Cybersecurity 2025 Archives • Information Security News

The Mole in the Machine: New Arrests in Coinbase’s $400M Insider Data Scandal

ddos December 31, 2025

Coinbase has reported the first arrests in its investigation into the sale of customer data: police in...

The Editor’s Trap: EmEditor Hijacked to Deploy Stealthy “Google Drive” Infostealer PhantomVAI malware loader npm Token Farming SesameOp Malware Flyoobe Malware FlipSwitch Rootkit fezbox Malware ModStealer Malware NightshadeC2 OldGremlin AI ransomware LummaStealer Qilin, ransomware-as-a-service Human Cybersecurity Ransomware ACRStealer Interlock Ransomware OVERSTEP Rootkit Malduck WordPress Malware

PhantomVAI malware loader npm Token Farming SesameOp Malware Flyoobe Malware FlipSwitch Rootkit fezbox Malware ModStealer Malware NightshadeC2 OldGremlin AI ransomware LummaStealer Qilin, ransomware-as-a-service Human Cybersecurity Ransomware ACRStealer Interlock Ransomware OVERSTEP Rootkit Malduck WordPress Malware

The Editor’s Trap: EmEditor Hijacked to Deploy Stealthy “Google Drive” Infostealer

ddos December 29, 2025

In late December, an unwelcome supply-chain surprise erupted around the popular text editor EmEditor. According to the...

How a Capital Letter Bypasses Fortinet 2FA CVE-2025-58034 Fortinet vulnerability CVE-2023-48788 Fortinet

How a Capital Letter Bypasses Fortinet 2FA

ddos December 29, 2025

Fortinet has warned administrators that real-world attacks are once again exploiting the vulnerability FG-IR-19-283 (CVE-2020-12812), first disclosed...

The Trusted Thief: New Signed MacSync Malware Bypasses Apple’s Gatekeeper macsync-installer

The Trusted Thief: New Signed MacSync Malware Bypasses Apple’s Gatekeeper

ddos December 26, 2025

The latest iteration of the macOS stealer known as MacSync has learned to infiltrate victims’ machines almost...

Forging the Keys: Inside SAMLSmith, the C# Framework for Golden & Silver SAML Attacks Golden SAML attack automation

Forging the Keys: Inside SAMLSmith, the C# Framework for Golden & Silver SAML Attacks

ddos December 24, 2025

SAMLSmith is a C# tool for generating custom SAML responses and implementing Silver SAML and Golden SAML...

Automation Crisis: Critical 9.9 CVSS Flaw Exposes 103K n8n Instances to Full Takeover

ddos December 24, 2025

A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code...

The Silent Sync: How the “lotusbail” npm Package Hijacks WhatsApp Accounts Insider Threat RondoDox Botnet Stellantis data breach DDoS-for-Hire OAG ransomware Zeppelin ToolShell Chain Iran Cyber Threat UK Retail Cyberattack, CMC Financial Impact Indonesia spyware

Insider Threat RondoDox Botnet Stellantis data breach DDoS-for-Hire OAG ransomware Zeppelin ToolShell Chain Iran Cyber Threat UK Retail Cyberattack, CMC Financial Impact Indonesia spyware

The Silent Sync: How the “lotusbail” npm Package Hijacks WhatsApp Accounts

ddos December 24, 2025

A malicious package named lotusbail has been uncovered in the npm repository, masquerading as a library for...

Founding: The Next-Gen Loader Generator for Advanced Evasion stealth binary obfuscation

Founding: The Next-Gen Loader Generator for Advanced Evasion

ddos December 23, 2025

Founding is a tool that processes shellcode in .bin, .exe, or .dll formats, applying advanced obfuscation or encryption techniques to generate stealthy binaries with...

The $40M Jackpot: DOJ Charges 54 in Nationwide Ploutus ATM Malware Blitz Samourai Wallet Sentencing New Gold Protocol

The $40M Jackpot: DOJ Charges 54 in Nationwide Ploutus ATM Malware Blitz

ddos December 23, 2025

The U.S. Department of Justice has brought charges against dozens of individuals in connection with a wave...

Offside on the Dark Web: Qilin Ransomware Targets Argentine Giant River Plate

ddos December 23, 2025

The Argentine football giant Club Atlético River Plate (CARP) has become a target of extortion by the...

