North Korean threat actors are evolving their attack strategies by leveraging developer-focused tools as infection vectors. Recent security discoveries reveal that Kimsuky, a nation-state group operating since 2012, has been utilizing JavaScript-based malware to infiltrate systems and establish persistent command and control infrastructure. The threat group traditionally focuses on espionage operations against government entities, think […] The post Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated new malware family targeting enterprise environments through a supply chain compromise. The malware, tracked as Airstalk, represents a significant shift in how attackers exploit legitimate enterprise management tools to evade detection and maintain persistent access to compromised systems. This discovery highlights the growing vulnerability of business process outsourcing organizations […] The post Airstalk Malware Leverages AirWatch API MDM Platform to Establish Covert C2 Communication appeared first on Cyber Security News.

A sophisticated Remote Access Trojan labeled EndClient RAT has emerged as a significant threat targeting human rights defenders in North Korea, marking another escalation in advanced malware operations attributed to the Kimsuky threat group. This newly discovered malware represents a concerning shift in attack sophistication, utilizing stolen code-signing certificates to evade antivirus protections and bypass […] The post New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections appeared first on Cyber Security News.

The Gootloader malware campaign has resurfaced with sophisticated evasion techniques that allow it to bypass automated security analysis. This persistent threat has been targeting victims for over five years using legal-themed search engine optimization poisoning tactics. The malware operators deploy thousands of unique keywords across more than 100 compromised websites to lure unsuspecting users into […] The post Gootloader is Back with New ZIP File Trickery that Decive the Malicious Payload appeared first on Cyber Security News.

On November 3, 2025, blockchain security monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. An attacker executed a precision loss vulnerability to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a rounding error in the _upscaleArray function combined with carefully crafted batchSwap operations, allowing the attacker […] The post Checkpoint Details on How Attackers Drained $128M from Balancer Pools Within 30 Minutes appeared first on Cyber Security News.

Cl0p, a prominent ransomware group operating since early 2019, has emerged as one of the most dangerous threats in the cybersecurity landscape. With over 1,025 confirmed victims and more than $500 million in extorted funds, this Russian-linked group has consistently targeted corporate and private networks worldwide while strategically avoiding CIS countries. The group earned its […] The post Clop Ransomware Actors Exploiting the Latest 0-Day Exploits in the Wild appeared first on Cyber Security News.

Three well-known threat groups have consolidated into a unified cybercriminal entity that represents a significant shift in underground tactics. Scattered LAPSUS$ Hunters (SLH) emerged in early August 2025 as a federated alliance combining Scattered Spider, ShinyHunters, and LAPSUS$, creating what researchers describe as the first consolidated alliance among mature cybercriminal clusters. This consolidation marks a […] The post Three Infamous Cybercriminal Groups Form a New Alliance Dubbed ‘Scattered LAPSUS$ Hunters’ appeared first on Cyber Security News.

The cybersecurity landscape stands at a critical inflection point as organizations prepare for unprecedented challenges in 2026. Google Cloud researchers have released their annual Cybersecurity Forecast, revealing a stark reality: threat actors are transitioning from experimenting with advanced technologies to embedding them as standard operational tools. This shift represents a fundamental change in how attacks […] The post Cybersecurity Forecast 2026 – Google Warns Threat Actors Use AI to Enhance Speed and Effectiveness appeared first on Cyber Security News.

A sophisticated Android-based NFC relay attack dubbed NGate has emerged as a serious threat to banking security across Poland, targeting financial institutions and their customers through coordinated social engineering and technical exploitation. Cert.PL analysts identified new malware samples in recent months that orchestrate unauthorized ATM cash withdrawals without requiring physical theft of payment cards. Rather […] The post NGate Malware Enables Unauthorized Cash Withdrawals at ATMs Using Victims’ Payment Cards appeared first on Cyber Security News.