Security Affairs

OCTOBER 17, 2024

The threat actors also employed two new downloaders, called RustClaw and MeltingClaw, plus two backdoors, DustyHammock (Rust-based) and C++-based ShadyHammock. “The downloaders make way for and establish persistence for two distinct backdoors we call “DustyHammock” and “ShadyHammock,” respectively.”

Government 124

Government Malware Cyber Attacks Ransomware 124

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware 132

Malware Encryption Phishing Hacking 132

Security Affairs

JUNE 24, 2025

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. While Signal itself remains secure, attackers are exploiting its growing popularity in official communications to make their phishing attempts more convincing.

Malware 90

Malware Encryption Phishing Government 90

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection.

Banking 91

Banking Phishing Malware Passwords 91

Security Affairs

NOVEMBER 15, 2024

Gen Digital observed phishing campaigns distributing the Glove Stealer. The campaign observed by researchers used a phishing message with an HTML file attachment. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com) 160 on port 4449.

Antivirus 122

Antivirus Malware Banking Passwords 122

Security Affairs

MAY 5, 2025

The attack chain commences via phishing messages, fake browser updates, and invoice lures through Italys PEC email system. In early 2025, Recorded Future researchers observed a phishing campaign targeting the U.S. MintsLoader is used by several threat groups, notably TAG-124. ” reads the report published by Recorded Future.

Malware 129

Malware Phishing Threat Reports Encryption 129

Security Affairs

NOVEMBER 7, 2024

The initial attack vector is a phishing email containing a link to a malicious application disguised as a link to a PDF document relating to a cryptocurrency topic such as “Hidden Risk Behind New Surge of Bitcoin Price”, “Altcoin Season 2.0-The The attackers exploit a unique, novel persistence method via the zshenv configuration file.

Malware 125

Malware Architecture Risk Cryptocurrency 125

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data. ” reads a report published by Halcyon.

Ransomware 105

Ransomware Hacking Social Engineering Manufacturing 105

Security Affairs

JULY 9, 2025

DoNot APT uses custom Windows malware via phishing for espionage, enabling long-term access and data theft. Attackers used a spear-phishing email impersonating defense officials to target a European diplomatic entity, delivering the LoptikMod malware via a password-protected RAR file. ” reads Trellix’s report.

Malware 116

Malware Phishing Passwords Encryption 116

Security Affairs

JANUARY 22, 2025

It extracts Python backdoors from ZIP files downloaded via remote SharePoint links and employs techniques associated with the FIN7 threat actor. Once access was established, the attacker used a web browser to download a malicious payload, which was split into parts, reassembled, and unpacked to deploy malware.

Ransomware 98

Ransomware Malware Social Engineering Phishing 98

Security Affairs

APRIL 30, 2025

Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. “The Nebulous Mantis team, which changes the domains they use every month, obtains these spear-phishing and C2 servers from LuxHost and AEZA bulletproof hosting (BPH) services.”

Encryption 103

Encryption Ransomware Malware Phishing 103

Security Affairs

APRIL 7, 2025

The scheme mimics security steps to mislead users into self-compromising. “PoisonSeed threat actors are targeting enterprise organizations and individuals outside the cryptocurrency industry.They have been phishing CRM and bulk email providers credentials to export email lists and send bulk spam from the accounts.

Scams 75

Scams Cryptocurrency Phishing Cybercrime 75

SecureList

FEBRUARY 20, 2025

User Execution and Phishing remain top threats. User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering. To explore these and other trends in detail, download full report (PDF).

Phishing 101

Phishing Social Engineering Government Threat Detection 101

Security Affairs

FEBRUARY 4, 2025

Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous websites. The Coyote Banking Trojan supports multiple malicious functions, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.

Banking 120

Banking Malware Antivirus Cyber threats 120

Security Affairs

JULY 7, 2025

Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. It also downloads a new malware stage ( javav.exe ) and sets a startup shortcut to launch it on reboot, continuing the infection cycle.

Spyware 92

Spyware Malware Phishing Encryption 92

Security Affairs

JULY 7, 2025

Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. It also downloads a new malware stage ( javav.exe ) and sets a startup shortcut to launch it on reboot, continuing the infection cycle.

Spyware 77

Spyware Malware Phishing Encryption 77

IT Security Guru

DECEMBER 26, 2024

Enterprise browsers deliver, offering end-to-end encryption for online information. These secure tools shield against phishing, malware, and other digital threats. Enterprise browser security blocks phishing and malware. Also, secure browsers create detailed activity logs.

