Since its emergence in February 2025, the NightSpire ransomware group has rapidly distinguished itself through a sophisticated double-extortion strategy that combines targeted encryption with public data leaks. Initially surfacing in South Korea, the group leveraged vulnerabilities in corporate networks to gain initial access, often exploiting outdated VPN appliances and unpatched Remote Desktop Protocol services. Once […] The post NightSpire Ransomware Group Claims to Exploit The Vulnerabilities of Orgs to Infiltrate Their Systems appeared first on Cyber Security News.

A sophisticated malware campaign has emerged targeting users seeking free PDF editing software, with cybercriminals distributing a malicious application masquerading as the legitimate “AppSuite PDF Editor.” The malware, packaged as a Microsoft Installer (MSI) file, has been distributed through high-ranking websites designed to appear as legitimate download portals for productivity tools. These deceptive sites share […] The post AppSuite PDF Editor Hacked to Execute Arbitrary Commands on The Infected System appeared first on Cyber Security News.

In June 2025, a previously undocumented campaign leveraging end-of-support software began surfacing in telemetry data gathered across Eastern Asia. Dubbed TAOTH, the operation exploits an abandoned Chinese input method editor (IME), Sogou Zhuyin, to deliver multiple malware families. Initial intelligence indicated that victims, primarily traditional Chinese users and dissidents, downloaded what appeared to be legitimate […] The post New TAOTH Campaign Exploits End-of-Support Software to Distribute Malware and Collect Sensitive Data appeared first on Cyber Security News.

Attackers have begun leveraging a seemingly innocuous PDF newsletter alongside a malicious Windows shortcut (LNK) file to infiltrate enterprise environments. The attack surfaced in late August 2025, targeting South Korean academic and government institutions under the guise of a legitimate “국가정보연구회 소식지 (52호)” PDF newsletter. Victims receive an archive containing both the PDF decoy and […] The post Hackers Weaponize PDF Along With a Malicious LNK File to Compromise Windows Systems appeared first on Cyber Security News.

As students and staff returned to campuses this August, a stark rise in cyber attacks against educational institutions has been observed worldwide. From January to July 2025, organizations in the education sector endured an average of 4,356 weekly attacks, marking a 41 percent year-over-year increase. These assaults range from credential-harvesting phishing domains to sophisticated delivery […] The post Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season appeared first on Cyber Security News.

A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The Sinobi Group, operating as a Ransomware-as-a-Service (RaaS) affiliate, successfully infiltrated corporate networks by exploiting SonicWall SSL VPN credentials mapped to over-privileged Active Directory accounts with domain administrator rights. The attack […] The post Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware appeared first on Cyber Security News.

Cybersecurity teams worldwide have observed a surge in sophisticated campaigns exploiting both Windows and Linux vulnerabilities in recent months to achieve unauthorized system access. These attacks often begin with phishing emails or malicious web content designed to deliver weaponized documents. Once opened, the embedded exploits target unpatched vulnerabilities in commonly used software components, allowing attackers […] The post Threat Actors Leveraging Windows and Linux Vulnerabilities in Real-world Attacks to Gain System Access appeared first on Cyber Security News.

Over the past year, security researchers have observed a growing trend of North Korean–linked developers establishing credible-looking profiles on popular code-sharing platforms such as GitHub, CodeSandbox, and Gist. These accounts frequently host legitimate open-source projects alongside hidden payloads, allowing operators to mask malicious activity under the guise of normal developer contributions. The overall goal appears […] The post DPRK IT Workers Using Code-Sharing Platforms to Secure New Remote Jobs appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malvertising campaign on Meta’s Facebook platform in recent weeks that targets Android users with promises of a free TradingView Premium application. These deceptive ads mimic official TradingView branding and visuals, luring unsuspecting victims to download what appears to be a legitimate APK. Once installed, however, the app unleashes a […] The post Threat Actors Weaponizing Facebook Ads with Free TradingView Premium App Lures That Delivers Android Malware appeared first on Cyber Security News.