The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight implant for remote command execution, its modular codebase enabled rapid adaptation to new objectives. Over the past year, targets have included enterprise networks across multiple regions, with operators exploiting malvertising […] The post Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal appeared first on Cyber Security News.

In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive permissions under the guise of enhanced functionality. Initial distribution relies on phishing websites and fake […] The post New Android Spyware Attacking Android Users Mimic as Signal and ToTok Apps appeared first on Cyber Security News.

In recent months, a sophisticated campaign dubbed Cavalry Werewolf has emerged, targeting government and critical infrastructure organizations across Russia and neighboring regions. Adversaries initiated these attacks by sending meticulously crafted phishing emails that impersonate officials from Kyrgyz government agencies. These emails contain malicious RAR archives, which deploy a suite of custom tools, including the FoalShell […] The post Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT appeared first on Cyber Security News.

The resurgence of XWorm in mid-2025 marks a significant escalation in malware sophistication. After a lull following the abrupt discontinuation of official support for version 5.6 in late 2024, threat actors unveiled XWorm V6.0 on June 4, 2025. A post on hackforums.net by an account named XCoderTools first announced this release, claiming to patch a […] The post New XWorm V6 Variant Injects Malicious Code into a Legitimate Windows Program appeared first on Cyber Security News.

An operator known as GhostSocks advertised a novel Malware-as-a-Service (MaaS) on the Russian cybercrime forum XSS.is on October 15, 2023, promising to transform compromised devices into residential SOCKS5 proxies. The service capitalized on the inherent trust placed in residential IP addresses to bypass anti-fraud systems and avoid detection by network defenders. Early promotional posts showcased […] The post New GhostSocks Malware-as-a-Service Enables Threat Actors to Convert Compromised Devices into Proxies appeared first on Cyber Security News.

Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web interface and various administrative functions, creating multiple attack vectors that malicious actors can exploit to gain complete control over affected devices. The discovery highlights […] The post TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as Netlify, pages.dev, and workers.dev to serve fake login pages tailored to government and military targets […] The post SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials appeared first on Cyber Security News.

Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the malware not only establishes a foothold on the host system but also hijacks active WhatsApp […] The post Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware appeared first on Cyber Security News.