Tag phishing

Silent Ransom Group Employs Fast Flux Botnet to Conceal Law Firm Data Leak Sites

Silent Ransom Group Targets Law Firms with Evasive Tactics Resecurity, a threat intelligence organization, has released findings on the illicit activities of the Silent Ransom Group (SRG), a cyber extortion network operational since 2022. This group is notable for its sophisticated schemes aimed at retaining their data leak websites and…

Read MoreSilent Ransom Group Employs Fast Flux Botnet to Conceal Law Firm Data Leak Sites

Unaddressed Vulnerability in UC Browser Apps May Enable Hackers to Execute Phishing Attacks

Unpatched URL Spoofing Vulnerability Discovered in UC Browser and UC Browser Mini A recently uncovered security flaw poses a significant threat to users of UC Browser and UC Browser Mini, widely used mobile applications developed by Alibaba-owned UCWeb. This vulnerability, which remains unpatched, allows attackers to manipulate the address bar,…

Read MoreUnaddressed Vulnerability in UC Browser Apps May Enable Hackers to Execute Phishing Attacks

Silver Fox Launches ABCDoor Malware Through Tax-Themed Phishing Campaigns in India and Russia

A recently uncovered campaign attributed to the China-based cybercrime group known as Silver Fox—also referred to as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne—has targeted organizations in Russia and India with new malware identified as ABCDoor. The operation has prominently involved the use of phishing emails…

Read MoreSilver Fox Launches ABCDoor Malware Through Tax-Themed Phishing Campaigns in India and Russia

Microsoft Reveals Phishing Campaign Affecting 35,000 Users in 26 Countries

Microsoft has revealed a comprehensive credential theft operation that exploited themes related to code of conduct, utilizing legitimate email services to redirect users to domains controlled by attackers and extract authentication tokens. This multi-faceted campaign occurred between April 14 and April 16, 2026, affecting over 35,000 users from more than…

Read MoreMicrosoft Reveals Phishing Campaign Affecting 35,000 Users in 26 Countries

Instructure Secures Ransom Deal with ShinyHunters to Halt 3.65TB Canvas Data Breach

The American educational technology company Instructure, known for its Canvas platform, has reported a breach involving a decentralized cybercriminal group. This group threatened to leak sensitive data stolen from thousands of educational institutions following a successful infiltration of Instructure’s network. In an update released on Monday, the Utah-based firm announced…

Read MoreInstructure Secures Ransom Deal with ShinyHunters to Halt 3.65TB Canvas Data Breach

Linux Malware Leveraging Malicious RAR Filenames Evades Antivirus Detection

In a recent report from cybersecurity researchers, a new attack strategy has been revealed, utilizing phishing emails to spread an open-source backdoor known as VShell. According to Trellix researcher Sagar Bade, this “Linux-specific malware infection chain begins with a spam email containing a harmful RAR archive file.” The unique aspect of this attack is that the malicious payload is embedded directly in the filename, rather than hidden within the file’s content or through macros. By employing shell command injection and Base64-encoded Bash payloads, attackers transform routine file listing commands into triggers for automatic malware execution. This technique exploits a common, yet dangerous pattern in shell scripts, where poorly sanitized file names allow seemingly innocuous commands like eval or echo to execute arbitrary code. Additionally, this approach provides further advantages…

Linux Malware Exploits Malicious RAR Filenames to Bypass Antivirus Detection August 22, 2025 Recent research has unveiled a sophisticated attack vector targeting Linux systems, whereby threat actors utilize phishing emails to distribute an open-source backdoor named VShell. According to cybersecurity expert Sagar Bade from Trellix, this method represents a distinct…

Read More

Linux Malware Leveraging Malicious RAR Filenames Evades Antivirus Detection

In a recent report from cybersecurity researchers, a new attack strategy has been revealed, utilizing phishing emails to spread an open-source backdoor known as VShell. According to Trellix researcher Sagar Bade, this “Linux-specific malware infection chain begins with a spam email containing a harmful RAR archive file.” The unique aspect of this attack is that the malicious payload is embedded directly in the filename, rather than hidden within the file’s content or through macros. By employing shell command injection and Base64-encoded Bash payloads, attackers transform routine file listing commands into triggers for automatic malware execution. This technique exploits a common, yet dangerous pattern in shell scripts, where poorly sanitized file names allow seemingly innocuous commands like eval or echo to execute arbitrary code. Additionally, this approach provides further advantages…