A sophisticated subgroup of the Lazarus threat actor has surfaced in recent months, deploying three distinct remote access trojans (RATs) across compromised financial and cryptocurrency organizations. Initial access has primarily been achieved via tailored social engineering campaigns on Telegram, where attackers impersonate legitimate employees of well-known trading firms. Victims are lured to counterfeit meeting websites, […] The post Lazarus Hackers Deploying Three RATs on Compromised Systems Possibly Using 0-Day Vulnerability appeared first on Cyber Security News.

A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a Windows service and an injected DLL payload—to remain hidden while harvesting rich contextual data. The […] The post New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities appeared first on Cyber Security News.

A novel phishing campaign emerged in late August 2025 that specifically targeted hoteliers and vacation rental managers through malicious search engine advertisements. Rather than relying on mass email blasts or social media lures, attackers purchased sponsored ads on platforms such as Google Search, typosquatting legitimate service providers’ names to redirect unsuspecting users. By mimicking brands […] The post New Large-Scale Phishing Attacks Targets Hotelier Via Ads to Gain Access to Property Management Tools appeared first on Cyber Security News.

Cybercriminals are increasingly exploiting legitimate email marketing platforms to launch sophisticated phishing campaigns, leveraging the trusted reputation of these services to bypass security filters and deceive victims. This emerging threat vector represents a significant evolution in phishing tactics, where attackers abuse click-tracking domains and URL redirection services provided by established email marketing companies to mask […] The post Hackers Abuse Legitimate Email Marketing Platforms to Disguise Malicious Links appeared first on Cyber Security News.

Security researchers have observed an unprecedented surge in domain registrations in recent months, closely tied to the upcoming 2026 FIFA World Cup tournament. These domains, often masquerading as legitimate ticketing portals, merchandise outlets, or live-stream platforms, serve as precursors to a multifaceted cyber campaign designed to harvest credentials, distribute malware, and siphon financial data. Attackers […] The post Hackers Registering Domains to Launch Cyberattack Targeting 2026 FIFA World Cup Tournament appeared first on Cyber Security News.

A sophisticated Android malware campaign has emerged in recent months, targeting students in Bangladesh by masquerading as legitimate scholarship applications. Disguised under the guise of the Bangladesh Education Board, these fraudulent apps promise financial aid and entice unsuspecting users to download APKs from shortened URLs. Once installed, the malware covertly harvests personal and financial information, […] The post Beware of Fraudulent Scholarship Apps Attacking Students in Defarud Campaign appeared first on Cyber Security News.

Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads. At first glance, nodejs-smtp operates identically to its legitimate counterpart, supplying a familiar API and successfully dispatching emails. This […] The post Malicious npm Package Mimics as Popular Nodemailer with Weekly 3.9 Million Downloads to Hijack Crypto Transactions appeared first on Cyber Security News.

Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns and malicious downloads. These infostealers cast wide nets, siphoning browser data, cookies, and system information, […] The post Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks appeared first on Cyber Security News.

Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to redirect unsuspecting visitors to malicious infrastructure. Once redirected, users encountered counterfeit Cloudflare verification pages designed […] The post Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users appeared first on Cyber Security News.

A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative AI character enhancement tool that promises “meta” interactions between users and their virtual AI companions. […] The post AI Waifu RAT Attacking Users With Novel Social Engineering Techniques appeared first on Cyber Security News.