A newly identified threat dubbed PupkinStealer has emerged as of April 2025. Written in C# and .NET framework, this information-stealing malware is designed to compromise Windows systems, focusing on harvesting sensitive user data and discreetly exfiltrating it using Telegram’s Bot API. Despite its relatively simple structure and lack of persistence mechanisms or advanced evasion techniques, … Continued
A state-sponsored hacking group linked to North Korea, known as TA406, has launched a targeted cyber campaign against Ukrainian government entities, according to new findings by cybersecurity firm Proofpoint. The campaign, which began in February 2025, aims to collect sensitive political and military intelligence, potentially to inform North Korean decision-making around its support for Russia … Continued
A security researcher has released a working proof-of-concept (PoC) exploit for a recently patched vulnerability in Apple’s macOS operating system, raising concerns about potential attacks on unpatched systems. The flaw, tracked as CVE-2025-31258, was addressed in Apple’s latest macOS Sequoia 15.5 update, rolled out on May 12. The vulnerability affects RemoteViewServices, a core macOS framework … Continued
Cybersecurity researchers at Morphisec have uncovered a new wave of malicious campaigns exploiting the growing public interest in artificial intelligence (AI) to distribute a dangerous information-stealing malware known as Noodlophile. Unlike traditional phishing schemes or malware hidden in pirated software, threat actors are now creating elaborate, AI-themed platforms that impersonate legitimate services. These fake websites … Continued
ASUS has issued security updates to fix two high-severity vulnerabilities in its DriverHub utility, if exploited, could allow attackers to RCE on affected systems. The flaws, tracked as CVE-2025-3462 and CVE-2025-3463, were discovered by security researcher MrBruh and responsibly disclosed to ASUS on April 8, 2025. Patches were released on May 9. DriverHub is a … Continued
On May 5 at 16:00 GMT, cybersecurity firm Aikido’s automated malware analysis pipeline detected a serious supply chain compromise in the npm package rand-user-agent@1.0.110. The package, which averages approximately 45,000 weekly downloads, was found to contain malicious code designed to carry out remote access and data exfiltration. The rand-user-agent package, maintained by WebScrapingAPI, is widely … Continued
A China-linked cyber threat actor, identified as Chaya_004, has been actively exploiting a critical vulnerability in SAP NetWeaver systems, according to new findings from cybersecurity firm Forescout Vedere Labs. The group is believed to be behind a growing wave of targeted attacks exploiting CVE-2025-31324, a recently disclosed security flaw that allows for remote code execution … Continued
In a disturbing trend, cybercriminals are weaponizing legitimate employee monitoring tools to conduct reconnaissance on the victim and harvest sensitive credentials following network breaches. Cybersecurity firm Varonis and Synacktiv have observed affiliates of the Qilin and Hunters International ransomware groups using a legitimate monitoring software Kickidler. What is Kickidler Kickidler, an employee monitoring software used … Continued
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software affecting Wireless LAN Controllers (WLCs), which could allow unauthenticated, remote attackers to upload arbitrary files and execute commands with root privileges. The high severity vulnerability tracked as CVE-2025-20188 (CVSS:10.0), stems from the use of a hard-coded JSON Web Token (JWT) … Continued
Google’s Threat Intelligence Group (GTIG) has discovered a new malware called LOSTKEYS, attributed to the Russian government-backed hacking group COLDRIVER also known as UNC4057, Star Blizzard, and Callisto. LOSTKEYS is capable of exfiltrating sensitive files from specifically targeted directories and file types. It also transmits system details and a list of running processes back to … Continued
