Tag: COLLECTION

PE32 Ransomware: A New Telegram-Based Threat on the Rise 
PE32 Ransomware is a newly emerging threat exploiting Telegram for its operations, utilizing a chaotic and noisy encryption method. Its simple design poses significant risks to users and organizations, especially with its dual ransom model that pressures victims. Affected: individuals, organizations, cybersecurity teams

Keypoints :

PE32 Ransomware is gaining traction online as a recent ransomware strain.…
Read More
The Reality of Mobile Endpoint Security in 2025
Mobile devices are becoming increasingly exploited entry points for cyber attacks in enterprises, prompting a shift in attack strategies from traditional methods to mobile vectors. As organizations adopt Bring Your Own Device (BYOD) policies, the need for effective Mobile Threat Defense (MTD) solutions becomes crucial. The rapid rise of sophisticated mobile attacks necessitates a reevaluation of security measures to address the vulnerabilities associated with mobile endpoints.…
Read More
TROX Stealer Malware Campaign
TROX Stealer is a malicious infostealer that takes advantage of urgent phishing campaigns to compromise sensitive data from individuals. This malware uses various programming techniques for evasion, targeting consumers rather than enterprises, and relies on urgency-inducing emails to deliver its payload. The malware is capable of exfiltrating various types of sensitive data, including credit card information and cryptocurrency wallets.…
Read More
AgeoStealer: How Social Engineering Targets Gamers
Infostealers, including the newly identified AgeoStealer, have become a significant threat, responsible for a large portion of credential theft and data breaches. AgeoStealer employs unique tactics, leveraging gaming platforms for distribution and evading detection through advanced obfuscation techniques. Its ability to extract sensitive information highlights the urgent need for organizations to bolster their defenses against these types of cyber threats.…
Read More
Lumma Stealer – Tracking distribution channels
The article discusses the rise of Lumma Stealer, a sophisticated type of Malware-as-a-Service (MaaS) that has emerged as a major threat to both individuals and organizations. Exploiting various distribution methods, particularly through fake CAPTCHA pages, Lumma Stealer successfully deceives users into executing malicious commands. Its intricate infection methods, including DLL sideloading and payload injection, enhance its ability to evade security detection.…
Read More
The SHELBY malware family utilizes GitHub as a command-and-control (C2) medium to execute its operations, such as data theft and command retrieval. A significant vulnerability exists as the Personal Access Token (PAT) allows unauthorized control of infected machines. The malware shows signs of active development, indicated by unused code and dynamic payloads.…
Read More
This article discusses the use of newly registered deceptive websites designed to impersonate the Google Play Store to deliver AndroidOS SpyNote malware. Victims are tricked into downloading the malware, which is a powerful remote access trojan (RAT) enabling extensive surveillance and data theft. The report highlights the tactics used by threat actors, including the technical details of the malware’s operation and its implications.…
Read More
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Summary: Researchers have identified an ongoing SMS phishing campaign targeting toll road users in the U.S., aimed at financial theft. The campaign, attributed to multiple threat actors using a specialized phishing kit from China, spreads fraudulent messages mimicking electronic toll systems. Victims are misled into providing personal information through fake payment portals after clicking embedded links in the messages.…
Read More
In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged
Summary: SecurityWeek’s roundup highlights significant cybersecurity developments, including vulnerabilities in an enterprise printer solution, the impact of cyber breaches on stock prices, and NATO’s cyber exercise. The report also mentions the record number of Microsoft product vulnerabilities, a hack on 4chan, and a new auto-reboot feature for Android.…
Read More
Summary: Security researchers discovered a network of over 35 malicious Google Chrome extensions that have been secretly executing remote commands and potentially spying on users, affecting over 6 million browsers. These unlisted extensions, designed to evade detection, exhibited extensive permissions and common obfuscation tactics. Users are advised to review and remove suspicious extensions to mitigate risk.…
Read More
UNC5221 is a suspected China-nexus cyber-espionage group targeting edge network devices through zero-day exploits, particularly Ivanti’s Pulse Connect Secure/Ivanti Connect Secure (ICS) VPN appliances. A critical vulnerability (CVE-2025-22457) has been exploited since March 2025, allowing unauthorized network access and deployment of custom malware. The campaign has affected organizations globally, especially in the U.S.,…
Read More
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Summary: The China-linked threat actor Mustang Panda has targeted an organization in Myanmar with advanced malware, introducing tools such as a revamped backdoor called TONESHELL, a new lateral movement tool named StarProxy, and several keyloggers. This attack demonstrates the group’s continuous evolution in cyber capabilities, including methods to evade detection by security systems.…
Read More
Advanced macOS Spyware PasivRobber
A suspicious Mach-O file named *wsus* was discovered on VirusTotal, leading researchers to uncover a suite of more than 20 binaries designed to capture data from macOS systems, specifically targeting popular applications among Chinese users. The investigation suggested ties to a Chinese organization involved in surveillance and forensic tools, prompting concerns about the software’s legitimacy and cybersecurity risks.…
Read More
Global_Rise_of_Akira_Ransomware
The Akira ransomware group has been operational since March 2023, employing a “double extortion” strategy that involves data exfiltration before encryption and threats of public exposure if ransoms are not paid. Their attacks have predominantly targeted sectors like Education, Finance, Manufacturing, and Healthcare across North America, Europe, and Australia, leading to significant financial gains exceeding million.…
Read More
Chinese firm tied to Uyghur rights abuses now training Tibet police on hacking techniques
Summary: A Chinese state-owned company, SDIC Intelligence Xiamen Information Co Ltd, is training police officers in Tibet on hacking and digital forensics, following a controversial contract. This initiative enhances local police’s surveillance capabilities against Tibetan dissidents and reflects larger trends in digital oppression. Human rights groups express concern over the implications for targeted surveillance and global digital threats.…
Read More
Threat actors misuse Node.js to deliver malware and other malicious payloads
Microsoft Defender Experts have reported malicious campaigns utilizing Node.js to deliver malware and facilitate information theft. This emerging trend shows a shift in threat actor techniques that blend malware with legitimate applications, indicating the growing use of Node.js in cyber threats. Affected: cybersecurity, software development

Keypoints :

Microsoft Defender Experts have observed Node.js…
Read More