Emerging in mid-2025, the shinysp1d3r ransomware-as-a-service (RaaS) platform represents the next evolution of cloud-focused extortion tools. Unlike traditional ransomware that targets Windows endpoints or network file shares, shinysp1d3r is engineered specifically to infect and encrypt VMware ESXi hypervisors and their attached datastores. Early deployments have demonstrated a two-stage payload delivery: initial access is gained through […] The post New ‘shinysp1d3r’ Ransomware-as-a-service in Active Development to Encrypt VMware ESXi Environments appeared first on Cyber Security News.

In recent months, cybersecurity researchers have exposed a tangled web of hidden alliances among leading ransomware operations, reshaping how defenders perceive these threats. Historically treated as distinct entities—Conti, LockBit, Evil Corp, and others—ransomware groups have evolved into a dynamic marketplace where code, infrastructure, and human capital flow freely between operators. The transformation accelerated after major […] The post Researchers Uncover Hidden Connections Between Ransomware Groups and Relationships Between Them appeared first on Cyber Security News.

Python developers face a growing threat from typosquatted packages in the Python Package Index (PyPI), with malicious actors increasingly targeting this trusted repository to distribute sophisticated malware. Recent discoveries have exposed a concerning trend where threat actors create packages that closely mimic legitimate libraries, using slight spelling variations to trick unsuspecting developers into installing harmful […] The post Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT appeared first on Cyber Security News.

Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware distinguishes itself through a modular architecture and stealthy design, allowing it to harvest sensitive information without alerting victims. Delivered predominantly via cracked software bundles and underground forums, Raven Stealer capitalizes […] The post Raven Stealer Attacking Google Chrome Users to Steal Sensitive Data appeared first on Cyber Security News.

Since early 2025, cybersecurity teams have observed a marked resurgence in operations attributed to MuddyWater, an Iranian state–sponsored advanced persistent threat (APT) actor. Emerging initially through broad remote monitoring and management (RMM) exploits, the group has pivoted to highly targeted campaigns employing custom malware backdoors and multi-stage payloads designed to evade detection. Rather than relying […] The post MuddyWater Hackers Using Custom Malware With Multi-Stage Payloads and Uses Cloudflare to Mask Fingerprints appeared first on Cyber Security News.

A sophisticated North Korean nation-state threat actor campaign has emerged, distributing an evolved variant of the BeaverTail malware through deceptive fake hiring platforms and ClickFix social engineering tactics. This latest campaign, active since May 2025, represents a significant tactical shift as threat actors expand beyond their traditional software developer targets to pursue marketing professionals, cryptocurrency […] The post BeaverTail Variant via Malicious Repositories Targeting Retail Sector Organizations appeared first on Cyber Security News.

The Chinese state-sponsored threat actor TA415 has evolved its tactics, techniques, and procedures by leveraging legitimate cloud services like Google Sheets and Google Calendar for command and control communications in recent campaigns targeting U.S. government, think tank, and academic organizations. Throughout July and August 2025, this sophisticated group conducted spearphishing operations using U.S.-China economic-themed lures, […] The post China-Aligned TA415 Hackers Uses Google Sheets and Google Calendar for C2 Communications appeared first on Cyber Security News.

The threat landscape for e-commerce websites has once again shifted with the emergence of a sophisticated Magecart-style attack campaign, characterized by the deployment of obfuscated JavaScript to harvest sensitive payment information. The campaign first came to light in mid-September 2025 following a tweet indicating an ongoing skimming operation, which was later investigated in detail by […] The post New Magecart Skimmer Attack With Malicious JavaScript Injection to Skim Payment Data appeared first on Cyber Security News.

A sophisticated mobile ad fraud operation dubbed “SlopAds” has infiltrated Google Play Store with 224 malicious applications that collectively amassed over 38 million downloads across 228 countries and territories. The campaign represents one of the most extensive mobile fraud schemes discovered to date, utilizing advanced steganography techniques and multi-layered obfuscation to deliver fraudulent advertising payloads […] The post 224 Malicious Android Apps on Google Play With 38 Million Downloads Delivering Malicious Payloads appeared first on Cyber Security News.

Since mid-2024, cybercriminals have leveraged a subscription-based phishing platform known as RaccoonO365 to harvest Microsoft 365 credentials at scale. Emerging as an off-the-shelf service, RaccoonO365 requires minimal technical skill, allowing threat actors to deploy convincing phishing campaigns by impersonating official Microsoft communications. These kits replicate Microsoft branding, email templates, and login portals to trick recipients […] The post Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service appeared first on Cyber Security News.