Collecting Cyber-News from over 60 sources

Tag: malware

Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Ungepatchte Sicherheitslücke: Chinesische Hacker kapern seit Wochen Cisco-Systeme

Dec 18, 2025 11:19 AM

Tags: bug, china, cisco, hacker, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Phantom Stealer Targeting Users to Steal Sensitive Data

Dec 18, 2025 10:19 AM

Tags: attack, credit-card, crypto, cyber, data, infection, malware, password

Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Dec 18, 2025 10:19 AM

Tags: android, korea, malware, mobile, north-korea, phishing, qr, threat

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).”The threat actor leveraged QR codes and notification pop-ups to lure victims into installing…
Ungepatchte Sicherheitslücke: Cisco-Systeme werden seit Wochen attackiert

Dec 18, 2025 10:19 AM

Tags: bug, china, cisco, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Phantom Stealer Targeting Users to Steal Sensitive Data

Dec 18, 2025 10:19 AM

Tags: attack, credit-card, crypto, cyber, data, infection, malware, password

Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and cryptocurrency wallet credentials. Security researchers have identified Version 3.5 of the malware, which employs a…
Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide

Dec 18, 2025 9:19 AM

Tags: android, botnet, control, cyber, google, iot, malware

A newly discovered Android botnet dubbed >>Kimwolf
Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide

Dec 18, 2025 9:19 AM

Tags: android, botnet, control, cyber, google, iot, malware

A newly discovered Android botnet dubbed >>Kimwolf
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
The Raspberry Pi wakeup call: Why enterprises must rethink physical security

Dec 18, 2025 6:19 AM

Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phone

Proceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
The Raspberry Pi wakeup call: Why enterprises must rethink physical security

Dec 18, 2025 6:19 AM

Tags: ceo, control, dns, Hardware, infrastructure, intelligence, malware, monitoring, network, phone

Proceed with caution: Villanustre encouraged anyone discovering such a device to proceed cautiously. “Disconnecting the device could result in losing important forensic information if not careful. It’s not too hard to equip the device with a tiny battery or supercapacitor that would give it enough time to wipe itself out if disconnected from the network or…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
AI Poised to Outrun Cyber Defenders, Congress Hears

Dec 18, 2025 12:19 AM

Tags: ai, attack, cyber, intelligence, malware, tool

Experts Say AI Is Already Enabling Faster and Harder-to-Detect Attack Campaigns. Artificial intelligence-fueled malware and automated cyber tools are enabling faster, more adaptive attacks at scale, with experts warning Congress that adversaries are now leveraging AI and quantum advances to outpace defenders and bypass outdated security architectures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-poised-to-outrun-cyber-defenders-congress-hears-a-30322
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help

Dec 17, 2025 10:19 PM

Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps

Dec 17, 2025 9:19 PM

Tags: access, cyber, hacker, korea, malicious, malware, mobile, north-korea, qr, service, threat

Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat Research Team identified the latest iteration of >>DOCSWAP
GhostPoster Attack Uses PNG Icons to Compromise 50,000 Firefox Users

Dec 17, 2025 9:19 PM

Tags: attack, browser, cyber, exploit, malicious, malware

A sophisticated malware campaign dubbed >>GhostPoster
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks

Dec 17, 2025 7:19 PM

Tags: detection, edr, malware, tool, windows

A new Moonwalk++ proof-of-concept (PoC) shows how malware can spoof Windows call stacks while staying encrypted in memory, bypassing modern EDR detection. The research highlights blind spots in stack-based telemetry increasingly relied on by enterprise defenders. “Public detection tools fail entirely to recognize the call stack tampering,” said the researcher. Moonwalk++ Shows the Limits of…
GhostPoster Malware Hit 50K Users via Firefox Extension Icons

Dec 17, 2025 7:19 PM

Tags: browser, malware

The GhostPoster campaign hid malware inside Firefox extension icons, infecting tens of thousands of users through trusted add-ons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghostposter-malware-hit-50k-users-via-firefox-extension-icons/
Hacking Hardware, Unraveling Malware: Black Hat Europe at 25

Dec 17, 2025 6:19 PM

Tags: cybercrime, cybersecurity, hacking, Hardware, infrastructure, macOS, malware

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure London in December: Early to dark, quick to rain but also festive – and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year’s event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer…
Critical React2Shell flaw exploited in ransomware attacks

Dec 17, 2025 6:19 PM

Tags: access, attack, corporate, exploit, flaw, malware, network, ransomware, vulnerability

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/
Hacking Hardware, Unraveling Malware: Black Hat Europe at 25

Dec 17, 2025 6:19 PM

Tags: cybercrime, cybersecurity, hacking, Hardware, infrastructure, macOS, malware

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure London in December: Early to dark, quick to rain but also festive – and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year’s event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer…
Santastealer: Weihnachtliche Windows-Malware meidet russische Systeme

Dec 17, 2025 5:19 PM

Tags: malware, windows

Ein Malware-Entwickler eröffnet die Weihnachtssaison für Cyberkriminelle. Doch sein Santastealer ist längst nicht so gut, wie er verspricht. First seen on golem.de Jump to article: www.golem.de/news/amateurhafte-malware-santastealer-sammelt-weihnachtsgeschenke-fuer-cyberkriminelle-2512-203346.html
New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Dec 17, 2025 4:19 PM

Tags: attack, malware, windows

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-fake-browser-install-darkgate-malware/
Russische APT-Gruppe greift westliche KRITIS-Betreiber an

Dec 17, 2025 1:19 PM

Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-day

Eine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

Dec 17, 2025 1:19 PM

Tags: attack, china, cybersecurity, government, malware, threat

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America.Check Point Research is tracking the cluster under the name Ink Dragon. It’s also referenced by the broader cybersecurity community under the names CL-STA-0049,…
Malware in Bewegung: Animierte Köder infizieren PCs

Dec 17, 2025 1:19 PM

Tags: cyberattack, malware, threat

Cyberkriminelle verfeinern ihre Methoden zunehmend, um Erkennungssysteme zu umgehen. Laut dem aktuellen Threat Insights Report von HP Inc. setzen Angreifer auf überzeugende Animationen, gefälschte Plattformen und käufliche Malware-Dienste, um ihre Angriffe schwerer erkennbar zu machen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malware-animierte-koeder-infizieren-pcs
Russische APT-Gruppe greift westliche KRITIS-Betreiber an

Dec 17, 2025 1:19 PM

Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-day

Eine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…