and Fake GitHub Commits to Target IT Companies Read More »

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month

SafePay ransomware has rapidly become one of 2025’s most dangerous cyber threats. Reports indicate that the group was responsible for 73 confirmed attacks in June and an additional 42 in July, bringing its total number of victims this year to over 270. Unlike ransomware-as-a-service (RaaS) groups that work with affiliate networks, SafePay functions as a

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month Read More »