-
GoDaddy Security researchers have unveiled a detailed analysis of Help TDS, a sophisticated Traffic Direction System operational since at least 2017, which exploits compromised websites to funnel traffic toward malicious scams. This operation supplies …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation and trusted-relationship compromises, marking a concerning evolution in state-sponsored […] The post Chinese MURKY PANDA Attacking Government and Professional Services Entities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS providers like Hyonix, Host Universal, Mevspace, and Hivelocity to […] The post Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lumma infostealer affiliates’ complex operating framework was revealed by Insikt Group in a ground-breaking report published on August 22, 2025, underscoring their reliance on cutting-edge evasion technologies to support cybercrime operations. Th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting. The vulnerability, tracked as CVE-2025-43300, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate action is required from organizations and individual users to protect their systems from […] The post CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated traffic direction system known as Help TDS has been weaponizing compromised websites since 2017, transforming legitimate sites into gateways for elaborate tech support scams. The operation specializes in deploying PHP code templates that redirect unsuspecting visitors to fraudulent Microsoft Windows security alert pages designed to deceive users into believing their systems are compromised. […] The post Help TDS Weaponize Legitimate Sites’ PHP Code Templates With Fake Microsoft Windows Security Alert Pages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This newly discovered technique leverages malformed chunked transfer encoding extensions to bypass established security controls and inject unauthorized secondary requests into web applications. Key Takeaways1. Exploits malformed HTTP chunked encoding to create front-end/back-end parsing discrepancies.2. Bypasses […] The post New HTTP Smuggling Attack Technique Let Hackers Inject Malicious Requests appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cryptojacking campaign has emerged, exploiting misconfigured Redis servers across multiple continents to deploy cryptocurrency miners while systematically dismantling security defenses. The threat actor behind this operation, designated TA-NATALSTATUS, has been active since 2020 but has significantly escalated their activities throughout 2025, targeting exposed Redis instances with alarming success rates across major economies. The […] The post New Cryptojacking Attack Exploits Redis Servers to Install Miners and Disable Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ransomware-as-a-Service (RaaS) models continue to democratize sophisticated attacks in the ever-changing world of cybercrime by allowing affiliates with little technical know-how to distribute ransomware through profit-sharing or subscription models. A…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Lumma information stealer has evolved from its 2022 origins into one of the most sophisticated malware-as-a-service (MaaS) ecosystems in the cybercriminal landscape. Operating through a vast network of affiliates, Lumma has established itself as the dominant infostealer platform, accounting for approximately 92% of stolen credential listings on major underground marketplaces by late 2024. The […] The post Lumma Affiliates Using Advanced Evasion Tools Designed to Ensure Stealth and Continuity appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
