In the ever-evolving landscape of cyber threats, while phishing and ransomware consistently steal headlines, there is a more insidious risk that lurks beneath the surface in many organizations: the exposure of Git repositories that leak sensitive data. This risk quietly…
Connex Credit Union, one of the largest financial cooperatives in Connecticut, has alerted tens of thousands of its members that their personal and financial information may have been compromised due to a cyberattack that breached its systems in early June.…
New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application
July 10, 2025
Endpoint Security / Vulnerability
Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.
New Variant of ZuRu Malware Targets Developers through Compromised Termius for macOS Published on July 10, 2025 In a concerning development for macOS users, cybersecurity experts have identified a new variant of the ZuRu malware. This malware is specifically targeting…
Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers
Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…
Winos 4.0 Malware Targets Gamers via Malicious Game Optimization Software Cybersecurity experts have issued an alert regarding a sophisticated malware framework known as Winos 4.0, which is infiltrating the gaming community through seemingly legitimate applications. These applications, including game installation…
New Hack Exploit Uncovered in School Smoke Detection Devices A notable cybersecurity incident has emerged from a high school in the Portland area where a 16-year-old hacker, Reynaldo Vasquez-Garcia, discovered vulnerabilities in devices linked to IPVideo Corporation, a subsidiary of…
AI-Based Attacks, Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime OpenAI CEO Asserts AI Surpasses Voice Recognition, While Experts Remain Skeptical Suparna Goswami (gsuparna) • August 6, 2025 OpenAI CEO Sam Altman (Image: U.S. Senate) OpenAI’s CEO Sam Altman…
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the…
The number of violent “wrench attacks” targeting cryptocurrency holders has escalated alarmingly in 2025, as reported by Alena Vranova, founder of SatoshiLabs, a hardware wallet manufacturer. During her address at the Baltic Honeybadger 2025 conference held in Riga, Latvia, she…
Published: July 10, 2025
Category: Vulnerability / AI Security
Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.
Critical Vulnerability in mcp-remote Poses Serious Threat with Potential for Remote Code Execution July 10, 2025 In a significant development within the cybersecurity landscape, researchers have identified a critical vulnerability in the open-source mcp-remote project, a tool used widely in…
China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme
Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage
The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait On November 7, 2024, cybersecurity experts from ESET reported a significant development in cyber espionage, revealing that the China-aligned hacking group known as MirrorFace has set its sights on…
