AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack
The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where they auto-complete purchases. Cybersecurity experts at Guardio…
Author: Cybernoz
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Aug 21, 2025Ravie LakshmananMalware / Cryptocurrency Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor…
European digital sovereignty: Storage, surveillance concerns to overcome
In mid-June 2025, Microsoft made an announcement about a suite of “Sovereign Cloud solutions” designed to ensure that data belonging to European customers remains stored…
US charges Oregon man allegedly behind vast botnet-for-hire operation
Federal prosecutors on Tuesday charged an Oregon man with running a global botnet-for-hire operation called Rapper Bot that used hacked IoT devices to conduct large-scale…
Hackers Weaponize QR Codes Embedded with Malicious Links to Steal Sensitive Information
Cybersecurity researchers have observed a surge in phishing campaigns leveraging QR codes to deliver malicious payloads. This emerging threat, often dubbed “quishing,” exploits the opaque…
Insider Threat Protection Market Size Worth USD 38 Billion by 2036
According to recent study by Research Nester, the global insider threat protection market Size was valued at USD 4 billion in 2023 and is predicted to surpass…
Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate…
Police investigation into Post Office scandal to cost more than £50m
The national police investigation into the Post Office Horizon scandal is expected to cost taxpayers more than £50m. Scandal victims accept the cost, but demand…
Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth
A stealthy campaign emerged in early March 2025 that capitalized on a critical remote code execution flaw in GeoServer (CVE-2024-36401) to compromise publicly exposed geospatial…
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks
A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa,…
Russian threat actors using old Cisco bug to target critical infrastructure orgs
A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an…
CISO Podcast Series Episode 2 Out Now
The Cyber Express, in collaboration with Suraksha Catalyst, is thrilled to announce the launch of Episode 2 of the Black Hat USA 2025 CISO Podcast…