APT24, a threat actor referred from Chinese cyber criminal group, has been observed employing multiple techniques to deploy malware as part of a three-year-long cyberespionage campaign, Google reports. Also tracked as G0011, Pitty Panda, and Pitty Tiger, APT24 has been active since at least 2008, mainly relying on spear phishing and social engineering to achieve its…
Hackers are turning everyday web browsers into remote-control tools using a new command-and-control (C2) platform called Matrix Push C2, according to BlackFog research. The browser‑native, fileless framework abuses legitimate web push notification features to deliver malware, phishing pages, and data theft campaigns across Windows, macOS, Linux, and mobile platforms. Instead of dropping traditional malware binaries…
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in a supply chain attack. Wiz researchers discovered two weeks ago, when they reported an exposure of over 550 secrets across Microsoft VSCode and Open VSX marketplaces. Some of those…
India has emerged as the most affected country by a prolific malware strain while ranking eighth globally in overall cyber threat exposure, according to Microsoft‘s Digital Defense Report 2025 released recently. And the top target for Lumma Stealer malware, with over 44,000 infected Windows devices between March and May 2025, according to Microsoft’s Digital Defense Report….
Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant and Google Threat Intelligence Group (GTIG) researchers tracked a suspected Cl0p ransomware group’s activity, where threat actors were attempting…
A sophisticated cyberattack campaign came to light in July 2025, that weaponizes Microsoft Teams calls to deploy the latest iteration of Matanbuchus ransomware. The attack begins with adversaries impersonating IT helpdesk personnel through external Teams calls, leveraging tactics related to social engineering to convince employees to execute malicious scripts. In ongoing support sessions, attackers activate…
The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade. Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could…
The cyber space witnessed what looked like an intense battle between hacktivists supporting India according to a cyber threat intelligence report prepared by Kochi-based cybersecurity company Technisanct. According to a cyber threat intelligence report prepared by Kochi-based cybersecurity company Technisanct, India had to deal with a sustained cyber offensive targeting various institutions. These are mostly…
Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new cyber campaign led by the Lazarus Group targeting supply chains in South Korea through combined watering hole attacks and exploitation of vulnerabilities in third-party software. The campaign, dubbed “Operation SyncHole,” was observed targeting at least six organisations across the software, IT, financial, semiconductor, and…
Google it has identified new malware called “LOSTKEYS” tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware “marks a new development in the toolset” of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog, opens new tab….
