In mid-July 2025, a novel campaign emerged in which cybercriminals weaponized generative AI to fabricate deepfake images of government IDs, embedding them within spear-phishing messages that bypassed traditional antivirus safeguards. These emails impersonated military and security institutions, complete with convincing visual assets generated by ChatGPT. Recipients were urged to review “draft” ID cards, triggering the […] The post Hackers Using Generative AI ‘ChatGPT’ to Evade Anti-virus Defenses appeared first on Cyber Security News.

The BlackNevas ransomware group has emerged as a significant threat since November 2024, continuously launching devastating attacks against businesses and critical infrastructure organizations across Asia, North America, and Europe. This sophisticated malware operation combines file encryption with data theft tactics, threatening to leak stolen information if ransom demands are not met within seven days. The […] The post BlackNevas Ransomware Encrypts Files and Steals Sensitive Data From Affected Companies appeared first on Cyber Security News.

The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware variants designed to breach air-gapped systems. This advanced persistent threat group introduced SnakeDisk, a novel USB worm, alongside an updated Toneshell9 backdoor, representing a calculated evolution in their cyber espionage […] The post Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems appeared first on Cyber Security News.

In August 2025, security researchers uncovered a sophisticated SEO poisoning campaign targeting Chinese-speaking Windows users. By manipulating search result rankings with tailored SEO plugins and registering lookalike domains, attackers successfully masqueraded malicious software download sites as legitimate providers. Victims searching for popular applications such as DeepL were redirected to spoofed pages bearing minimal character substitutions […] The post New SEO Poisoning Attacking Windows Users With Weaponized Software Sites appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated malware campaign spanning seven years, where threat actors behind AppSuite-PDF and PDF Editor applications systematically abused code-signing certificates to legitimize their malicious software. The actors, tracked under the malware family name BaoLoader, have utilized at least 26 code-signing certificates obtained through fraudulent business registrations, primarily targeting users seeking PDF […] The post Actors Behind AppSuite-PDF and PDF Editor Used 26 Code-Signing Certificates to Make Software Appear Legitimate appeared first on Cyber Security News.

DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents to deliver a multi-stage JavaScript-based payload. Upon opening the archive, victims execute a VBE script that leverages Windows Script Host to initiate a PowerShell downloader hidden in innocuous-seeming image files. […] The post DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments appeared first on Cyber Security News.

Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. First documented on September 5 when a Sri Lankan food manufacturer fell victim, the threat actor behind Yurei adopted a double-extortion model: encrypting files while exfiltrating sensitive data for additional leverage. Within days, […] The post New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm appeared first on Cyber Security News.

In recent months, security teams have observed a significant increase in sophisticated phishing campaigns leveraging a newly discovered Phishing-as-a-Service (PhaaS) platform dubbed VoidProxy. The operation, first detected in August 2025, combines multiple anti-analysis techniques and adversary-in-the-middle (AitM) capabilities to target Microsoft 365 and Google accounts with unprecedented stealth. Early email lures originate from compromised legitimate […] The post New VoidProxy PhaaS Service Attacking Microsoft 365 and Google Accounts appeared first on Cyber Security News.

A sophisticated malware campaign has emerged that leverages artificial intelligence to create deceptively legitimate applications, marking a significant evolution in cyberthreat tactics. The EvilAI malware family represents a new breed of threats that combines AI-generated code with traditional trojan techniques to infiltrate systems worldwide while maintaining an unprecedented level of stealth. The malware operates by […] The post EvilAI as AI-enhanced Tools to Exfiltrate Sensitive Browser Data and Evade Detections appeared first on Cyber Security News.