A malicious Visual Studio Code extension posing as the popular “Material Icon Theme” has been used to attack Windows and macOS users, turning the add-on into a hidden backdoor. The fake extension shipped through the marketplace with backdoored files, giving the attackers a direct path into developer workstations once it was installed. After installation, the […] The post Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users appeared first on Cyber Security News.

Advanced steganography techniques are becoming increasingly central to state-sponsored cyber operations. Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns. These organizations operate as front companies linked to China’s Ministry of State Security, playing a critical role in modernizing the country’s […] The post Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations appeared first on Cyber Security News.

A new remote access trojan dubbed KimJongRAT has surfaced, posing a severe threat to Windows users. This sophisticated malware is believed to be orchestrated by the Kimsuky group, a threat actor with alleged state backing. The campaign typically begins with a phishing email containing a deceptive archive named National Tax Notice, which lures unsuspecting victims […] The post KimJongRAT Attacking Windows Users via Weaponized .hta Files to Steal Logins appeared first on Cyber Security News.

A sophisticated cyberespionage campaign dubbed “Operation Hanoi Thief” has surfaced, specifically targeting IT professionals and recruitment teams in Vietnam. Discovered on November 3, 2025, this threat activity employs a complex multi-stage infection chain designed to harvest sensitive browser credentials and history. The attackers leverage a malicious spear-phishing strategy, distributing a ZIP archive named Le-Xuan-Son_CV.zip, which […] The post Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware appeared first on Cyber Security News.

With the holiday shopping season kicking into high gear, a massive cybersecurity threat has emerged, putting online shoppers at significant risk. A coordinated campaign has been discovered, involving the registration of over 2,000 fake holiday-themed online stores. These malicious sites are designed to lure unsuspecting consumers with the promise of steep discounts, only to steal […] The post Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments appeared first on Cyber Security News.

A newly discovered Windows malware packer named TangleCrypt has emerged as a serious threat in ransomware attacks, specifically designed to evade endpoint detection and response (EDR) solutions. The packer was first observed during a September 2025 ransomware incident involving Qilin ransomware, where threat actors deployed it alongside the ABYSSWORKER driver to disable security tools before […] The post TangleCrypt Windows Packer with Ransomware Payloads Evades EDR Using ABYSSWORKER Driver appeared first on Cyber Security News.

A sophisticated Advanced Persistent Threat group known as Bloody Wolf has intensified its cyber espionage operations across Central Asia, targeting government and private sectors. Since late June 2025, the group has orchestrated spear-phishing campaigns primarily focusing on organizations within Kyrgyzstan and Uzbekistan. By meticulously impersonating state entities such as the Ministry of Justice, the attackers […] The post Bloody Wolf Hackers Mimic as Government Agencies to Deploy NetSupport RAT via Weaponized PDF’s appeared first on Cyber Security News.