A Russia-linked hacking group named ColdRiver has unleashed a new wave of cyberattacks using freshly developed malware designed to steal sensitive data from high-value targets. The campaign was recently exposed by Google’s Threat Intelligence Group (GTIG), which has been tracking the group’s evolving tactics over the years. ColdRiver, also known as “Callisto” or “Star Blizzard,” … Continued
Cybercriminals have found a new way to exploit weak email authentication in Zendesk, using it to launch large-scale “email-bomb” attacks. These attacks flood victims’ inboxes with hundreds or even thousands of messages, many of which appear to come from trusted companies. By abusing Zendesk’s customer support system, attackers make the emails look legitimate and difficult … Continued
Microsoft has taken a major action to disrupt a ransomware operation. On October 17, 2025, the company announced that it had revoked over 200 fake code-signing certificates. These certificates were being used by a cybercriminal group known as Vanilla Tempest, also linked to Vice Society, to make their malware appear legitimate and trusted. The revoked … Continued
China’s Flax Typhoon group has carried out a stealthy cyberattack by turning a trusted geo-mapping server into a secret backdoor. Security researchers discovered that the attackers exploited ArcGIS Server software to stay hidden inside networks for over a year. What makes this attack alarming is that it didn’t use typical malware but instead relied on … Continued
A new critical bug has been discovered in SAP NetWeaver AS Java, identified as CVE-2025-42944. This flaw exists in a component called RMI-P4, which handles remote method calls. The issue happens because of insecure deserialization, meaning the system accepts harmful data and executes it. Attackers can exploit this flaw to send malicious code that the … Continued
Chinese state-linked hackers managed to stay inside corporate networks for more than a year by turning a trusted mapping tool into a secret backdoor. They used a feature of Esri’s ArcGIS software, which is normally used for geographic data, to run hidden commands without being noticed. The hackers first gained access using valid administrator credentials. … Continued
Cybersecurity researchers have uncovered a dangerous cybercriminal group named TA585 that operates a powerful malware known as MonsterV2. This discovery reveals how the group manages every step of its attack chain, from phishing emails to full system compromise, making it one of the more self-reliant cyber gangs active today. TA585 stands out because it doesn’t … Continued
Cybersecurity researchers have issued a serious warning about a new and dangerous botnet known as RondoDox. This botnet has been found exploiting more than 50 security flaws in devices made by over 30 different vendors, putting millions of systems at risk across the world. RondoDox stands out because of the way it attacks. Instead of … Continued
I found a new Rust-written backdoor called ChaosBot. It uses Discord, a regular chat platform, as its command-and-control channel. The attackers create a Discord channel for each infected computer and send commands there. The infected machine replies by uploading text, files, or screenshots into that channel. Because Discord is a legitimate service, using it helps … Continued
Security researchers have uncovered a large-scale phishing campaign that used the npm ecosystem to host and distribute malicious code. A total of 175 npm packages were found to be part of the operation, with over 26,000 combined downloads. These packages were designed to redirect users to fake login pages that could steal their credentials. The … Continued
