Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […] The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.

In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering can bypass traditional security controls. The adversary’s modus operandi involves posing as remote software engineers, submitting legitimate-looking résumés, completing coding assessments, and ultimately blending into corporate environments. Initial signs were subtle: benign emails, genuine code […] The post New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network appeared first on Cyber Security News.

In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers and scripts that deliver stealthy malware payloads. These repositories exploit the trust developers place in […] The post Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware appeared first on Cyber Security News.

A sophisticated cybercrime campaign has emerged that transforms legitimate AWS infrastructure into weaponized attack platforms through an innovative combination of containerization and distributed denial-of-service capabilities. The ShadowV2 botnet represents a significant evolution in cyber threats, leveraging exposed Docker daemons on Amazon Web Services EC2 instances to establish persistent footholds for large-scale DDoS operations. This campaign […] The post ShadowV2 Botnet Exploits Docker Containers on AWS to Turn Thems as Infected System for DDoS Attack appeared first on Cyber Security News.

A sophisticated new malware family dubbed YiBackdoor has emerged in the cybersecurity landscape, posing a significant threat to organizations worldwide. First observed in June 2025, this malicious software represents a concerning evolution in backdoor technology, featuring advanced capabilities that enable threat actors to execute arbitrary commands, capture screenshots, collect sensitive system information, and deploy additional […] The post New YiBackdoor Allows Attackers to Execute Arbitrary Commands and Exfiltrate Sensitive Data from Hacked Systems appeared first on Cyber Security News.

Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout time—the period from initial access to lateral movement—has plummeted to a mere 18 minutes during the June-August 2025 reporting period. This alarming statistic represents a dramatic reduction from previous timeframes, with the fastest recorded incident clocking in at just six […] The post Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access appeared first on Cyber Security News.

A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique to conceal malicious code within QR codes. The malicious package, identified as “fezbox,” presents itself as a legitimate JavaScript/TypeScript utility library while secretly executing password-stealing operations through a cleverly disguised QR code payload. This attack represents a significant evolution in […] The post New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code appeared first on Cyber Security News.