The Breach News

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT October 15, 2024 Cybersecurity experts have unveiled a newly identified malware campaign that utilizes a loader known as PureCrypter to deploy the DarkVision remote access trojan (RAT). This activity, first detected by Zscaler ThreatLabz in July 2024, entails a multi-phase…

Read More

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.

Do Kwon Admits Guilt in $40 Billion Fraud Case

Read more on Blockchain & Cryptocurrency, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Breaking: Trump Signs Pro-Crypto Executive Order, Credix Disappears Post $4.5M Hack Written by Rashmi Ramesh (@rashmiramesh_) • August 14, 2025 Read more Image: Shutterstock This week’s cybersecurity roundup by Information Security Media Group highlights significant incidents in…

Read MoreDo Kwon Admits Guilt in $40 Billion Fraud Case

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…

Weekly Cybersecurity Report: Chrome Exploit, Data Destruction Tools, and Zero-Click iPhone Breaches On June 9, 2025, significant developments in cybersecurity have come to light, shedding light on the evolving landscape of digital threats. At the core of these events is the ongoing battle for system integrity and public trust. This…

Read More

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…

Mass Data Breach Strikes Italian Hotels Since June, Government Confirms • The Register

Italy’s digital agency, AGID, has confirmed the authenticity of claims made by a cybercriminal known as mydocs, regarding a series of data breaches that have compromised several hotels across the nation. The attacker alleges to have infiltrated the booking systems of various Italian hotels, capturing sensitive identification documents from thousands…

Read MoreMass Data Breach Strikes Italian Hotels Since June, Government Confirms • The Register

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…

Blind Eagle Exploits Proton66 Hosting for Cyber Attacks on Colombian Banks June 30, 2025 Cybersecurity Update A recent report by Trustwave SpiderLabs has traced the activities of the cyber threat group known as Blind Eagle, attributing their operations with high confidence to the Russian hosting service Proton66. This analysis arose…

Read More

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the use of obfuscated JavaScript to bypass traditional security measures, allowing…

Read More

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

The First Major Federal Cybersecurity Crisis of Trump 2.0 Has Hit

The second Trump administration faces its first major incident in federal cybersecurity. A recent breach of the U.S. federal judiciary’s electronic case filing system, uncovered around July 4, has forced several courts to revert to backup paper-filing procedures. The hack compromised sealed court records and may have endangered the identities…

Read MoreThe First Major Federal Cybersecurity Crisis of Trump 2.0 Has Hit

Feds Release Additional HIPAA Guidelines to Enhance Patient Access

Data Governance, Data Security, Healthcare HHS Releases New Guidance to Support Interoperability Initiative ‘Make Health IT Great Again’ Marianne Kolbasuk McGee (HealthInfoSec) • August 13, 2025 Image: Getty Images Millions of patients across the United States may be unaware of their rights under HIPAA regarding access to medical records. As…

Read MoreFeds Release Additional HIPAA Guidelines to Enhance Patient Access