Cybersecurity News
-
Stealth Syscall Technique Allows Hackers to Evade Event Tracing and EDR Detection
Advanced threat actors have developed sophisticated stealth syscall execution techniques that successfully bypass modern security infrastructure, including Event Tracing for Windows (ETW), Sysmon monitoring, and Endpoint Detection and Response (EDR)…
Read More » -
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware
Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack…
Read More » -
Haozi’s Plug-and-Play Phishing Attack Steals Over $280,000 from Users
Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse mascot and frictionless cybercrime toolkit. The group’s cryptocurrency wallet has…
Read More » -
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates
A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers…
Read More » -
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication…
Read More » -
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control…
Read More » -
Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s Threat…
Read More » -
Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials
Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as “Dadsec.” Since September 2023, this group has…
Read More » -
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers can exploit lesser-known billing roles to escalate privileges within organizational…
Read More » -
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047—allow attackers to…
Read More » -
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass…
Read More » -
Threat Actors Exploit Nifty[.]com Infrastructure in Sophisticated Phishing Attack
Threat actors have orchestrated a multi-wave phishing campaign between April and May 2025, leveraging the legitimate infrastructure of Nifty[.]com, a prominent Japanese Internet Service Provider (ISP), to execute their attacks.…
Read More » -
Cybercriminals Are Turning Ordinary Citizens Into Money Mules in a New ‘Rent-a-Bank-Account’ Scam
Cybercriminals are exploiting vulnerable individuals by transforming them into unwitting money mules through a sophisticated fraud known as the ‘rent-a-bank-account’ scam. This scam involves fraudsters enticing people, often those in…
Read More » -
Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware,…
Read More » -
Hackers Circulate Over 93 Billion Stolen User Cookies on the Dark Web
Web cookies, those ubiquitous pop-ups we routinely dismiss with a click, are small text files stored on your device by websites you visit. While cookies are essential for a seamless…
Read More »