Threat

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations

A newly identified cyber threat group known as TAG-150 has quickly established itself as a major security concern. Since March 2025, the group has demonstrated the ability to develop and launch multiple custom-built malware families, showcasing both technical skill and rapid evolution. Their arsenal includes CastleLoader, CastleBot, and the latest addition CastleRAT, a sophisticated Remote […]

TAG-150 Hackers Use Custom-Built Malware Families to Target Organizations Read More »

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed Federal Civilian Executive Branch (FCEB) agencies to urgently patch their Sitecore systems by September 25, 2025, after confirming that a critical flaw is actively being exploited. Details of the Vulnerability The flaw, tracked as CVE-2025-53690, holds a CVSS score of 9.0, marking it as highly

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack Read More »

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust

Emerging quietly in mid-2025, XWorm has transformed into a highly sophisticated backdoor malware that manipulates both user trust and system conventions to infiltrate networks. Early indications appeared when several organizations reported a surge in phishing emails containing .lnk shortcut files disguised as ordinary documents. Security analysts quickly noticed that opening these shortcuts triggered hidden PowerShell

XWorm Malware Uses New Infection Chain to Evade Detection by Exploiting User and System Trust Read More »

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses

A large-scale Internet Protocol Television (IPTV) piracy infrastructure has been uncovered, spreading over more than 1,100 domains and more than 10,000 IP addresses. This illegal ecosystem has been running for several years, offering unauthorized streams of premium digital content. The pirated material includes international sports leagues, paid subscription services, and on-demand platforms, all distributed without

Massive IPTV Operation Spans 1,000 Domains and 10,000 IP Addresses Read More »

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems

A newly uncovered backdoor malware known as MystRodX has raised alarms in the cybersecurity community. Operating silently for more than 20 months, this advanced threat has been able to exfiltrate sensitive information using covert communication techniques that bypass standard defenses. Initially mistaken for a Mirai botnet variant, MystRodX is far more dangerous. Instead of relying

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems Read More »

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services

A highly advanced phishing campaign managed to stay undetected for more than three years while operating through Google Cloud and Cloudflare services. The attackers impersonated leading corporations, including major defense contractor Lockheed Martin, raising concerns about the detection gaps in two of the world’s most trusted internet infrastructure providers. How the Campaign Worked The operation

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services Read More »

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have identified a Ukraine-based IP network, FDN3 (AS211736), as the source of massive brute-force and password spraying attacks against SSL VPN and RDP systems. These activities took place between June and July 2025 and have raised concerns about the growing abuse of bulletproof hosting infrastructure to launch large-scale cyberattacks. The Origin of Attacks

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices Read More »

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity experts have noticed a notable shift in Android malware campaigns, where dropper apps—traditionally used to deliver banking trojans—are now distributing simpler malicious software such as SMS stealers and lightweight spyware. According to a report by ThreatFabric last week, these campaigns often impersonate government or banking apps in India and other Asian countries. The Dutch

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Read More »

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents

Cyber attackers are abusing Windows Defender Application Control (WDAC) policies to shut down Endpoint Detection and Response (EDR) agents, leaving organizations with serious visibility gaps in their defenses. What started as a proof-of-concept has now evolved into a real-world threat adopted by advanced groups, including ransomware operators such as Black Basta. Key Insights According to

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents Read More »