Phishing 62

Phishing Authentication Technology Malware 62

Security Affairs

JULY 18, 2025

The software can be downloaded from the police website and Europol’s NoMoreRansom site. Threat actors behind Phobos attacks were observed gaining initial access to vulnerable networks by leveraging phishing campaigns. The tool works on files with extensions like.phobos,8base,elbie,faust, and.LIZARD, and may support others.

Ransomware 130

Ransomware Encryption Malware Antivirus 130

Security Affairs

APRIL 21, 2025

Experts observed Kimsuky sending phishing emails targeting Korea and Japan from compromised systems. Their activity includes phishing campaigns against South Korea and Japan and attacks on South Koreas software, energy, and financial sectors starting in October 2023. China, Japan, Germany, Singapore, and several other countries.

Phishing 81

Phishing Malware Security Intelligence Hacking 81

Security Affairs

FEBRUARY 26, 2025

According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests. The attack chain analyzed by SentinelLabs starts with a Google Drive link in a phishing email from a sender named Vladimir Nikiforech.

Government 70

Government Cyber threats Phishing Malware 70

Security Affairs

JUNE 24, 2025

” “House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products.” House staff are strictly prohibited from using or downloading WhatsApp on any House device. ” continues the email.

Government 98

Government Spyware Encryption Mobile 98

Security Affairs

DECEMBER 31, 2024

Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account inserted a malicious code into the code of the extensions. “On December 24, a phishing attack compromised a Cyberhaven employee’s credentials to the Google Chrome Web Store.

Hacking 68

Hacking Phishing VPN Malware 68

Security Affairs

FEBRUARY 27, 2025

The families of malware employed in the attacks are: SALTWATER A malware-laced module for the Barracuda SMTP daemon (bsmtpd) that supports multiple capabilities such as uploading/downloading arbitrary files, executing commands, as well as proxying and tunneling malicious traffic to avoid detection.

Malware 74

Malware Hacking Government Phishing 74

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Phishing 75

Phishing Malware Security Intelligence Hacking 75

SecureList

DECEMBER 18, 2024

Telegram channel suggests that the hacktivists do not use phishing emails as an initial attack vector. To implement effective anti-attack measures, it is vital to perform regular testing, updating and integration of security systems. However, our analysis of the group leader’s messages in the C.A.S Messages from the C.A.S

Encryption 84

Encryption Passwords Accountability Ransomware 84

Approachable Cyber Threats

MARCH 25, 2025

The truth is, most cybersecurity incidents happen because of simple human errorsthings like clicking on a phishing email or not immediately recognizing a security risk. If you're aiming for CMMC compliance , an SSP is a must, but its valuable for any business looking to improve their security posture. Were here to help!

Small Business 80

Small Business Cybersecurity Risk Government 80

BH Consulting

OCTOBER 24, 2024

Information Security Buzz has a good summary of the main points. The full report runs to 129 pages and is free to download. MORE Cofense looks at a recent phishing campaign that used HR-related themes. Now in its 12th edition, the 2024 report is based on the analysis of more than 11,000 incidents.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

SecureList

DECEMBER 9, 2024

User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider. The breach allowed the threat actor to download SMS message logs. Why does it matter?

Internet 107

Internet Internet Risk Social Engineering 107

Security Affairs

MAY 4, 2025

CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations FBI shared a list of phishing domains associated with the LabHost PhaaS platform Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack (..)

Cybercrime 73

Cybercrime Cyber Attacks Malware Phishing 73

Security Affairs

DECEMBER 12, 2024

Microsoft also assesses that in January 2024, Secret Blizzard used the backdoor of Storm-1837, a Russia-based threat actor, to download the Tavdig and KazuarV2 backdoors on a target device in Ukraine. Amadey bots encoded system data to communicate with the C2 at [link] , attempting to download two plugins, cred64.dll dll and clip64.dll

Cybercrime 51

Cybercrime Malware Hacking Cryptocurrency 51

Security Affairs

JULY 18, 2025

” On July 10, 2025, CERT-UA identified a phishing campaign targeting executive authorities with a ZIP file posing as a ministry document. Exfiltration of the received information and files (in different versions of the program) can be carried out using SFTP or HTTP POST requests.” ” continues the alert.

Malware 85

Malware Cyber threats Phishing Hacking 85

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware 72

Spyware Firewall Artificial Intelligence Malware 72

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime 62

Cybercrime Hacking Ransomware Cryptocurrency 62

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing 332

Phishing Architecture Passwords Accountability 332

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware 127

Adware Phishing Mobile Malware 127

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. exe”), and executes script.a3x using AutoIt3.exe.

Phishing 144

Phishing DNS Social Engineering Engineering 144