UAC-0099 is a threat actor organization that has been targeting state officials, defense forces, and defense-industrial firms in a series of sophisticated cyberattacks that Ukraine’s CERT-UA has been investigating. The attacks typically initiate …
ClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such as the ClearFake phony browser update fraud. Initially demonstrated by securi…
A sophisticated cybercrime campaign has been discovered targeting Android users through fake antivirus applications that actually deliver LunaSpy spyware to victims’ devices. Security researchers have identified this malicious operation as an act…
Threat actors leveraged SEO poisoning techniques to manipulate Bing search results, directing users querying for “ManageEngine OpManager” to a malicious domain, opmanager[.]pro. This site distributed a trojanized MSI installer named ManageE…
Cybersecurity firm CTM360 has uncovered an ongoing malicious operation dubbed “ClickTok,” specifically targeting TikTok Shop users worldwide through a dual-pronged strategy of phishing and malware deployment. This campaign leverages decepti…
The North Korean state-sponsored group Kimsuky, also known as APT43, Thallium, and Velvet Chollima, has been accused of launching a recent cyber-espionage campaign in which the attackers used malicious Windows shortcut (LNK) files as the first point of…
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows systems. Active since 2021 and primarily disseminated through infected USB devices, this sophisticated downloader…
McAfee’s Mobile Research Team has identified a sophisticated Android malware campaign primarily aimed at Hindi-speaking users in India, masquerading as legitimate financial applications from institutions like SBI Card, Axis Bank, and IndusInd Bank. Thi…
SonicWall probes possible new zero-day after spike in Akira ransomware attacks on Gen 7 firewalls with SSLVPN enabled. SonicWall is investigating a potential new zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled. The company is working to determine if the incidents stem from an existing flaw or a […]
The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software developme…