Microsoft has issued a warning about an active cryptojacking campaign that uses AI chatbot interactions to impersonate legitimate systems and direct users to malicious download sites. Once victims click the links, threat actors establish persistent remote access to compromised computers, potentially enabling further activities such as data theft or ransomware deployment. The campaign, detailed in a report from Microsoft Defender Experts and the Microsoft Defender Security Research Team, repres
malware (128)
Hackers are increasingly exploiting trusted artificial intelligence (AI) platforms like ChatGPT and Claude to turn them against their own users. Recently, Hackread.com reported a flaw called ClaudeBleed, discovered by LayerX, which allowed unauthorized browser extensions to hijack Anthropic Claude’s interface. Now, hackers are reportedly abusing official features of these AI tools to spread malware while easily evading web filters and security checks.[1]
The Fake Outage Trick - These observati
The term ClickFix refers to a recent trend in social engineering that’s been growing, where a user is tricked in one way or another into “fixing” a supposed problem. In such cases, the “fix” that the user is trying to perform is actually executing malicious actions. ClickFix tactics, while not new, have become one of the most widely used initial access methods in the last year.
We can see some examples of how this might look below. This example shows an iClicker compromised verification page
A new analysis by researchers at CyberArk has detailed a significant research effort revealing operational details of a StealC malware operator by exploiting a vulnerability in the malware's leaked web panel. The recent findings demonstrate how poor security practices within criminal infrastructure can be turned against threat actors. StealC is information-stealing malware operating under a Malware-as-a-Service (MaaS) model since early 2023. It enables customers to steal passwords, session co
Cybercriminals are increasingly proving they do not need software vulnerabilities to compromise organizations; they need convincing deception. Researchers at Securonix are warning of a sophisticated phishing campaign targeting the hospitality sector that uses fake Booking.com reservation cancellations, deceptive CAPTCHA pages, and a panic-inducing fake Windows Blue Screen of Death (BSOD) to deploy a remote access trojan (RAT). The campaign, named PHALT#BLYX, highlights how attackers are blendi
Ransomware is no longer a niche threat. It shows up across industries, company sizes, and geographies but some groups remain far more exposed than others. Ransomware appeared in 44% of breaches analyzed in Verizon’s 2025 DBIR executive summary, up from 32% the previous year. This sharp rise confirms ransomware’s growing role as a primary breach driver rather than a secondary payload.[1]
Ransomware was a component of 39% of breaches in larger organizations, showing that even mature security pr
Imagine if a hacker could gain full control of your smartphone and stream everything on its screen to their own device? Well, a new Android banking trojan allows them to do just that, but they can also tap, swipe, type and navigate through hijacked smartphones in real time. According to a new blog post from the cybersecurity site Malwarebytes, security researchers at the online fraud management firm Cleafy have discovered a new Android malware family called Albiriox. Despite being fairly new,
eBPF (Extended Berkeley Packet Filter) is a very interesting kernel technology that lets users load tiny, sandboxed programs into the Linux kernel to inspect or modify network packets, system calls, and more. The technology was introduced in 2015 to replace the “old” BPF technology of 1992, which was no longer compatible with modern computer architectures (e.g., 64-bit). As usual, the technology was quickly noticed by malware authors, leading to the Bvp47 malware in 2015 and a collection of ro
In the modern digital ecosystem, subscribing to a calendar series has become a routine convenience. Whether it is a retailer sharing dates for upcoming sales, a sports association like FIFA publishing match schedules, or a government body listing public holidays, the standard ‘ICS’ web calendar format, also known as iCalendars, allows third parties to integrate events directly into a user’s device. A new report indicates that this functionality is being weaponized by cybercriminals to distribu
The automobile dealership sector continues to evolve digitally with connected vehicles, cloud-based dealership management systems (DMS), online financing, and electronic sales workflows. But the newly released CDK State of Dealership Cybersecurity 2025 report shows a sector still struggling to keep pace with threat actors who increasingly target these high-value, high-data retail environments. Despite gains in awareness and investment, dealerships face widening gaps in employee readiness, thir
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs researchers Aditya K Sood and Varadharajan K said in a report shared with The Hacker News. "When opened,
Our colleagues at Sentinel Labs have provided yet another great research and analysis. As Large Language Models (LLMs) are increasingly incorporated into software‑development workflows, they also have the potential to become powerful new tools for adversaries; as defenders, it is important that we understand the implications of their use and how that use affects the dynamics of the security space.
In Sentinel’s research, they wanted to understand how LLMs are being used and how analysts could s
In 2025, Chaos ransomware resurfaced with a C++ variant. This marks the first time it was not written in .NET. Beyond encryption and ransom demands, it adds destructive extortion tactics and clipboard hijacking for cryptocurrency theft. This evolution underscores Chaos's shift toward more aggressive methods, amplifying both its operational impact and the financial risk it poses to victims.
This Fortinet report provides a comprehensive technical analysis of Chaos-C++, covering its execution fl
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August 2025, according to cybersecurity company CrowdStrike. Tracked as CVE-2025-61882 and patched by Oracle on 01 October 2025, this vulnerability was discovered in the BI Publisher Integration component of Oracle EBS's Concurrent Processing component, allowing unauthenticated attackers to gain remote code execution on unpatched systems in low-complexity
The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries, especially in Pakistan, using spear-phishing and malicious documents as initial access vectors. Recent campaigns have highlighted a sharp evolut
Attacker Breakout Time refers to the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network. Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest. The threat intelligence vendor claimed in its latest Threat Spotlight report for the period June–August 2025 that the average breakout time dropped to only 18 minutes. One
Successful phishing campaigns typically combine sophisticated victim-deception tactics with layers of stealth, persistence, and advanced evasion techniques, so that threat actors can quietly maintain access across compromised systems and networks. A prime example is a new operation involving the use of a banking malware–turned–remote access Trojan (RAT) that researchers at Fortinet are tracking as "MostereRAT." It chains the use of an obscure programming language, security tool tampering, and t
The US Secret Service on 23 September reported it has foiled what appears to be a sophisticated plot for cyber-espionage and disruption of mobile networks in New York at a time when more than 100 heads of state and governments and foreign ministers are in the city for the UN General Assembly’s leaders’ session.
In a statement, the Secret Service said that the agency recovered more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites in New York tristate area. The agency s
A new sneaky type of malware, known as Raven Stealer, has been identified by the Lat61 Threat Intelligence Team at Point Wild. The research team, led by Onkar R. Sonawane, has found that this seemingly simple program is surprisingly adept at remaining undetected while stealing your personal information. The research, shared with Hackread.com, reveals that the malware is primarily spread through underground forums and often bundled with pirated software.
Built using the programming languages De
Over the past year, FortiGuard Labs has been tracking a stealthy malware strain exploiting a range of vulnerabilities to infiltrate systems. Initially disclosed by a Chinese cybersecurity firm under the name “Gayfemboy,” the malware resurfaced in July with new activity, targeting vulnerabilities in products from vendors such as DrayTek, TP-Link, Raisecom, and Cisco, and exhibiting signs of evolution in both form and behavior. This Fortinet research presents an in-depth analysis of Gayfemboy, r
