A sophisticated malvertising campaign has emerged, exploiting GitHub repositories through dangling commits to distribute malware via fake GitHub Desktop clients. This novel attack vector represents a significant evolution in cybercriminal tactics, leveraging the trust and legitimacy associated with GitHub’s platform to deceive unsuspecting users into downloading malicious software. The campaign operates by promoting compromised GitHub […] The post New Malvertising Campaign Leverages GitHub Repository to Deliver Malware appeared first on Cyber Security News.

A sophisticated backdoor malware known as Backdoor.WIN32.Buterat has emerged as a significant threat to enterprise networks, demonstrating advanced persistence techniques and stealth capabilities that enable attackers to maintain long-term unauthorized access to compromised systems. The malware has been identified targeting government and corporate environments through carefully orchestrated phishing campaigns, malicious email attachments, and trojanized software […] The post Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits SVG (Scalable Vector Graphics) files and email attachments to distribute dangerous Remote Access Trojans, specifically XWorm and Remcos RAT. This emerging threat represents a significant evolution in attack methodologies, as threat actors increasingly turn to non-traditional file formats to bypass conventional security defenses. The campaign […] The post New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT appeared first on Cyber Security News.

The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent threat organization has shifted away from its traditional exploitation of Microsoft Office vulnerabilities, instead embracing […] The post Sidewinder Hacker Group Weaponizing LNK File to Execute Malicious Scripts appeared first on Cyber Security News.

A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting major corporations and critical infrastructure, the collective declared a permanent retreat. News of this unexpected decision reverberated through the cybersecurity community, prompting analysts to […] The post Scattered LAPSUS$ Hunters 4.0 Announced That Their Going Dark Permanently appeared first on Cyber Security News.

Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives concealed within sideloaded DLLs alongside legitimate executables. Delivered via compressed archives purporting to contain innocuous […] The post New ToneShell Backdoor With New Features Leverage Task Scheduler COM Service for Persistence appeared first on Cyber Security News.

Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in partnership with G42, was designed to offer unprecedented transparency by exposing its internal decision-making process for compliance and audit purposes. However, this very […] The post K2 Think AI Model Jailbroken Within Hours After The Release appeared first on Cyber Security News.

In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks. Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting UEFI firmware on vulnerable systems. Through a specially crafted cloak.dat archive and the exploitation of […] The post New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems appeared first on Cyber Security News.

In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […] The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.