The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities.
Phishing has grown far beyond suspicious emails and fake login pages. It’s now one of the most sophisticated threats in the cybersecurity world, targeting individuals, businesses, and infrastructure every day.
Cybersecurity isn’t just about firewalls anymore. In 2025, it’s more complex, more personal, and more essential than ever. As the world leans further into AI, automation, and cloud systems, so do the threats that ride alongside them.
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest.
Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted.
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets.
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure product that has come under active exploitation in the wild.
Modern businesses rely heavily on seamless communication and efficient workflows. Employee extensions, whether for phone systems, software applications, or browser functionalities, are designed to enhance productivity.
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.
A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines.
A new phishing campaign has been tricking users into giving out access to their Meta Business accounts especially Instagram. The scam, detected by the Cofense Phishing Defense Center, uses fake chat support, detailed instructions, and attempts to add itself as a secure login method to hijack business accounts.
A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate.
Juniper Networks has released an out-of-cycle security bulletin addressing an actively exploited vulnerability in Junos OS that could allow a local attacker to execute arbitrary code. The vulnerability, tracked as CVE-2025-21590, affects multiple versions of Junos OS.
A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers.
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.
Moscow-based cybersecurity firm Positive Technologies reported detecting 483 samples of Poco RAT in networks mostly in Venezuela, the Dominican Republic and Chile from June 2024 until February.
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code.
This game appeared on Steam earlier this month. Its description mentioned it as a survival game, where the player had to establish life in the open sea. Players could either play the game solo or add friends as they proceed. For its adventurous and exploring essence, this simulation game garnered positive reviews.
Bangkok: Cyberattack vulnerability of Asia-Pacific's financial industry is twice the global average, as investments in cybersecurity have not kept pace with the economic and digital growth in these countries, experts said.
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707.
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download files, and launch and execute malicious commands.
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.
The behavior of ChatGPT’s web crawler can be exploited through a discovered vulnerability: under specific query conditions, OpenAI’s bot may inadvertently execute DDoS attacks on arbitrary websites. This intriguing flaw was reported by cybersecurity researcher Benjamin Flesch.
The Socket team has identified a malicious PyPI package named pycord-self, which targets developers seeking Python wrappers for the Discord user API. By mimicking the legitimate package discord.py-self, this malicious package deceives developers into installing it
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound.
Jakub Korepta, Principal Security Consultant and Head of Infrastructure Security at Securing, has released a detailed report uncovering a critical command injection vulnerability in Aviatrix Network Controller.
Google has just released a critical security update for its Chrome web browser, addressing a high-severity vulnerability that could leave users open to attack. The update, rolling out to Windows, Mac, and Linux users over the next few days, patches a “Type Confusion” flaw in V8, the JavaScript engine that powers Chrome.
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data.
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions.
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.
A sophisticated phishing campaign is targeting employees of 30+ companies across 12 industries worldwide.Over 200 malicious links have been distributed, designed to steal user login credentials.
The Gafgyt malware (often referred to as Bashlite or Lizkebab) has expanded its attack scope by targeting publicly exposed Docker Remote API servers.
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
The Chinese threat actor known as Salt Typhoon has been spying on some high-value government and telecommunications organizations for several years now, recently debuting fresh backdoor malware, dubbed GhostSpider.
CyberVolk/GLORIAMIST is a hacktivist collective originating in India with pro-Russia leanings. Between June and October 2024, CyberVolk claimed responsibility for multiple ransomware attacks.
SYDNEY, Nov 20 (Reuters) - Australia said it was concerned that one in ten cybersecurity incidents last year involved critical infrastructure, with state-sponsored actors targeting the country's government, infrastructure and businesses using evolving tradecraft.
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
Ransomware isn't just a buzzword; it's one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging.
The City of Columbus, Ohio, has notified 500,000 individuals that a ransomware attack in July 2024 stole their personal information. In incident caused he city to take systems offline to contain the attack, impacting a range of services.
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history.
AI startup Hugging Face reported that its security team identified “unauthorized access” to Spaces, its platform for sharing AI models, during a period typically reserved for sensitive disclosures.
Cyber risk has become an increasingly important issue for small companies around the world. While many companies try to avoid and mitigate cyber risks, they rarely discuss transferring those risks to a third party.
Southern Water, which provides water and wastewater services to millions of people across the South East of England, that it plans to notify “5 to 10 percent” of its customer base that they had personal information stolen by hackers
Cybersecurity has one of the biggest and most urgent talent shortages in the tech industry. Malicious attacks are on the rise, and the techniques being used to worm into networks are growing ever more sophisticated.
U.S. pharmaceutical giant Cencora says it is notifying affected individuals that their personal and highly sensitive medical information was stolen during a cyberattack and data breach earlier this year.