A sophisticated spearphishing campaign has emerged targeting humanitarian organizations and Ukrainian government agencies, leveraging weaponized PDF attachments and fake Cloudflare verification pages to distribute a dangerous WebSocket-based remote access trojan. The operation, first uncovered in early October 2025, demonstrates a remarkable level of operational planning and infrastructure compartmentalization, with the threat actors maintaining their campaign […] The post New PhantomCaptcha RAT Weaponized PDFs to Deliver Malware Using ‘ClickFix’-Style Cloudflare Captcha Pages appeared first on Cyber Security News.

Email phishing attacks have reached a critical inflection point in 2025, as threat actors deploy increasingly sophisticated evasion techniques to circumvent traditional security infrastructure and user defenses. The threat landscape continues to evolve with the revival and refinement of established tactics that were once considered outdated, combined with novel delivery mechanisms that exploit gaps in […] The post Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters appeared first on Cyber Security News.

Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment methods, threat actors are now weaponizing this remote control and surveillance platform through sophisticated fileless […] The post New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient appeared first on Cyber Security News.

Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories and sensitive data. This emerging threat exploits misconfigured storage access controls to establish persistence and exfiltrate valuable intellectual property. The attack vector represents a significant shift in how threat actors […] The post Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories appeared first on Cyber Security News.

A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design, utilizing the BNB Smart Chain Testnet as a resilient dead-drop resolver for its C2 infrastructure. This novel approach demonstrates how threat actors exploit Web3 technologies to evade traditional detection mechanisms […] The post SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels appeared first on Cyber Security News.

Microsoft 365 Exchange Online’s Direct Send feature, originally designed to enable legacy devices and applications to send emails without authentication, has become an exploitable pathway for cybercriminals conducting sophisticated phishing and business email compromise attacks. The feature allows multifunction printers, scanners, and older line-of-business applications to transmit messages by bypassing rigorous authentication and security checks, […] The post Hackers Abuse Microsoft 365 Exchange Direct Send to Bypass Content Filters and Harvest Sensitive Data appeared first on Cyber Security News.

The Bitter APT group, also tracked as APT-Q-37 and known in China as 蔓灵花, has launched a sophisticated cyberespionage campaign targeting government agencies, military installations, and critical infrastructure across China and Pakistan. The threat actor has deployed weaponized Microsoft Office documents that exploit a previously unknown zero-day vulnerability in WinRAR archive software to install custom […] The post Bitter APT Hackers Exploit WinRAR Zero-Day Via Weaponized Word Documents to Steal Sensitive Data appeared first on Cyber Security News.

A sophisticated information-stealing malware known as Vidar Stealer has undergone a complete architectural transformation with the release of version 2.0, introducing advanced capabilities that enable it to bypass Chrome’s latest security protections through direct memory injection techniques. Released on October 6, 2025, by its developer “Loadbaks” on underground forums, this new iteration features a complete […] The post Vidar Stealer Bypassing Browser Security Via Direct Memory Injection to Steal Login Credentials appeared first on Cyber Security News.

The stealer malware ecosystem has evolved into a sophisticated criminal enterprise capable of processing hundreds of millions of credentials daily. Over the past several years, threat actors have transformed the landscape of credential theft through specialized malware families and underground distribution platforms. These information-stealing operations now represent one of the most significant threats to digital […] The post Threat Actors With Stealer Malwares Processing Millions of Credentials a Day appeared first on Cyber Security News.

A sophisticated new threat has emerged in the cybersecurity landscape, leveraging the popular communication platform Discord to conduct covert operations. ChaosBot, a Rust-based malware strain, represents an evolution in adversarial tactics by hiding malicious command and control traffic within legitimate cloud service communications. This approach allows attackers to blend seamlessly into normal network traffic, making […] The post New Rust-Based ChaosBot Malware Leverages Discord for Stealthy Command and Control appeared first on Cyber Security News.