New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. The…
Month: October 2025
Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access
Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack…
SonicWall Says Hackers Breached All of Its Firewall Backups
In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the…
SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal
A brute-force attack exposed firewall configuration files of every SonicWall customer who used the company’s cloud backup service, the besieged vendor said Wednesday. An investigation…
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. Cisco Talos…
New Quishing Attack With Weaponized QR Code Targeting Microsoft Users
Microsoft users are facing a novel quishing campaign that leverages weaponized QR codes embedded in malicious emails. Emerging in early October 2025, this attack exploits…
Google says ‘likely over 100’ affected by Oracle-linked hacking campaign
Google said there were likely to be more than 100 companies affected by an ambitious hacking campaign that targeted Oracle’s suite of business products, an…
ClayRat campaign uses Telegram and phishing sites to distribute Android spyware
ClayRat campaign uses Telegram and phishing sites to distribute Android spyware Pierluigi Paganini October 09, 2025 ClayRat Android spyware targets Russian users via fake Telegram…
Hackers target universities in “payroll pirate” attacks
A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in “pirate payroll” attacks since March…
Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials
A sophisticated phishing campaign has emerged targeting job seekers through legitimate Zoom document-sharing features, demonstrating how cybercriminals exploit trusted platforms to harvest Gmail credentials. The…
Fake VPN and streaming app drops malware that drains your bank account
Security researchers are warning Android users to delete a fake VPN and streaming app that can let criminals take over their phones and drain their…
Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files
Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download…