Tag: malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Dec 18, 2025 7:19 PM

Tags: attack, china, cyber, cybersecurity, espionage, group, malware, threat, windows

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at…
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets

Dec 18, 2025 6:19 PM

Tags: apt, group, hacker, india, iran, malware, tool

SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets

Dec 18, 2025 6:19 PM

Tags: apt, group, hacker, india, iran, malware, tool

SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada. First seen on hackread.com Jump to article: hackread.com/iran-apt-prince-of-persia-resurfaces/
Raspberry Pi used in attempt to take over ferry

Dec 18, 2025 4:19 PM

Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phone

Proceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
France arrests Latvian for installing malware on Italian ferry

Dec 18, 2025 3:19 PM

Tags: control, malware

French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-arrests-latvian-for-installing-malware-on-italian-ferry/
New BeaverTail Malware Variant Linked to Lazarus Group

Dec 18, 2025 1:19 PM

Tags: crypto, group, hacker, lazarus, malware, north-korea

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/beavertail-variant-linked-lazarus/
Backdoors eingeschleust: Chinesische Hacker kapern seit Wochen Cisco-Systeme

Dec 18, 2025 1:19 PM

Tags: backdoor, china, cisco, hacker, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Ungepatchte Sicherheitslücke: Chinesische Hacker kapern seit Wochen Cisco-Systeme

Dec 18, 2025 11:19 AM

Tags: bug, china, cisco, hacker, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Phantom Stealer Targeting Users to Steal Sensitive Data

Dec 18, 2025 10:19 AM

Tags: attack, credit-card, crypto, cyber, data, infection, malware, password

Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Dec 18, 2025 10:19 AM

Tags: android, korea, malware, mobile, north-korea, phishing, qr, threat

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).”The threat actor leveraged QR codes and notification pop-ups to lure victims into installing…
Ungepatchte Sicherheitslücke: Cisco-Systeme werden seit Wochen attackiert

Dec 18, 2025 10:19 AM

Tags: bug, china, cisco, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Phantom Stealer Targeting Users to Steal Sensitive Data

Dec 18, 2025 10:19 AM

Tags: attack, credit-card, crypto, cyber, data, infection, malware, password

Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide

Dec 18, 2025 9:19 AM

Tags: android, botnet, control, cyber, google, iot, malware

A newly discovered Android botnet dubbed >>Kimwolf
Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide

Dec 18, 2025 9:19 AM

Tags: android, botnet, control, cyber, google, iot, malware

A newly discovered Android botnet dubbed >>Kimwolf
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
The Raspberry Pi wakeup call: Why enterprises must rethink physical security

Dec 18, 2025 6:19 AM

Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phone

Proceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
The Raspberry Pi wakeup call: Why enterprises must rethink physical security

Dec 18, 2025 6:19 AM

Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phone

Proceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
AI Poised to Outrun Cyber Defenders, Congress Hears

Dec 18, 2025 12:19 AM

Tags: ai, attack, cyber, intelligence, malware, tool

Experts Say AI Is Already Enabling Faster and Harder-to-Detect Attack Campaigns. Artificial intelligence-fueled malware and automated cyber tools are enabling faster, more adaptive attacks at scale, with experts warning Congress that adversaries are now leveraging AI and quantum advances to outpace defenders and bypass outdated security architectures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-poised-to-outrun-cyber-defenders-congress-hears-a-30322
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help

Dec 17, 2025 10:19 PM

Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps

Dec 17, 2025 9:19 PM

Tags: access, cyber, hacker, korea, malicious, malware, mobile, north-korea, qr, service, threat

Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat Research Team identified the latest iteration of >>DOCSWAP
GhostPoster Attack Uses PNG Icons to Compromise 50,000 Firefox Users

Dec 17, 2025 9:19 PM

Tags: attack, browser, cyber, exploit, malicious, malware

A sophisticated malware campaign dubbed >>GhostPoster
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks

Dec 17, 2025 7:19 PM

Tags: detection, edr, malware, tool, windows

A new Moonwalk++ proof-of-concept (PoC) shows how malware can spoof Windows call stacks while staying encrypted in memory, bypassing modern EDR detection. The research highlights blind spots in stack-based telemetry increasingly relied on by enterprise defenders. “Public detection tools fail entirely to recognize the call stack tampering,” said the researcher. Moonwalk++ Shows the Limits of…
GhostPoster Malware Hit 50K Users via Firefox Extension Icons

Dec 17, 2025 7:19 PM

Tags: browser, malware

The GhostPoster campaign hid malware inside Firefox extension icons, infecting tens of thousands of users through trusted add-ons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghostposter-malware-hit-50k-users-via-firefox-extension-icons/
Hacking Hardware, Unraveling Malware: Black Hat Europe at 25

Dec 17, 2025 6:19 PM

Tags: cybercrime, cybersecurity, hacking, Hardware, infrastructure, macOS, malware

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure London in December: Early to dark, quick to rain but also festive – and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year’s event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer…
Critical React2Shell flaw exploited in ransomware attacks

Dec 17, 2025 6:19 PM

Tags: access, attack, corporate, exploit, flaw, malware, network, ransomware, vulnerability

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/