Krebs on Security

MAY 28, 2025

Authorities in Pakistan have arrested 21 individuals accused of operating “ Heartsender ,” a once popular spam and malware dissemination service that operated for more than a decade. Some of the core developers and sellers of Heartsender posing at a work outing in 2021.

Malware 218

Malware Cybercrime Antivirus Scams 218

The Hacker News

JUNE 11, 2025

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants.

Malware 132

Malware 132

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. based computers.

Malware 123

Malware Government Hacking Cybersecurity 123

IT Security Guru

JANUARY 22, 2025

As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. It highlights the essential WordPress plugins for 2025 and focuses on security, speed, and SEOthe cornerstones of any future-ready website. The digital landscape is constantly growing and evolving. Full Stack Industries is here to help.

Backups 116

Backups Firewall Artificial Intelligence Mobile 116

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. You can find the full 2025 State of Malware report here.

Artificial Intelligence 143

Artificial Intelligence Small Business Malware Technology 143

Security Affairs

JANUARY 27, 2025

Apple addressed the first zero-day vulnerability of 2025, which is actively exploited in attacks in the wild aimed at iPhone users. Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085 , actively exploited in attacks targeting iPhone users.

Spyware 122

Spyware Surveillance Media Hacking 122

Centraleyes

DECEMBER 16, 2024

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. Supply Chain Security on the Rise In 2025, the supply chain will remain a major cybersecurity risk.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Affairs

APRIL 25, 2025

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024.

Malware 95

Malware Hacking Authentication Cybersecurity 95

Security Boulevard

JANUARY 20, 2025

This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 - 18 JAN 2025. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

Surveillance 97

Surveillance Malware Data breaches Scams 97

The Hacker News

MAY 25, 2025

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

Malware 118

Malware VPN Software Cybersecurity 118

Penetration Testing

JUNE 30, 2025

day AI Development AI security CVE-2025-49596 cybersecurity Machine Context Protocol MCP MCP Inspector Oligo Security rce Remote Code Execution Vulnerability Continue Reading Previous: From Code to Crypto Theft: DOJ Charges Four North Koreans for Infiltrating U.S. If this article helped you, please share it with others who might benefit.

Penetration Testing 116

Penetration Testing Authentication Advertising Cybersecurity 116

SecureWorld News

JANUARY 7, 2025

Welcome to SecureWorld's theme for 2025: Once Upon a Time in Cybersecurity. Be mindful of the dangers of poisoned gifts (malware), and stay vigilant against these sweet but dangerous schemes. Check out our full slate of in-person and virtual events for 2025.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

SecureList

MAY 15, 2025

Percentage of ICS computers on which malicious objects were blocked, Q1 2022Q1 2025 In JanuaryMarch 2025, the figures were the lowest compared to the same months of the previous four years. In Q1 2025, the percentage of affected ICS computers ranged from 10.7% Threat levels in different regions still vary.

Spyware 83

Spyware Phishing Malware Internet 83

eSecurity Planet

MARCH 3, 2025

The CrowdStrike 2025 Global Threat Report exposes a world where cyber adversaries operate with unprecedented speed and business-like precision, forcing organizations to rethink their security strategies. The post CrowdStrike 2025 Global Threat Report: 51-Second Breaches Shake Cybercrime appeared first on eSecurity Planet.

Threat Reports 93

Threat Reports Cybercrime Artificial Intelligence Social Engineering 93

The Last Watchdog

JANUARY 7, 2025

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. Evasion: AI-generated threats mimic human behavior, complicating detection for security teams.

Threat Detection 130

Threat Detection Engineering Malware Artificial Intelligence 130

Security Affairs

MAY 20, 2025

In April, SK Telecom reported that threat actors gained access to USIM-related information for customers following a malware attack. The telecom giant detected an infection of its systems at 11 PM on Saturday, April 19, 2025. million users affected by a malware breach that exposed sensitive data.

Malware 108

Malware Mobile Data breaches Wireless 108

Krebs on Security

JULY 17, 2025

.” However, a review of stolen password data gathered by multiple breach-tracking services shows that at the end of June 2025, a Paradox.ai administrator in Vietnam suffered a malware compromise on their device that stole usernames and passwords for a variety of internal and third-party online services. Image: hivesystems.com.

Passwords 244

Passwords Authentication Malware Accountability 244

SecureList

DECEMBER 16, 2024

Review of last year’s predictions The number of services providing AV evasion for malware (cryptors) will increase We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples.

