-
Security researchers have uncovered a new macOS malware campaign in which threat actors are abusing Extended Validation (EV) code-signing certificates to distribute completely undetectable (FUD) disk image (DMG) payloads. While EV certificate abuse has…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Adversaries don’t work 9–5 and neither do we. At eSentire, our 24/7 SOCs are staffed with elite threat hunters and cyber analysts who hunt, investigate, contain and respond to threats within minutes. Backed by threat intelligence, tactical threat respo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign dubbed “TamperedChef” is exploiting trojanized productivity tools—disguised as seemingly benign applications—to bypass security controls, establish persistence, and siphon sensitive information from targeted systems. On…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign has been targeting organizations through a weaponized Microsoft Teams installer that delivers the dangerous Oyster malware, according to a recent investigation by cybersecurity experts. The attack demonstrates an a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed by a trio of seasoned Assembly coders under the alias “OLYMPO,” the loader…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are exploiting SVG files as an initial attack vector in a multi-stage campaign designed to impersonate Ukrainian government communications. FortiGuard Labs has uncovered a sophisticated phishing campaign targeting Ukrainian government ag…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender’s Attack Surface Reduction (ASR) rules, which blocked the malware from establishing contact with its command-and-control server. The multi-stage attack […] The post Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’ emails. The package, downloaded approximately 1,500 times per week, contained a backdoor that copied every email processed by the tool to a server controlled by the attacker. This incident highlights […] The post First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a new white paper presented at Virus Bulletin 2025, sheds light on th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security teams worldwide have been warned after attackers began exploiting a newly discovered zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) 5500-X Series firewalls. The breach allows hackers to deploy sophisticated malware, dubbed&#…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
