The cybersecurity landscape witnessed a concerning development as threat actors discovered a novel attack vector targeting Microsoft Edge’s Internet Explorer mode functionality. This sophisticated campaign emerged in August 2025, exploiting the inherent security weaknesses of legacy browser technology to compromise unsuspecting users’ devices. The attack represents a significant evolution in threat actor tactics, demonstrating their […] The post Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices appeared first on Cyber Security News.

North Korean state-sponsored threat actors have intensified their supply chain attacks against software developers through a sophisticated campaign dubbed “Contagious Interview,” deploying 338 malicious npm packages that have accumulated over 50,000 downloads. The operation represents a dramatic escalation in the weaponization of the npm registry, targeting Web3, cryptocurrency, and blockchain developers through elaborate social engineering […] The post North Korean Hackers Attacking Developers with 338 Malicious npm Packages appeared first on Cyber Security News.

Security researchers have identified a sophisticated malware campaign that exploits WhatsApp’s messaging platform to deploy banking trojans targeting Brazilian financial institutions and cryptocurrency exchanges. The self-propagating worm, which emerged on September 29, 2025, demonstrates advanced evasion techniques and multi-stage infection chains designed to circumvent modern security defenses. The threat has already affected over 400 customer […] The post New WhatsApp Worm Attacks Users with Banking Malware to Users Login Credentials appeared first on Cyber Security News.

Scattered Lapsus$ Hunters, a threat group previously associated with high-profile data thefts, recently claimed responsibility for exfiltrating over one billion records from Salesforce environments worldwide. Emerging in mid-2025, the group has honed its tactics to exploit misconfigurations in cloud identities and exposed APIs. Initial reports surfaced when multiple Salesforce customers observed anomalous queries against their […] The post Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records appeared first on Cyber Security News.

A new wave of the Astaroth banking trojan has emerged, leveraging a novel approach to distribute its malicious configuration files. First detected in late 2025, this latest campaign employs GitHub’s raw content service to host encrypted JSON configurations containing target URLs, browser injection parameters, and command-and-control (C2) endpoints. By hiding critical settings behind GitHub’s trusted […] The post Astaroth Banking Malware Leveraging GitHub to Host Malware Configurations appeared first on Cyber Security News.

Cybercriminals have discovered a novel way to co-opt Discord webhooks as surrogate command-and-control (C2) channels across popular language ecosystems. Unlike traditional C2 servers, webhooks offer free, low-profile exfiltration that blends seamlessly into legitimate HTTPS traffic. Over the past month, malicious packages in npm, PyPI, and RubyGems have quietly siphoned sensitive files and telemetry from developer […] The post Threat Actors Weaponize Discord Webhooks for Command and Control with npm, PyPI, and Ruby Packages appeared first on Cyber Security News.

A sophisticated new malware campaign targeting Windows systems has emerged, leveraging Node.js Single Executable Application (SEA) features to distribute malicious payloads while evading traditional detection mechanisms. The Stealit malware represents a significant evolution in malware-as-a-service operations, combining advanced obfuscation techniques with extensive anti-analysis capabilities to establish persistent control over infected systems. The campaign has been […] The post New Stealit Malware Attacking Windows Systems Abuses Node.js Extensions appeared first on Cyber Security News.

ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques using the legitimate Microsoft Edge component identity_helper.exe from the C:\Users\Public\Libraries directory. The […] The post New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands appeared first on Cyber Security News.