A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North America, Europe, and Australia, amassing approximately $244.17 million in ransom proceeds as of late September 2025. […] The post Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report appeared first on Cyber Security News.

Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The malware spreads primarily through phishing emails, malicious advertisements, and compromised websites that trick users […] The post Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications appeared first on Cyber Security News.

Cybercriminals have launched a new phishing campaign that tricks users by impersonating legitimate spam-filter notifications from their own company. These fake emails claim that your organization recently upgraded its Secure Message system and that some pending messages failed to reach your inbox. The message urges you to click the “Move to Inbox” button to retrieve […] The post Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink appeared first on Cyber Security News.

On November 7th, security researchers discovered a dangerous malicious npm package called “@acitons/artifact” that had already been downloaded more than 206,000 times. The package was designed to look like the legitimate “@actions/artifact” package used by developers building tools with GitHub Actions. This was a classic typosquatting attack where the attackers swapped the letters to make […] The post Malicious npm Package with 206k Downloads Attacking GitHub-Owned Repositories to Exfiltrate Tokens appeared first on Cyber Security News.

The SmartApeSG campaign, also known as ZPHP or HANEY MANEY, continues to evolve its attack methods to compromise Windows systems with malicious remote access tools. First reported in June 2024, this campaign has shifted from using fake browser update pages to deploying sophisticated ClickFix-style techniques. The new approach tricks users into thinking they need to […] The post SmartApeSG Campaign Leverages ClickFix Technique to Deploy NetSupport RAT appeared first on Cyber Security News.