A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that pretend to be legitimate programs like Google Chrome and Microsoft Teams. […] The post RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools appeared first on Cyber Security News.

Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. When a user opens the attached Visual Basic Script file, the malware begins working silently in the background without any visible warnings or alerts. This makes it extremely dangerous because victims […] The post Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials appeared first on Cyber Security News.

A new malware family targeting macOS systems has emerged with advanced detection evasion techniques and multi-stage attack chains. Named DigitStealer, this information stealer uses multiple payloads to steal sensitive data while leaving minimal traces on infected machines. The malware disguises itself as legitimate software and uses clever methods to bypass Apple’s security protections. DigitStealer spreads […] The post Highly Sophisticated macOS DigitStealer Employs Multi-Stage Attacks to Evade detection appeared first on Cyber Security News.

A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of events that downloads and installs the malware on victim systems. […] The post Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts appeared first on Cyber Security News.

Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was designed to impersonate the Italian IT and web services provider Aruba S.p.A., a […] The post A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection appeared first on Cyber Security News.

A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North America, Europe, and Australia, amassing approximately $244.17 million in ransom proceeds as of late September 2025. […] The post Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report appeared first on Cyber Security News.

Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The malware spreads primarily through phishing emails, malicious advertisements, and compromised websites that trick users […] The post Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications appeared first on Cyber Security News.

Cybercriminals have launched a new phishing campaign that tricks users by impersonating legitimate spam-filter notifications from their own company. These fake emails claim that your organization recently upgraded its Secure Message system and that some pending messages failed to reach your inbox. The message urges you to click the “Move to Inbox” button to retrieve […] The post Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink appeared first on Cyber Security News.

On November 7th, security researchers discovered a dangerous malicious npm package called “@acitons/artifact” that had already been downloaded more than 206,000 times. The package was designed to look like the legitimate “@actions/artifact” package used by developers building tools with GitHub Actions. This was a classic typosquatting attack where the attackers swapped the letters to make […] The post Malicious npm Package with 206k Downloads Attacking GitHub-Owned Repositories to Exfiltrate Tokens appeared first on Cyber Security News.