-
A new ransomware threat named “The Gentlemen” has emerged in the cybersecurity landscape, demonstrating advanced attack capabilities and a well-structured operational model. First appearing around July 2025, this group quickly established itself as a serious threat, publishing 48 victims on their dark web leak site between September and October 2025. The ransomware operates as a […] The post ‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018. The group’s primary strategy involves intercepting legitimate software updates by deploying a specialized tool called EdgeStepper, which acts as a bridge between users’ computers and malicious servers. This technique allows hackers to inject […] The post Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of cyberattacks has emerged using the Tuoni Command and Control (C2) framework, a sophisticated tool that allows threat actors to deploy malicious payloads directly into system memory. This technique helps attackers avoid detection by traditional security solutions that rely on scanning files stored on disk. The Tuoni framework has gained attention in […] The post Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A global data storage and infrastructure company fell victim to a severe ransomware attack orchestrated by Howling Scorpius, the group responsible for distributing Akira ransomware. The incident began with what appeared to be a routine security check on a compromised car dealership website. An employee clicked on what seemed like a standard verification prompt to […] The post Destructive Akira Ransomware Attack with a Single Click on CAPTCHA in Malicious Website appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new malware campaign targeting macOS users has emerged with a dangerous focus on cryptocurrency wallet theft. The malware, called Nova Stealer, uses a clever approach to trick victims by replacing genuine cryptocurrency applications with fake versions that steal wallet recovery phrases. This bash-based stealer has been identified attacking users of popular cryptocurrency wallets, including […] The post New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered an active global hacking campaign leveraging a known flaw in Ray, an open-source AI framework widely used for managing distributed computing tasks. Dubbed ShadowRay 2.0, this attack exploits vulnerability CVE-2023-48022 to silently seize control of powerful AI computing clusters and turn them into cryptocurrency mining operations. The campaign represents a significant […] The post New ShadowRay Attack Exploit Ray AI-Framework Vulnerability to Attack AI Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting the npm ecosystem has emerged, deploying a clever detection system that distinguishes between regular users and security researchers. The threat actor, operating under the alias dino_reborn, created seven malicious npm packages designed to redirect users to crypto-themed scam sites while evading security detection. This intricate operation represents a new frontier […] The post New npm Malware Campaign Verifies if the Visitor is a Victim or a Researcher Before Triggering Infection appeared first on Cyber Security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity threats continue to evolve with sophisticated evasion methods. A new .NET-based malware loader has emerged that demonstrates an advanced approach to concealing the notorious Lokibot trojan within image files. This multi-stage payload delivery system uses steganography, a technique that embeds hidden data inside legitimate-looking files, making detection significantly more challenging for security tools and […] The post New .NET Malware Hides Lokibot Malware within PNG/BMP Files to Evade Detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Sneaky2FA phishing service has recently added a dangerous new capability to its toolkit that makes stealing Microsoft account credentials even easier for attackers. Push Security analysts and researchers have identified this threat operating in the wild, using a sophisticated technique called Browser-in-the-Browser (BITB) to trick users into handing over their login information. This development […] The post New Sneaky 2FA Phishing Kit with BitB Technique Attacking Users to Steal Microsoft Account Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly six years. These tools promised simple privacy solutions with single-click activation, yet delivered precisely the […] The post Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