Cyber threats are changing how they reach victims. A financially motivated criminal network called Payroll Pirates has been quietly attacking payroll systems, credit unions, and trading platforms across the United States since mid-2023. Their weapon of choice is malvertising, where fake ads appear on search engines and trick users into visiting phishing websites. Once employees […] The post Payroll Pirates – Network of Criminal Groups Hijacking Payroll Systems appeared first on Cyber Security News.

A new threat has emerged in the ransomware landscape with the discovery of Yurei ransomware, first publicly identified in early September 2025. This Go-based malware follows a typical ransomware operation model by infiltrating corporate networks, encrypting critical data, deleting backups, and demanding ransom for stolen information. The group operates through a dedicated dark web site […] The post Yurei Ransomware File Encryption, Operation Model and Data Transfer Methods Uncovered appeared first on Cyber Security News.

Pig-butchering scams have grown into one of the most damaging global cybercrime threats, causing billions of dollars in losses every year. These long-term investment fraud schemes work by building trust through emotional grooming and fake trading platforms before draining victims of their life savings. The scams now operate at an industrial scale, and criminal groups […] The post Pig-Butchering Scams Operators Scaled Their Operations with The Support of AI-Assistants appeared first on Cyber Security News.

A new phishing campaign has emerged that weaponizes Microsoft Entra guest user invitations to deceive recipients into making phone calls to attackers posing as Microsoft support. The attack leverages a critical security gap in how Microsoft Entra communicates with external users, turning a legitimate collaboration feature into a delivery mechanism for sophisticated social engineering attacks. […] The post Hackers Leverages Microsoft Entra Tenant Invitations to Launch TOAD Attacks appeared first on Cyber Security News.

In November 2025, a new malware campaign emerged that combines social engineering tricks with advanced stealing tools. The attack starts when criminals trick users into running commands through the Windows Run window, a technique known as ClickFix. Once users follow these instructions, their computers become infected with Amatera Stealer, an advanced piece of malware designed […] The post EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT appeared first on Cyber Security News.

A dangerous espionage campaign is targeting senior government and defense officials worldwide. Iranian hackers are using fake conference invitations and meeting requests to trick victims. The attackers spend weeks building trust before striking. They reach out through WhatsApp to make their messages look legitimate. This campaign, known as SpearSpecter, combines patience with powerful malware to […] The post Iranian SpearSpecter Attacking High-Value Officials Using Personalized Social Engineering Tactics appeared first on Cyber Security News.

Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor leverages malicious Outlook macros for persistent access and data theft. Attackers embed these macro payloads within Outlook’s data files to monitor incoming emails and trigger hidden code on infected systems. […] The post Researchers Detailed Techniques to Detect Outlook NotDoor Backdoor Malware appeared first on Cyber Security News.

A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a CVSS score of 8.8. This flaw poses a […] The post Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges appeared first on Cyber Security News.

A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that pretend to be legitimate programs like Google Chrome and Microsoft Teams. […] The post RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools appeared first on Cyber Security News.