A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have demonstrated sophisticated knowledge of mobile security vulnerabilities, combining multiple evasion strategies […] The post AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload appeared first on Cyber Security News.

Xillen Stealer, a sophisticated Python-based information stealer, has emerged as a significant threat in the cybercriminal landscape. Originally identified by Cyfirma in September 2025, this cross-platform malware has recently evolved into versions 4 and 5, introducing a dangerous arsenal of features designed to steal sensitive credentials, cryptocurrency wallets, and system information while evading modern security […] The post Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers appeared first on Cyber Security News.

The dark web has transformed into a functioning parallel labor market where cyber specialists find employment through unconventional channels. Unlike traditional job boards, this shadow economy operates with distinct recruitment norms and salary expectations that differ significantly from legitimate hiring practices. A comprehensive analysis of 2,225 job-related posts collected from dark web forums between January […] The post Dark Web Job Market Evolved – Prioritizes Practical Skills Over Formal Education appeared first on Cyber Security News.

Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus groups are working together to steal sensitive intelligence and cryptocurrencies through a systematic approach that combines social engineering with zero-day exploitation. This partnership represents a major shift in how state-sponsored […] The post North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide appeared first on Cyber Security News.

A new command-and-control platform called Matrix Push C2 has emerged as a serious threat to web users across all operating systems. This browser-based attack framework turns legitimate web browser features into a weapon for delivering malware and phishing attacks. Unlike traditional malware that requires file downloads, Matrix Push C2 operates silently through a fileless attack […] The post Hackers Using New Matrix Push C2 to Deliver Malware and Phishing Attacks via Web Browser appeared first on Cyber Security News.

In August 2025, a sophisticated cyber attack targeted an Asian subsidiary of a large European manufacturing organization through a deceptive job offer scheme. The intrusion campaign, identified as Operation DreamJob, demonstrates how threat actors continue to refine social engineering techniques to compromise high-value targets within the manufacturing sector. This attack specifically exploited WhatsApp Web messaging […] The post Operation DreamJob Attacking Manufacturing Industries Using Job-related WhatsApp Web Message appeared first on Cyber Security News.

Chinese-backed attackers have begun weaponizing a critical vulnerability in Microsoft Windows Server Update Services (WSUS) to distribute ShadowPad, a sophisticated backdoor malware linked to multiple state-sponsored groups. The attack chain exploits CVE-2025-59287, a remote code execution flaw that grants system-level access to vulnerable servers. Since the proof-of-concept code was released publicly in October, threat actors […] The post Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware appeared first on Cyber Security News.