A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of events that downloads and installs the malware on victim systems. […] The post Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts appeared first on Cyber Security News.

Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was designed to impersonate the Italian IT and web services provider Aruba S.p.A., a […] The post A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection appeared first on Cyber Security News.

A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North America, Europe, and Australia, amassing approximately $244.17 million in ransom proceeds as of late September 2025. […] The post Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report appeared first on Cyber Security News.

Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The malware spreads primarily through phishing emails, malicious advertisements, and compromised websites that trick users […] The post Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications appeared first on Cyber Security News.

Cybercriminals have launched a new phishing campaign that tricks users by impersonating legitimate spam-filter notifications from their own company. These fake emails claim that your organization recently upgraded its Secure Message system and that some pending messages failed to reach your inbox. The message urges you to click the “Move to Inbox” button to retrieve […] The post Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink appeared first on Cyber Security News.

On November 7th, security researchers discovered a dangerous malicious npm package called “@acitons/artifact” that had already been downloaded more than 206,000 times. The package was designed to look like the legitimate “@actions/artifact” package used by developers building tools with GitHub Actions. This was a classic typosquatting attack where the attackers swapped the letters to make […] The post Malicious npm Package with 206k Downloads Attacking GitHub-Owned Repositories to Exfiltrate Tokens appeared first on Cyber Security News.

The SmartApeSG campaign, also known as ZPHP or HANEY MANEY, continues to evolve its attack methods to compromise Windows systems with malicious remote access tools. First reported in June 2024, this campaign has shifted from using fake browser update pages to deploying sophisticated ClickFix-style techniques. The new approach tricks users into thinking they need to […] The post SmartApeSG Campaign Leverages ClickFix Technique to Deploy NetSupport RAT appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors abuse legitimate JSON storage services to deliver malware to software developers. The campaign, known as Contagious Interview, represents a significant shift in how attackers are concealing malicious payloads within seemingly legitimate development projects. By exploiting platforms such as JSON Keeper, JSONsilo, and npoint.io, threat actors […] The post Threat Actors Leverage JSON Storage Services to Host and Deliver Malware Via Trojanized Code Projects appeared first on Cyber Security News.