In the ever-evolving landscape of cyber threats, while phishing and ransomware consistently steal headlines, there is a more insidious risk that lurks beneath the surface in many organizations: the exposure of Git repositories that leak sensitive data. This risk quietly undermines security by creating shadow access to critical systems. Git…
Connex Credit Union, one of the largest financial cooperatives in Connecticut, has alerted tens of thousands of its members that their personal and financial information may have been compromised due to a cyberattack that breached its systems in early June. Established in 1940, Connex operates as a non-profit, member-owned entity…
New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application
July 10, 2025
Endpoint Security / Vulnerability
Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.
New Variant of ZuRu Malware Targets Developers through Compromised Termius for macOS Published on July 10, 2025 In a concerning development for macOS users, cybersecurity experts have identified a new variant of the ZuRu malware. This malware is specifically targeting developers by masquerading as the widely-used SSH client and server…
New Variant of ZuRu Malware Targets Developers through Compromised Termius macOS Application
July 10, 2025
Endpoint Security / Vulnerability
Cybersecurity experts have identified a new variant of the ZuRu malware affecting Apple macOS systems, known for propagating through trojanized versions of reputable software. In a recent report shared with The Hacker News, SentinelOne revealed that this malware has been posing as the popular cross-platform SSH client and server management tool, Termius, since late May 2025. Researchers Phil Stokes and Dinesh Devadoss noted, “ZuRu malware continues to exploit macOS users in search of legitimate business tools, evolving its loader and command-and-control techniques to backdoor its targets.” Initially documented in September 2021 on the Chinese question-and-answer platform Zhihu, ZuRu was part of a malicious campaign that redirected search results for the legitimate Terminal app iTerm2 to fraudulent websites designed to lure users into downloading the malware. In January 2024, Jamf Threat Labs also reported the distribution of this malware via pirated macOS applications.
Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers
Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…
Winos 4.0 Malware Targets Gamers via Malicious Game Optimization Software Cybersecurity experts have issued an alert regarding a sophisticated malware framework known as Winos 4.0, which is infiltrating the gaming community through seemingly legitimate applications. These applications, including game installation tools, speed boosters, and optimization utilities, serve as vectors for…
Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers
Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…
New Hack Exploit Uncovered in School Smoke Detection Devices A notable cybersecurity incident has emerged from a high school in the Portland area where a 16-year-old hacker, Reynaldo Vasquez-Garcia, discovered vulnerabilities in devices linked to IPVideo Corporation, a subsidiary of Motorola. While experimenting with his school’s Wi-Fi network, Vasquez-Garcia identified…
AI-Based Attacks, Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime OpenAI CEO Asserts AI Surpasses Voice Recognition, While Experts Remain Skeptical Suparna Goswami (gsuparna) • August 6, 2025 OpenAI CEO Sam Altman (Image: U.S. Senate) OpenAI’s CEO Sam Altman recently claimed that artificial intelligence has essentially “defeated” most current…
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
The number of violent “wrench attacks” targeting cryptocurrency holders has escalated alarmingly in 2025, as reported by Alena Vranova, founder of SatoshiLabs, a hardware wallet manufacturer. During her address at the Baltic Honeybadger 2025 conference held in Riga, Latvia, she highlighted the alarming frequency of these attacks, which encompass kidnappings,…
Published: July 10, 2025
Category: Vulnerability / AI Security
Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.
Critical Vulnerability in mcp-remote Poses Serious Threat with Potential for Remote Code Execution July 10, 2025 In a significant development within the cybersecurity landscape, researchers have identified a critical vulnerability in the open-source mcp-remote project, a tool used widely in the integration of large language model (LLM) applications. This flaw,…
Published: July 10, 2025
Category: Vulnerability / AI Security
Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.