Locked by BitLocker: 1,000 Systems Crippled in Massive Cyberattack on Romanian Waters Radio Nordseewelle Attack Municipal cyberattack JLR Cyberattack German economy cyberattacks AI misuse Chinese APT GMX Hack Iran Cyber Threat, US Cyberattack Warning Pegasus spyware Jordan

Radio Nordseewelle Attack Municipal cyberattack JLR Cyberattack German economy cyberattacks AI misuse Chinese APT GMX Hack Iran Cyber Threat, US Cyberattack Warning Pegasus spyware Jordan

Locked by BitLocker: 1,000 Systems Crippled in Massive Cyberattack on Romanian Waters

ddos December 23, 2025

Romania’s National Administration of Water Resources has fallen victim to a large-scale cyberattack that resulted in the...

Retaliation Strike: 22-Year-Old Arrested After BreachForums Hacks French Ministry of Interior Twitter Hack Crypto Seizure Car Hacking Devices German Darknet Arrest Zero-Day Theft TfL cyberattack SIM box fraud Myanmar Crime Crackdown Min Clan Verdict Bitcoin Seizure Scattered Spider Arrest Pompompurin SIM swapping Insider threat Cybercrime Dark web North Korea Espionage Military Tech Theft Cybercrime Bust Crypto Theft Cybercrime BreachForums Takedown

Twitter Hack Crypto Seizure Car Hacking Devices German Darknet Arrest Zero-Day Theft TfL cyberattack SIM box fraud Myanmar Crime Crackdown Min Clan Verdict Bitcoin Seizure Scattered Spider Arrest Pompompurin SIM swapping Insider threat Cybercrime Dark web North Korea Espionage Military Tech Theft Cybercrime Bust Crypto Theft Cybercrime BreachForums Takedown

Retaliation Strike: 22-Year-Old Arrested After BreachForums Hacks French Ministry of Interior

ddos December 19, 2025

French law enforcement authorities have arrested a 22-year-old man suspected of orchestrating a recent cyberattack against the...

The Invisible Roommate: How the GhostPairing Scam Steals Your WhatsApp Without a Password

ddos December 18, 2025

Researchers at Gen have reported a new WhatsApp account-takeover technique dubbed GhostPairing. The attack appears mundane and...

Naughty List: SantaStealer Malware Unwrapped—The “New” Holiday Threat is Just Rebranded Code

ddos December 18, 2025

In the run-up to the New Year holidays, underground marketplaces often see a surge of freshly minted...

Cybersecurity 2025

The Editor’s Trap: EmEditor Hijacked to Deploy Stealthy “Google Drive” Infostealer

How a Capital Letter Bypasses Fortinet 2FA

The Trusted Thief: New Signed MacSync Malware Bypasses Apple’s Gatekeeper

Forging the Keys: Inside SAMLSmith, the C# Framework for Golden & Silver SAML Attacks

Automation Crisis: Critical 9.9 CVSS Flaw Exposes 103K n8n Instances to Full Takeover

The Silent Sync: How the “lotusbail” npm Package Hijacks WhatsApp Accounts

Founding: The Next-Gen Loader Generator for Advanced Evasion

The $40M Jackpot: DOJ Charges 54 in Nationwide Ploutus ATM Malware Blitz

Offside on the Dark Web: Qilin Ransomware Targets Argentine Giant River Plate

Locked by BitLocker: 1,000 Systems Crippled in Massive Cyberattack on Romanian Waters

Retaliation Strike: 22-Year-Old Arrested After BreachForums Hacks French Ministry of Interior

Naughty List: SantaStealer Malware Unwrapped—The “New” Holiday Threat is Just Rebranded Code

You may have missed

The War for Your Documents: Why The Document Foundation is Challenging Microsoft’s OOXML Monopoly

Urgent Patch: Microsoft Defender Update Fixes Critical SYSTEM-Level Privilege Escalation Flaw

The Pre-Boot Breach: Microsoft Releases Critical Emergency Script to Defend Against “YellowKey” BitLocker Bypass

The Reddit Clone: Meta Secretly Launches “Forum” App to Unbundle Facebook Groups