LATEST ARTICLES
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Microsoft Threat Intelligence has uncovered a new phishing campaign that hides malicious code in SVG files and appears to use AI-powered techniques to evade detection. The attack, spotted on August 18, 2025, targeted U.S.-based organizations and relied on compromised small business email accounts to deliver fraudulent file-sharing messages. How the Campaign Worked The attack began…
DarkCloud Infostealer Relaunched to Grab Credentials, Crypto, and Contacts
A revamped version of the DarkCloud Infostealer has reemerged, according to researchers at eSentire’s Threat Response Unit (TRU). The malware, now at version 4.2, is being actively marketed to cybercriminals and has already been spotted in attacks against the manufacturing sector. DarkCloud’s Return DarkCloud is not new, but the malware has undergone a complete rewrite.…
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
A cyber-espionage campaign attributed to Iranian threat actor UNC1549 has compromised 34 devices across 11 telecommunications companies, according to new research from Swiss cybersecurity firm PRODAFT. The group, also tracked as Subtle Snail, used LinkedIn recruitment-themed lures to deliver a custom backdoor called MINIBIKE, bypassing detection through infrastructure proxied via Microsoft Azure. How the Campaign…
SilentSync RAT Delivered via Malicious PyPI Packages Targeting Python Developers
Security researchers at Zscaler ThreatLabz have uncovered two malicious packages on the Python Package Index (PyPI) that delivered a Remote Access Trojan named SilentSync to Windows systems. The campaign, attributed to an uploader using the handle CondeTGAPIS, highlights the continuing risk of supply-chain attacks inside the Python ecosystem. Zscaler analysts Manisha Ramcharan Prajapati and Satyam…
Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites
Microsoft’s Digital Crimes Unit (DCU) has dismantled a major phishing-as-a-service operation known as RaccoonO365, which stole thousands of Microsoft 365 credentials and targeted victims worldwide, including U.S. healthcare organizations. The takedown, announced on September 16, 2025, was made possible through a court order from the Southern District of New York. How RaccoonO365 Worked RaccoonO365, which…
Gucci, Balenciaga, and Alexander McQueen Data Breach Linked to ShinyHunters
Luxury fashion giants Gucci, Balenciaga, and Alexander McQueen have confirmed a data breach after their parent company, Kering, was targeted by the hacker group ShinyHunters. The incident exposed customer data and raises concerns over scams and targeted phishing campaigns against high-value clients. How the Breach Happened According to Kering’s disclosure, attackers infiltrated its systems in…
New Google AppSheet Phishing Scam Sends Fake Trademark Notices
A phishing campaign is exploiting Google’s AppSheet platform to trick Workspace users with fake trademark notices. The scam leverages the trust of a legitimate Google service to bypass email filters and land in corporate inboxes. How the Scam Works Researchers at Raven AI discovered that attackers are sending phishing emails disguised as official AppSheet notifications.…
ChillyHell macOS Malware Resurfaces, Using Google.com as Decoy
A long-dormant macOS backdoor called ChillyHell has resurfaced, according to new research from Jamf Threat Labs. The malware, first documented in 2023, is once again active and evolving, showing signs that threat actors are refining their tactics to bypass Apple’s defenses. ChillyHell’s History ChillyHell was first uncovered in 2023 by Mandiant, which linked it to…
Apple iPhone 17 and iPhone Air Debut With A19 Chips and Spyware-Resistant Memory Safety
Apple has introduced a new security feature called Memory Integrity Enforcement (MIE) in its latest devices — the iPhone 17 and iPhone Air — powered by the company’s new A19 and A19 Pro chips. The feature promises always-on memory safety protection designed to stop advanced spyware and exploit attempts at their root. What Memory Integrity…
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
Researchers at LevelBlue Labs have detailed a new malware campaign that used a fileless loader to deliver AsyncRAT, a widely abused Remote Access Trojan known for credential theft and full remote control of compromised systems. How the Attack Began The investigation revealed that attackers gained initial access through a compromised ScreenConnect client. From there, the…
New Docker Malware Variant Blocks Rivals on Exposed APIs
Akamai’s Hunt Team has identified a new strain of malware targeting misconfigured Docker APIs, expanding on a campaign first documented earlier this summer. Unlike earlier versions, which installed cryptocurrency miners, this variant focuses on blocking external access and installing persistence mechanisms, suggesting a larger objective. From Cryptomining to Control The first wave of this Docker-focused…
MostereRAT Targets Windows Using AnyDesk and TightVNC for Remote Control
Cybersecurity researchers at FortiGuard Labs have discovered a new malware threat called MostereRAT, which is being spread through phishing campaigns targeting Windows devices. Classified as high severity, this Remote Access Trojan (RAT) provides attackers with full control of compromised systems using tools like AnyDesk and TightVNC. How the Malware Works MostereRAT begins with phishing emails…
