The Breach News

New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application

July 10, 2025
Endpoint Security / Vulnerability

Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.

New Variant of ZuRu Malware Targets Developers through Compromised Termius for macOS Published on July 10, 2025 In a concerning development for macOS users, cybersecurity experts have identified a new variant of the ZuRu malware. This malware is specifically targeting developers by masquerading as the widely-used SSH client and server…

Read More

New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application

July 10, 2025
Endpoint Security / Vulnerability

Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

Winos 4.0 Malware Targets Gamers via Malicious Game Optimization Software Cybersecurity experts have issued an alert regarding a sophisticated malware framework known as Winos 4.0, which is infiltrating the gaming community through seemingly legitimate applications. These applications, including game installation tools, speed boosters, and optimization utilities, serve as vectors for…

Read More

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

Teen Hacker Reveals School Bathroom Smoke Detector Could Be an Audio Bug

New Hack Exploit Uncovered in School Smoke Detection Devices A notable cybersecurity incident has emerged from a high school in the Portland area where a 16-year-old hacker, Reynaldo Vasquez-Garcia, discovered vulnerabilities in devices linked to IPVideo Corporation, a subsidiary of Motorola. While experimenting with his school’s Wi-Fi network, Vasquez-Garcia identified…

Read MoreTeen Hacker Reveals School Bathroom Smoke Detector Could Be an Audio Bug

Sorry, Mr. Altman, But Passwords Aren’t Making a Comeback

AI-Based Attacks, Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime OpenAI CEO Asserts AI Surpasses Voice Recognition, While Experts Remain Skeptical Suparna Goswami (gsuparna) • August 6, 2025 OpenAI CEO Sam Altman (Image: U.S. Senate) OpenAI’s CEO Sam Altman recently claimed that artificial intelligence has essentially “defeated” most current…

Read MoreSorry, Mr. Altman, But Passwords Aren’t Making a Comeback

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…

Read More

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

Crypto Wrench Attacks Soar 90% in 2025 Due to Data Breaches and Extortion Threats

The number of violent “wrench attacks” targeting cryptocurrency holders has escalated alarmingly in 2025, as reported by Alena Vranova, founder of SatoshiLabs, a hardware wallet manufacturer. During her address at the Baltic Honeybadger 2025 conference held in Riga, Latvia, she highlighted the alarming frequency of these attacks, which encompass kidnappings,…

Read MoreCrypto Wrench Attacks Soar 90% in 2025 Due to Data Breaches and Extortion Threats

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

Critical Vulnerability in mcp-remote Poses Serious Threat with Potential for Remote Code Execution July 10, 2025 In a significant development within the cybersecurity landscape, researchers have identified a critical vulnerability in the open-source mcp-remote project, a tool used widely in the integration of large language model (LLM) applications. This flaw,…

Read More

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait On November 7, 2024, cybersecurity experts from ESET reported a significant development in cyber espionage, revealing that the China-aligned hacking group known as MirrorFace has set its sights on a diplomatic organization within the European Union. This marks a…

Read More

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

A Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure

Streaming Service Vulnerabilities Exposed at Defcon Conference Recent revelations at the Defcon security conference in Las Vegas have shed light on critical vulnerabilities present in some streaming platforms, particularly those utilized for corporate broadcasts and sports live streams. Leading streaming services like Netflix and Disney+ have made significant investments to…

Read MoreA Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure