New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient
Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025,…
Category: CyberSecurityNews
New PhantomCaptcha RAT Weaponized PDFs to Deliver Malware Using ‘ClickFix’-Style Cloudflare Captcha Pages
A sophisticated spearphishing campaign has emerged targeting humanitarian organizations and Ukrainian government agencies, leveraging weaponized PDF attachments and fake Cloudflare verification pages to distribute a…
Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750
The hacking community celebrated the end of Pwn2Own Ireland 2025. Researchers demonstrated their skills by identifying 73 unique zero-day vulnerabilities across different devices. The event,…
Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet
Amazon Web Services (AWS), the backbone for countless websites and services, faced a severe outage last weekend that disrupted operations for millions. The incident, which…
Toys “R” Us Canada Confirms Data Breach
Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in…
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
Email phishing attacks have reached a critical inflection point in 2025, as threat actors deploy increasingly sophisticated evasion techniques to circumvent traditional security infrastructure and…
Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287,…
Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories
Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories…
SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels
A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design,…
Hackers Abuse Microsoft 365 Exchange Direct Send to Bypass Content Filters and Harvest Sensitive Data
Microsoft 365 Exchange Online’s Direct Send feature, originally designed to enable legacy devices and applications to send emails without authentication, has become an exploitable pathway…
Bitter APT Hackers Exploit WinRAR Zero-Day Via Weaponized Word Documents to Steal Sensitive Data
The Bitter APT group, also tracked as APT-Q-37 and known in China as 蔓灵花, has launched a sophisticated cyberespionage campaign targeting government agencies, military installations,…
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted…