A well-known banking trojan, Qbot, has resurfaced with enhanced capabilities targeting sectors vital to national security, including government, military, and manufacturing entities across the United States and Europe. Recent research from Check Point Research reveals that this revitalized malware not only seeks to pilfer bank account credentials but also leverages…
An Iranian cyberespionage group has adopted new tactics by impersonating journalists to target individuals through LinkedIn and WhatsApp, aiming to deliver malware to their devices. This development marks a strategic shift for the “Charming Kitten” APT group, identified by Israeli cybersecurity firm Clearsky. Since July 2020, the group has been…
An adversarial group, known for its focus on the fintech sector since 2018, has updated its tactics by introducing a new Python-based remote access Trojan (RAT) designed to extract sensitive information from compromised systems. The group, identified as Evilnum, has refined its infection strategies and is now deploying the PyVil…
Malicious GitHub Repository Impersonating CVE-2025-55182 Scanner Exposed A GitHub repository masquerading as a vulnerability scanner for CVE-2025-55182, commonly known as “React2Shell,” was recently uncovered as a source of malware. The project, titled React2shell-scanner, was associated with the GitHub user niha0wa but has been removed from the platform after community alerts…
In a significant move today, the United States government filed charges against five individuals linked to a state-sponsored Chinese hacking group known as APT41, as well as two Malaysian hackers. This group is believed to have compromised over one hundred businesses globally, showcasing a sophisticated range of cyber-espionage and financially…
Recent investigations indicate that despite concerted efforts to disrupt the TrickBot malware operations, its creators are adapting and evolving their tactics. A report from cybersecurity firm Netscout reveals that the authors of TrickBot have ported elements of their malicious code to Linux, broadening their potential target base. Initially identified in…
Mexican financial institutions are currently being targeted by a sophisticated spear-phishing campaign that deploys a modified variant of the open-source remote access trojan known as AllaKore RAT. This attack has been attributed to an unidentified financially motivated actor based in Latin America, with the campaign having been operational since at…
A newly emerged AI image creation startup has come under fire for leaving its database exposed, resulting in the unauthorized access of over a million user-generated images and videos. Alarmingly, the majority of the leaked content includes explicit material, with some instances involving minors. This breach raises significant concerns regarding…
Recent research indicates that a nation-state actor known for prolonged cyber espionage activities has transitioned to using coin mining techniques. This strategic shift, attributed to the hacking group Bismuth, is aimed at evading detection while ensuring persistence within the systems of their targets. The Microsoft 365 Defender Threat Intelligence Team…
