A sophisticated malware strain targeting exposed Docker APIs has emerged with enhanced infection capabilities that go beyond traditional cryptomining operations. The threat, discovered in August 2025, demonstrates evolved tactics designed to establish persistent root access while denying other attackers access to compromised systems. The malware represents a significant evolution from a variant originally reported by […] The post New Malware Attack Leveraging Exposed Docker APIs to Maintain Persistent SSH Root Access appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated campaign in recent weeks leveraging a novel Remote Access Trojan (RAT) dubbed MostereRAT that targets Windows systems by deploying legitimate remote access tools such as AnyDesk and TightVNC. The malware’s emergence represents a significant evolution from earlier banking trojans, combining social engineering with advanced evasion techniques to establish covert […] The post MostereRAT Attacking Windows Systems With AnyDesk/TightVNC to Enable Remote Access appeared first on Cyber Security News.

APT37, the North Korean-aligned threat actor also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has expanded its arsenal with sophisticated new malware targeting Windows systems. Active since 2012, the group primarily focuses on South Korean individuals connected to the North Korean regime or involved in human rights activism. The threat actor has now introduced […] The post New APT37 Attacking Windows Machines With New Rust and Python Based Malware appeared first on Cyber Security News.

Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate networks across multiple continents. The threat actors behind this operation, known colloquially as Salt Typhoon and UNC4841, leveraged overlapping infrastructure and shared tactics to maximize stealth and persistence. Initial infiltration was achieved through exploitation of unpatched remote […] The post Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure appeared first on Cyber Security News.

In Caracas this week, President Nicolás Maduro unveiled the Huawei Mate X6 gifted by China’s Xi Jinping, declaring the device impervious to U.S. espionage efforts. The announcement coincides with heightened tensions between Washington and Beijing, as the United States enforces stringent controls on Chinese telecom equipment. Beyond its political symbolism, the Mate X6 has become […] The post Venezuela’s Maduro Says Huawei Mate X6 Gift From China is Unhackable by U.S. Spies appeared first on Cyber Security News.

Security researchers first observed LunaLock in early September 2025, a sophisticated ransomware strain targeting independent illustrators and digital artists. Leveraging compromised credentials and social engineering, the group behind LunaLock has zeroed in on a niche marketplace—Artists & Clients—where freelance creators exchange custom commissions. Initial intrusion involved spear-phishing campaigns disguised as royalty notifications, enticing victims to […] The post LunaLock Ransomware Attacking Artists to Steal and Encrypt Data appeared first on Cyber Security News.

A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational playbook of Kimsuky (APT43). The leak, comprising terminal history files, phishing domains, OCR workflows, compiled stagers, and a full Linux rootkit, revealed a credential-centric campaign that targeted South Korean government […] The post Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure appeared first on Cyber Security News.

A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily. The attack represents a significant evolution in cloud service abuse, transforming AWS’s legitimate bulk email platform into a weapon for credential theft and financial fraud. The campaign begins with compromised […] The post Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day appeared first on Cyber Security News.

Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in modern web security infrastructure. The research, conducted during an autonomous penetration test, revealed how attackers can exploit parsing differences between WAF engines and web application frameworks to execute malicious code […] The post Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution appeared first on Cyber Security News.