In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […] The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.

In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May, the threat escalated as the botnet grew to 4.6 million […] The post L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks appeared first on Cyber Security News.

Four Kenyan filmmakers became victims of sophisticated surveillance when FlexiSPY spyware was covertly installed on their devices while in police custody, according to forensic analysis conducted by the University of Toronto’s Citizen Lab. The incident occurred on or around May 21, 2025, after authorities seized the devices during arrests connected to allegations surrounding the BBC […] The post Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media appeared first on Cyber Security News.

A previously unknown advanced persistent threat (APT) group has unleashed a new fileless malware framework, dubbed EggStreme, in a highly targeted espionage campaign against strategic organizations. Emerging in early 2024, EggStreme exploits the legitimate Windows Mail executable (WinMail[.]exe) to sideload a malicious library, allowing attackers to achieve in-memory code execution without writing decrypted payloads to […] The post New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads appeared first on Cyber Security News.

In early May 2025, cybersecurity researchers began tracking a novel Remote Access Trojan (RAT) targeting Chinese-speaking users via phishing sites hosted on GitHub Pages. Masked as legitimate installers for popular applications, the initial ZIP archives contained malicious executables engineered to bypass sandbox and virtual machine defenses. Once executed, the first-stage shellcode performs time stability analysis […] The post kkRAT Employs Network Communication Protocol to Steal Clipboard Contents appeared first on Cyber Security News.

In recent months, cybersecurity researchers have observed a surge in malicious domain registrations linked to an emerging e-crime group known as PoisonSeed. First identified in April 2025, this actor has focused its efforts on impersonating legitimate cloud-based email platforms, most notably SendGrid, to harvest enterprise credentials. By embedding fake Cloudflare CAPTCHA interstitials and Ray ID […] The post PoisonSeed Threat Actor Registering New Domains in Attempt to Compromise Enterprise Credentials appeared first on Cyber Security News.

A sophisticated new remote access trojan named ZynorRAT has emerged as a cross-platform threat, targeting both Windows and Linux systems through an innovative Telegram-based command and control infrastructure. First discovered in July 2025, this Go-compiled malware represents a significant evolution in remote access capabilities, combining traditional RAT functionality with modern communication channels to evade detection […] The post ZynorRAT Attacking Windows and Linux Systems to Gain Remote Access appeared first on Cyber Security News.

ChillyHell first surfaced on public malware repositories in early May 2025, although its developer-signed notarization dates back to 2021. This modular backdoor has eluded detection by major antivirus vendors despite leveraging Apple’s own notarization process to appear legitimate. By masquerading as a benign macOS applet, ChillyHell gains an initial foothold on target machines before deploying […] The post ChillyHell macOS Malware Profiles Compromised Machines and Maintain Persistence with 3 Methods appeared first on Cyber Security News.

A novel malicious Chrome extension has been uncovered targeting digital marketers by masquerading as a productivity tool for Meta ad campaigns. Dubbed “Madgicx Plus,” this extension is distributed through a network of deceptive websites posing as legitimate AI-driven advertising platforms. Rather than optimizing ad performance, the extension leverages powerful browser permissions to hijack user sessions […] The post Malicious Chrome Extension Attacking Users to Steal Meta Login Credentials appeared first on Cyber Security News.