Microsoft Threat Intelligence has uncovered a new phishing campaign that hides malicious code in SVG files and appears to use AI-powered techniques to evade detection. The attack, spotted on August 18, 2025, targeted U.S.-based organizations and relied on compromised small business email accounts to deliver fraudulent file-sharing messages. How the…
A cyber-espionage campaign attributed to Iranian threat actor UNC1549 has compromised 34 devices across 11 telecommunications companies, according to new research from Swiss cybersecurity firm PRODAFT. The group, also tracked as Subtle Snail, used LinkedIn recruitment-themed lures to deliver a custom backdoor called MINIBIKE, bypassing detection through infrastructure proxied via…
Security researchers at Zscaler ThreatLabz have uncovered two malicious packages on the Python Package Index (PyPI) that delivered a Remote Access Trojan named SilentSync to Windows systems. The campaign, attributed to an uploader using the handle CondeTGAPIS, highlights the continuing risk of supply-chain attacks inside the Python ecosystem. Zscaler analysts…
A phishing campaign is exploiting Google’s AppSheet platform to trick Workspace users with fake trademark notices. The scam leverages the trust of a legitimate Google service to bypass email filters and land in corporate inboxes. How the Scam Works Researchers at Raven AI discovered that attackers are sending phishing emails…
Researchers at LevelBlue Labs have detailed a new malware campaign that used a fileless loader to deliver AsyncRAT, a widely abused Remote Access Trojan known for credential theft and full remote control of compromised systems. How the Attack Began The investigation revealed that attackers gained initial access through a compromised…
Akamai’s Hunt Team has identified a new strain of malware targeting misconfigured Docker APIs, expanding on a campaign first documented earlier this summer. Unlike earlier versions, which installed cryptocurrency miners, this variant focuses on blocking external access and installing persistence mechanisms, suggesting a larger objective. From Cryptomining to Control The…
Cybersecurity researchers at FortiGuard Labs have discovered a new malware threat called MostereRAT, which is being spread through phishing campaigns targeting Windows devices. Classified as high severity, this Remote Access Trojan (RAT) provides attackers with full control of compromised systems using tools like AnyDesk and TightVNC. How the Malware Works…
Researchers at Guardio Labs have uncovered a new scam abusing the Grok AI assistant on X (formerly Twitter) to spread malicious links through video ads. The technique, dubbed “Grokking,” tricks the AI into amplifying dangerous content while bypassing the platform’s security filters. How “Grokking” Works The scam begins with attackers…
Cybersecurity researchers at Huntress have uncovered a malware campaign using a fake AnyDesk installer to spread MetaStealer, relying on the well-known ClickFix social engineering technique. The attack abuses Windows search and user trust in remote access tools to bypass security defenses. How the Scam Works The ClickFix method is a…
Amazon’s threat intelligence team has disrupted a watering hole campaign conducted by APT29, the Russian state-linked threat group also known as Midnight Blizzard. The operation used compromised websites to redirect visitors into a phishing scheme designed to hijack Microsoft accounts through the device code authentication flow. How the Campaign Worked…
