Supply chain attacks targeting the JavaScript ecosystem have evolved into sophisticated operations combining domain manipulation with social engineering. On September 8, 2025, threat actors launched a coordinated phishing campaign aimed at compromising high-profile NPM developers. The attack successfully infiltrated the accounts of developer Josh Junon, known as “qix,” and targeted at least four other maintainers, […] The post New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach appeared first on Cyber Security News.

In October 2025, threat researchers at Cyble Research and Intelligence Labs uncovered a sophisticated cyber attack leveraging weaponized military documents to distribute an advanced SSH-Tor backdoor targeting defense sector personnel. The campaign centers on a deceptively simple delivery mechanism: a ZIP archive disguised as a Belarusian military document titled “ТЛГ на убытие на переподготовку.pdf” (TLG […] The post Hackers Deliver SSH-Tor Backdoor Via Weaponized Military Documents in ZIP Files appeared first on Cyber Security News.

A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure. Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and Belarusian Special Forces, utilizing legitimate OpenSSH binaries and obfs4 bridges to mask communication channels while […] The post New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic appeared first on Cyber Security News.

Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish persistence within target networks across multiple industries. The FortiGuard Incident Response […] The post Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks appeared first on Cyber Security News.

The explosive growth of artificial intelligence has created an unexpected security threat as cybercriminals exploit ChatGPT’s popularity through counterfeit mobile applications. Recent security research uncovered sophisticated malicious apps masquerading as legitimate ChatGPT interfaces, designed to harvest sensitive user data and monitor digital activities without consent. These fraudulent applications have infiltrated third-party app stores, targeting users […] The post Beware of Malicious ChatGPT Apps That Records Users Action and Steals Sensitive Data appeared first on Cyber Security News.

In mid-2025, researchers discovered a sophisticated campaign orchestrated by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) targeting organizations relying on Motex LANSCOPE Endpoint Manager. The attackers exploited a previously unknown zero-day vulnerability tracked as CVE-2025-61932, which grants remote adversaries the ability to execute arbitrary commands with SYSTEM privileges. This marks the […] The post Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data appeared first on Cyber Security News.

A new wave of cyber threats is emerging as criminals increasingly weaponize AdaptixC2, a free and open-source Command and Control framework originally designed for legitimate penetration testing and red team operations. Security researchers have uncovered a disturbing trend where advanced threat actors deploy this extensible post-exploitation tool across global ransomware campaigns, transforming a utility meant […] The post Threat Actors Actively Using Open-Source C2 Framework to Deliver Malicious Payloads appeared first on Cyber Security News.

Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target European diplomatic entities across Hungary, Belgium, Serbia, Italy, and the Netherlands. Arctic Wolf researchers identified this sophisticated cyber espionage campaign operating throughout September and October 2025, representing a significant evolution in the group’s operational capabilities and geographic reach. The attack […] The post Hackers Weaponizing Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability appeared first on Cyber Security News.

Threat actors operating under the control of North Korea’s regime have demonstrated continued technical sophistication by introducing advanced malware toolsets designed to establish persistent backdoor access and remote control over compromised systems. Recent findings have revealed that Kimsuky, known for orchestrating espionage campaigns, deployed HttpTroy, while the Lazarus APT group introduced an enhanced variant of […] The post Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access appeared first on Cyber Security News.