In an era where cyber threats are not merely evolving but rapidly mutating, the cybersecurity landscape continues to challenge defenses across various sectors, from global financial frameworks to vital infrastructure. With the advent of sophisticated cybercrime, ranging from state-sponsored espionage to ransomware attacks leveraging artificial intelligence, pressing questions arise about…
A new variant of the advanced point-of-sale (PoS) malware known as Prilex has emerged from Brazilian cybercriminals, introducing capabilities to disrupt contactless payment transactions. This follows the trend of malware evolution, as Prilex has shifted focus from ATM targeting to sophisticated PoS infiltration since its inception in 2014. According to…
A new wave of cyber activity has emerged from the threat actor known as Paper Werewolf, focusing its efforts on Russian organizations with a novel implant dubbed PowerModul. Spanning from July to December 2024, these operations have targeted various sectors, including mass media, telecommunications, construction, government, and energy, as outlined…
New Malware Targeting Gamers: Arcane Stealer Discovered Recent reports have surfaced regarding a new strain of malware known as Arcane, disseminated through YouTube videos that advertise game cheats. This unique malware, particularly concerning for its sophisticated data collection methods, appears to primarily target Russian-speaking users, signaling a new wave of…
In a concerning revelation, the Computer Emergency Response Team of Ukraine (CERT-UA) has reported three cyberattacks targeting state administration and critical infrastructure. The objective of these attacks appears to be data theft from sensitive governmental entities. According to CERT-UA, the coordinated campaign utilized compromised email accounts to dispatch phishing emails.…
Marrakech – Since 2004, more than 18.5 million accounts in Morocco have been compromised, ranking the nation 60th worldwide for the total number of breached accounts. This alarming figure accounts for approximately 0.1% of all global data breaches, according to a report from Surfshark. The frequency of breaches in Morocco…
Recent investigations have uncovered an alarming trend in which cybercriminals are distributing malicious software masquerading as legitimate cracked applications, specifically targeting users through the popular software hosting platform, SourceForge. Among the most concerning payloads identified are cryptocurrency miners and clipper malware disguised as Microsoft Office add-ons. A report from Kaspersky…
Published: April 9, 2025
Category: Windows Security / Vulnerability
A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…
Newly Discovered TCESB Malware Targets ESET Security Software April 09, 2025 Recent cybersecurity developments have illuminated a new malware strain known as TCESB, which is being actively deployed in ongoing attacks. This malware, linked to a Chinese-affiliated threat actor, exploits vulnerabilities in ESET security software. Analysts at Kaspersky have highlighted…
Published: April 9, 2025
Category: Windows Security / Vulnerability
A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign known as DeathNote. Traditionally focused on the cryptocurrency sector, this…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
