Experts at Darktrace have identified a targeted cyberattack against an American chemical company, in which the perpetrators exploited a critical vulnerability in the SAP NetWeaver platform. Tracked as CVE-2025-31324, the flaw stemmed from an...
A new wave of attacks leveraging the XWorm malware vividly illustrates how far threat actors have advanced in crafting tools that are both resilient to detection and resistant to analysis. The variant identified by...
Amid the continued proliferation of Android-targeting malware, researchers at Cyble Research and Intelligence Labs (CRIL) have identified a sophisticated new threat dubbed RedHook. First observed in January 2025, this banking Trojan exhibits a particularly...
ArmouryLoader has once again captured the attention of cybersecurity experts, emerging as one of the most technically sophisticated malware loaders in recent memory. Its architecture reflects a mature approach to evading defenses, employing stealthy...
Amid a surge in malicious campaigns exploiting legitimate communication channels to evade traditional security measures, a new tool has drawn the attention of cybersecurity professionals—Raven Stealer. Emerging in July 2025, this information-stealing program has...
Researchers have uncovered two parallel malicious campaigns targeting vulnerable and misconfigured components of cloud infrastructure. Both operations involve the deployment of cryptominers and are attributed to groups designated as Soco404 and Koske—whose activities have...
The FortiGuard Labs team has published an in-depth analysis of a heavily obfuscated web shell that was used in an attack targeting critical infrastructure in the Middle East. The research focuses on a script...
An unusual attack targeting Linux servers has unveiled a new echelon of malware obfuscation—and possibly, its artificial origin. Researchers at AquaSec have documented a threat dubbed Koske, which hides within seemingly innocuous images of...
Researchers at CYFIRMA have issued a warning about a new wave of cyberattacks leveraging malicious Android applications disguised as legitimate banking clients. These apps are designed to steal user credentials, intercept messages, and execute...
In the first half of 2025, researchers observed the active exploitation of a new malware loader known as CastleLoader. Since its emergence, this tool has become a central element in the distribution infrastructure for...
Amazon was forced to urgently withdraw a compromised version of its AI-powered programming assistant, Q, after a malicious instruction was covertly embedded into the system. This rogue directive prompted the assistant to exploit command-line...
The cybercriminal group known as Mimo, previously recognized for its campaigns deploying cryptocurrency miners, has shifted its tactics, now targeting new vectors — notably the popular e-commerce platform Magento and misconfigured Docker instances. The...
Amid the growing popularity of Android smartphones in developing regions and the increasing accessibility of third-party app stores, cybercriminals have launched a large-scale campaign that combines two highly dangerous tactics—credential theft and click fraud—for...
ACRStealer, a notorious information-stealing malware, has once again come under the spotlight following a series of enhancements that have significantly improved its resilience against detection and analysis. Over the past year—particularly since the beginning...
Hackers have ramped up their attacks on vulnerable Linux servers with exposed SSH access, deploying the SVF Botnet—a simple yet effective malicious framework designed for conducting DDoS attacks and cryptocurrency mining. This revelation comes...
Researchers have uncovered a stealthy backdoor within WordPress, cunningly disguised as a system file within the mu-plugins directory—a special location designated for must-use plugins. This strategic placement enables threat actors to establish a persistent...
