New Malware Exploit: ApolloShadow Targets Vulnerable Networks In a recent cybersecurity breach, researchers have identified a new malware strain dubbed ApolloShadow that exploits captive portal mechanisms to gain unauthorized access to systems. This sophisticated malware primarily targets Windows devices, taking advantage of their connectivity routines to execute its malicious agenda.…
Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Additional News: Founders of Samourai Wallet Enter Guilty Pleas Rashmi Ramesh (rashmiramesh_) • July 31, 2025 Each week, Information Security Media Group compiles significant incidents affecting cybersecurity in digital assets. This week, WOO X is investigating a…
Homepage > News > Business > Vietnam unveils NDAChain; Tea app hack leaks user data Vietnam is progressing towards a digital economic transformation with the announcement of a national blockchain platform designed to serve multiple key sectors. This initiative aims to leverage blockchain technology to bolster data protection, identity verification,…
Jul 31, 2025
Vulnerability / Website Security
Threat actors are currently exploiting a serious security flaw in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” allowing them to seize control of vulnerable websites. The vulnerability, identified as CVE-2025-5394, has a CVSS score of 9.8. Security researcher Thái An discovered and reported the issue. According to Wordfence, the flaw involves an arbitrary file upload that affects all plugin versions up to and including 7.8.3. It was patched in version 7.8.5, released on June 16, 2025. CVE-2025-5394 arises from a function called “alone_import_pack_install_plugin(),” which lacks a necessary capability check, enabling unauthenticated users to upload arbitrary plugins from remote sources through AJAX, thus executing code remotely. “This vulnerability allows an attacker without authentication to upload arbitrary files to a vulnerable site, leading to remote code execution…”
Hackers Exploit Severe Vulnerability in WordPress Theme, Compromising Numerous Sites On July 31, 2025, reports surfaced detailing a critical security vulnerability in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” which has become a focal point for cybercriminals. This flaw, identified as CVE-2025-5394, has garnered an alarming CVSS score of…
Jul 31, 2025
Vulnerability / Website Security
Threat actors are currently exploiting a serious security flaw in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” allowing them to seize control of vulnerable websites. The vulnerability, identified as CVE-2025-5394, has a CVSS score of 9.8. Security researcher Thái An discovered and reported the issue. According to Wordfence, the flaw involves an arbitrary file upload that affects all plugin versions up to and including 7.8.3. It was patched in version 7.8.5, released on June 16, 2025. CVE-2025-5394 arises from a function called “alone_import_pack_install_plugin(),” which lacks a necessary capability check, enabling unauthenticated users to upload arbitrary plugins from remote sources through AJAX, thus executing code remotely. “This vulnerability allows an attacker without authentication to upload arbitrary files to a vulnerable site, leading to remote code execution…”
February 17, 2025
Threat Intelligence / Cyber Attack
Cybersecurity experts have revealed a new backdoor written in Golang that employs Telegram for command-and-control (C2) communications. Netskope Threat Labs, which analyzed the malware, suspects it may have origins in Russia. Security researcher Leandro Fróes commented, “The malware is compiled in Golang and functions as a backdoor. While it appears to be in active development, it is fully operational.” Upon execution, the backdoor verifies its location and specific file name—“C:\Windows\Temp\svchost.exe”—and if conditions aren’t met, it duplicates itself into the intended directory, launches the copied version, and then terminates its own process. A significant feature of this malware is its use of an open-source library that provides Golang bindings for the Telegram Bot API for C2 operations. This implementation includes…
New Golang-Based Backdoor Leverages Telegram Bot API for Evasive C2 Operations February 17, 2025 In a recent development within the cybersecurity landscape, researchers have uncovered a new backdoor malware written in Golang that employs the Telegram Bot API for its command-and-control (C2) operations. This malware, potentially originating from Russia, has…
February 17, 2025
Threat Intelligence / Cyber Attack
Cybersecurity experts have revealed a new backdoor written in Golang that employs Telegram for command-and-control (C2) communications. Netskope Threat Labs, which analyzed the malware, suspects it may have origins in Russia. Security researcher Leandro Fróes commented, “The malware is compiled in Golang and functions as a backdoor. While it appears to be in active development, it is fully operational.” Upon execution, the backdoor verifies its location and specific file name—“C:\Windows\Temp\svchost.exe”—and if conditions aren’t met, it duplicates itself into the intended directory, launches the copied version, and then terminates its own process. A significant feature of this malware is its use of an open-source library that provides Golang bindings for the Telegram Bot API for C2 operations. This implementation includes…
The Russian hacker group Turla, known for their advanced cyberespionage techniques, has been linked to a new spying method that demonstrates their sophisticated approach to cyber operations. This group has made headlines for utilizing unorthodox methods, such as embedding malware communications in satellite connections or commandeering other hackers’ operations to…
Data Privacy, Data Security, Healthcare Voluntary Initiative Advocates for Standards and Patient Empowerment: A Privacy Perspective Marianne Kolbasuk McGee (HealthInfoSec) • July 31, 2025 President Donald Trump alongside leaders from the Department of Health and Human Services (HHS) announces a new strategy aimed at enhancing health data interoperability and access.…
SafePay Claims Ingram Micro Breach, Sets Ransom Deadline In a recent cybersecurity incident, SafePay has publicly accused Ingram Micro of suffering a significant data breach. The company, known for its global technology distribution, appears to be under threat after SafePay set a ransom deadline, escalating the urgency of the situation.…
Feb 25, 2025
Malware / Cyber Espionage
A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.
“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.
Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…
Feb 25, 2025
Malware / Cyber Espionage
A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.
“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.
