Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware,…
Author: Cybernoz
Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts
Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these…
BQTLOCK Ransomware-as-a-Service Emerges, Boasting Sophisticated Evasion Tactics
Ransomware-as-a-Service (RaaS) models continue to democratize sophisticated attacks in the ever-changing world of cybercrime by allowing affiliates with little technical know-how to distribute ransomware through…
Grok chats show up in Google searches
I’m starting to feel like a broken record, but I feel you should know that yet another AI has been found sharing private conversations so…
Chinese MURKY PANDA Attacking Government and Professional Services Entities
A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and…
How Secure Is the Software Supply Chain? Less Secure Than You Might Think.
Software is the invisible infrastructure of our world, powering everything from critical systems to everyday devices. But its ubiquity makes it a prime target. The…
Lumma Operators Deploy Cutting-Edge Evasion Tools to Maintain Stealth and Persistence
Lumma infostealer affiliates’ complex operating framework was revealed by Insikt Group in a ground-breaking report published on August 22, 2025, underscoring their reliance on cutting-edge…
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The “Linux-specific malware infection…
New Cryptojacking Attack Exploits Redis Servers to Install Miners and Disable Defenses
A sophisticated cryptojacking campaign has emerged, exploiting misconfigured Redis servers across multiple continents to deploy cryptocurrency miners while systematically dismantling security defenses. The threat actor…
China-linked Murky Panda targets and moves laterally through cloud services
In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this…
Lumma Affiliates Using Advanced Evasion Tools Designed to Ensure Stealth and Continuity
The Lumma information stealer has evolved from its 2022 origins into one of the most sophisticated malware-as-a-service (MaaS) ecosystems in the cybercriminal landscape. Operating through…
Microsoft Flags Cross-Platform Attacks Targeting Windows and macOS
Microsoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on…