Marketing 104

Marketing Data breaches Cryptocurrency Malware 104

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware 98

Malware Social Engineering Government Engineering 98

Security Affairs

JUNE 24, 2025

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent.

Malware 90

Malware Phishing Encryption Government 90

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. Apple removed the infected apps in February 2025.

Mobile 115

Mobile Malware Adware Banking 115

Security Affairs

JUNE 22, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): (..)

Malware 94

Malware Cryptocurrency Threat Reports Ransomware 94

The Last Watchdog

MAY 13, 2025

Top 5 Cybersecurity Imperatives from RSAC 2025 1. Research presented at RSAC 2025’s cloud security sessions by the Cloud Security Alliance found that although misconfigurations appear in a majority of real-world breaches, over 50% of organizations rate them as a low-to-moderate risk.

Architecture 130

Architecture Risk Cybersecurity Cyber Attacks 130

Security Affairs

MARCH 7, 2025

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras.

Malware 90

Malware Hacking Information Security 90

The Hacker News

JULY 17, 2025

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025.

Malware 104

Malware Accountability 104

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware 88

Malware Phishing Telecommunications Antivirus 88

Hacker's King

DECEMBER 24, 2024

With the advent of new technologies and rising cyber threats , 2025 promises significant shifts in the cybersecurity domain. Here are the top 10 trends to watch out for in 2025: Rise of AI-Driven Cyberattacks Cybercriminals are increasingly leveraging artificial intelligence (AI) to develop sophisticated attack methods.

Cybersecurity 59

Cybersecurity Cyber Insurance IoT Insurance 59

SecureList

JUNE 25, 2025

At the same time, AI-driven attacks are becoming increasingly common, making phishing and malware campaigns easier to prepare and quickly adapt, thus increasing their scale. According to our analysis, the number of unique malicious files mimicking ChatGPT grew by 115%, reaching 177 in the first four months of 2025.

Adware 86

Adware Phishing Computers and Electronics Banking 86

IT Security Guru

MARCH 14, 2025

It also has a malware scanner that checks your site for viruses and suspicious code. The plugin also scans your website for malware and removes it if necessary. Using security plugins like Wordfence, Sucuri, iThemes Security, and All In One WP Security can help protect your WordPress site from hackers and malware.

Cybersecurity 74

Cybersecurity Firewall Cyber Attacks Passwords 74

Security Affairs

FEBRUARY 13, 2025

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. The Steam account of the developer for this game uploaded builds to Steam that contained suspected malware. ” A game called PirateFi released on Steam last week and it contained malware.

Malware 112

Malware Antivirus Accountability Software 112

Security Affairs

APRIL 4, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. Notably, from 2025 onwards, the screenshot functionality shifted to being powered by PowerShell. This activity is tracked under the identifier UAC-0219.

Malware 75

Malware Cyber threats Government Hacking 75

Security Boulevard

JULY 11, 2025

An analysis of cyberattacks shared this week by Watchguard Technologies finds there was a 171% increase in total unique network malware detections and a 712% increase in endpoint detections in the first quarter of 2025 compared with the previous quarter.

Malware 70

Malware Technology Ransomware Cybersecurity 70

Zero Day

JUNE 26, 2025

Here's why A new Trojan malware is targeting sensitive information, including crypto wallet seed phrases. Written by Artie Beaty, Contributing Writer June 26, 2025 at 3:00 a.m. While the malware spread from the App Store and Google Play Store (and has been removed from both), it's also spreading naturally.

Password Management 124

Password Management Small Business Passwords Artificial Intelligence 124

SecureList

MARCH 25, 2025

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. Our detailed report enabled the developers to quickly address the issue, and on March 25, 2025, Google released an update fixing the vulnerability and thanked us for discovering this attack.

Malware 136

Malware Technology Education Phishing 136

Security Affairs

JULY 15, 2025

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy BeaverTail, a second-stage malware tied to the known backdoor InvisibleFerret. Despite takedown efforts, 27 packages remain live.

Malware 70

Malware Hacking Software Cybersecurity 70

Penetration Testing

JUNE 16, 2025

Team46 (TaxOff) is exploiting a Google Chrome sandbox escape zero-day (CVE-2025-2783) to deploy the multi-layered Trinper malware via phishing campaigns

Phishing 76

Phishing Malware Technology 76

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 101

Banking Malware Encryption Energy and Utilities 101