cybersecurity Archives • Page 29 of 88 • Daily CyberSecurity

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

DarkCloud Stealer Evolves: New VB6 Obfuscation and Crypto Wallet Theft Make Malware More Dangerous Than Ever

Do Son September 29, 2025

Recently, eSentire’s Threat Response Unit (TRU) identified a spear-phishing campaign targeting a manufacturing client that attempted to...

Akira Ransomware Exploits SonicWall VPN Accounts With Lightning-Fast Intrusions Akira ransomware affiliates Akira Ransomware, SonicWall VPN

Akira ransomware affiliates Akira Ransomware, SonicWall VPN

Akira Ransomware Exploits SonicWall VPN Accounts With Lightning-Fast Intrusions

Do Son September 29, 2025

Arctic Wolf has observed a major uptick in Akira ransomware activity since late July 2025, with attackers...

From Infostealer to Full RAT: Huntress Uncovers a Multi-Stage Malware Attack Deploying PureRAT AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

From Infostealer to Full RAT: Huntress Uncovers a Multi-Stage Malware Attack Deploying PureRAT

Do Son September 29, 2025

Huntress has published a detailed investigation into a recent intrusion campaign that began as a Python-based infostealer...

XCSSET macOS Malware Evolves: New Variant Targets Firefox, Hijacks Clipboard for Crypto Theft OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

XCSSET macOS Malware Evolves: New Variant Targets Firefox, Hijacks Clipboard for Crypto Theft

Do Son September 29, 2025

Microsoft Threat Intelligence has identified yet another variant of the XCSSET malware, a long-running macOS threat targeting...

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code AI-Obfuscation, SVG Phishing

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code

Do Son September 26, 2025

Microsoft Threat Intelligence has revealed details of a credential phishing campaign that likely harnessed AI-generated code to...

New LNK Malware Uses Windows LOLBins to Evade Detection Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

New LNK Malware Uses Windows LOLBins to Evade Detection

Do Son September 25, 2025

Researchers at K7 Security Labs have uncovered a new wave of Windows shortcut (.LNK) malware that exploits...

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access

Do Son September 25, 2025

Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by...

New Phishing Campaign Targets PyPI Maintainers with Fake Domain Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

New Phishing Campaign Targets PyPI Maintainers with Fake Domain

Do Son September 25, 2025

The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers,...

9.8 CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

9.8 CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases

Do Son September 25, 2025

VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution...

ShadowV2: How a New DDoS Botnet Mimics Cloud-Native Apps ShadowV2, DDoS

ShadowV2: How a New DDoS Botnet Mimics Cloud-Native Apps

Do Son September 25, 2025

Researchers at Darktrace have identified a sophisticated new campaign that merges traditional malware techniques with modern DevOps...

Secret Service Busts Covert Telecom Network Capable of Crippling NYC IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

Secret Service Busts Covert Telecom Network Capable of Crippling NYC

Do Son September 25, 2025

The U.S. Secret Service announced it has dismantled a sprawling telecommunications threat network across the New York...

ClaimPix Data Exposure: 10TB of Insurance Records, Vehicle Data, and Legal Documents Left Unprotected Data breach, ClaimPix

ClaimPix Data Exposure: 10TB of Insurance Records, Vehicle Data, and Legal Documents Left Unprotected

Do Son September 24, 2025

Cybersecurity researcher Jeremiah Fowler has discovered a massive unprotected database containing highly sensitive insurance and vehicle-related records....

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

8.8 CISA adds Chrome zero-day CVE-2025-10585 to KEV after public exploit appears

Do Son September 24, 2025

CISA this week added CVE-2025-10585, a high-severity type-confusion flaw in Google’s V8 JavaScript engine, to its Known...

OpenSSF Warns: Open Source Software Is Not a Free Service OpenSSF, open source

OpenSSF Warns: Open Source Software Is Not a Free Service

Do Son September 24, 2025

The Open Source Security Foundation (OpenSSF), together with several prominent open-source and software foundations, has issued a...

8.8 CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

8.8 CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise

Do Son September 24, 2025

Salesforce has published a security advisory detailing a high-severity flaw in its Salesforce-CLI installer (sf-x64.exe). The vulnerability,...

9.0 CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

9.0 CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk

Do Son September 24, 2025

DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in...

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs CVE-2024-41988 & CVE-2024-41987

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs

Do Son September 24, 2025

Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and...

New Malware “YiBackdoor” Linked to IcedID and Latrodectus LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

New Malware “YiBackdoor” Linked to IcedID and Latrodectus

Do Son September 24, 2025

Researchers at Zscaler ThreatLabz have uncovered a new malware family, dubbed YiBackdoor, first observed in June 2025....

Zloader Resurfaces: Stealthier Trojan Evolves with DNS Tunneling and WebSocket C2 Zloader, ransomware

Zloader Resurfaces: Stealthier Trojan Evolves with DNS Tunneling and WebSocket C2

Do Son September 24, 2025

After nearly two years of silence, Zloader (a.k.a. Terdot, DELoader, or Silent Night) has returned with new...

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe Zyxel security - Mitel MiCollab Vulnerability

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe

Do Son September 24, 2025

Check Point Research (CPR) has published new findings on Nimbus Manticore, an Iranian state-aligned APT group overlapping...

Critical Alert 4 Active Exploits Detected Today