Microsoft Threat Intelligence has uncovered a new phishing campaign that hides malicious code in SVG files and appears to use AI-powered techniques to evade detection. The attack, spotted on August 18, 2025, targeted U.S.-based organizations and relied on compromised small business email accounts to deliver fraudulent file-sharing messages. How the…
A revamped version of the DarkCloud Infostealer has reemerged, according to researchers at eSentire’s Threat Response Unit (TRU). The malware, now at version 4.2, is being actively marketed to cybercriminals and has already been spotted in attacks against the manufacturing sector. DarkCloud’s Return DarkCloud is not new, but the malware…
Microsoft’s Digital Crimes Unit (DCU) has dismantled a major phishing-as-a-service operation known as RaccoonO365, which stole thousands of Microsoft 365 credentials and targeted victims worldwide, including U.S. healthcare organizations. The takedown, announced on September 16, 2025, was made possible through a court order from the Southern District of New York.…
A phishing campaign is exploiting Google’s AppSheet platform to trick Workspace users with fake trademark notices. The scam leverages the trust of a legitimate Google service to bypass email filters and land in corporate inboxes. How the Scam Works Researchers at Raven AI discovered that attackers are sending phishing emails…
Cybersecurity researchers at FortiGuard Labs have discovered a new malware threat called MostereRAT, which is being spread through phishing campaigns targeting Windows devices. Classified as high severity, this Remote Access Trojan (RAT) provides attackers with full control of compromised systems using tools like AnyDesk and TightVNC. How the Malware Works…
Researchers at Guardio Labs have uncovered a new scam abusing the Grok AI assistant on X (formerly Twitter) to spread malicious links through video ads. The technique, dubbed “Grokking,” tricks the AI into amplifying dangerous content while bypassing the platform’s security filters. How “Grokking” Works The scam begins with attackers…
Cybersecurity researchers at Huntress have uncovered a malware campaign using a fake AnyDesk installer to spread MetaStealer, relying on the well-known ClickFix social engineering technique. The attack abuses Windows search and user trust in remote access tools to bypass security defenses. How the Scam Works The ClickFix method is a…
Amazon’s threat intelligence team has disrupted a watering hole campaign conducted by APT29, the Russian state-linked threat group also known as Midnight Blizzard. The operation used compromised websites to redirect visitors into a phishing scheme designed to hijack Microsoft accounts through the device code authentication flow. How the Campaign Worked…
Security researchers have uncovered a large-scale malware campaign distributing an infostealer dubbed TamperedChef through fake PDF editing applications. The campaign relied on Google ads to drive victims to fraudulent websites hosting malicious downloads, blending legitimate branding with carefully timed activation of hidden payloads. How the Campaign Works According to researchers,…
Security researchers have uncovered a Facebook malvertising campaign spreading Brokewell spyware to Android devices. The campaign uses fake TradingView ads to lure victims into downloading a trojanized app, which then steals cryptocurrency wallet details, personal data, and other sensitive information. How the Malware Works According to researchers, attackers cloned TradingView…
