Famous Chollima, a threat group affiliated with North Korea’s Reconnaissance General Bureau, has significantly expanded its operational capabilities by integrating two potent malware strains: BeaverTail and OtterCookie. This convergence marks a critical evolution in the group’s attack methodology, targeting cryptocurrency and blockchain sectors with renewed sophistication. The merging of these toolsets reflects a deliberate shift […] The post North Korean Chollima Actors Added BeaverTail and OtterCookie to Its Arsenal appeared first on Cyber Security News.

Threat actors have launched a significant mass exploitation campaign targeting critical vulnerabilities in two popular WordPress plugins, GutenKit and Hunk Companion, affecting hundreds of thousands of websites globally. These vulnerabilities, discovered in September and October 2024, have resurfaced as an active threat in October 2025, demonstrating the persistent danger of unpatched installations. The attack vectors […] The post Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild appeared first on Cyber Security News.

Cybercriminals continue to evolve their tactics for compromising systems, with recent campaigns demonstrating a significant shift from traditional fake update methods to more sophisticated social engineering approaches. Throughout 2025, threat actors have increasingly adopted the ClickFix technique as their primary delivery mechanism for deploying NetSupport Manager, a legitimate remote administration tool that has become attractive […] The post Hackers Leveraging ClickFix Technique to Deploy NetSupport RAT Loaders appeared first on Cyber Security News.

The notorious LockBit ransomware operation has resurfaced with a vengeance after months of dormancy following Operation Cronos takedown efforts in early 2024. Despite law enforcement disruptions and infrastructure seizures, the group’s administrator, LockBitSupp, has successfully rebuilt the operation and launched LockBit 5.0, internally codenamed “ChuongDong.” This latest variant represents a significant evolution in the group’s […] The post LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments appeared first on Cyber Security News.

A sophisticated backdoor named Android.Backdoor.Baohuo.1.origin has been discovered in maliciously modified versions of Telegram X messenger, granting attackers complete control over victims’ accounts while operating undetected. The malware infiltrates devices through deceptive in-app advertisements and third-party app stores, masquerading as legitimate dating and communication platforms. With more than 58,000 infected devices spread across approximately 3,000 […] The post Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control appeared first on Cyber Security News.

Southeast Asia’s online gambling ecosystem has become a breeding ground for sophisticated cyber threats, with criminal networks leveraging seemingly legitimate platforms to distribute malicious software to millions of unsuspecting users. A recently uncovered operation demonstrates how threat actors exploit the region’s thriving illegal gambling market by deploying a weaponized browser disguised as a privacy tool. […] The post Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program appeared first on Cyber Security News.

Cybercriminals have adopted a sophisticated social engineering strategy that exploits the trust inherent in job hunting, according to a recent security advisory. A financially motivated threat cluster operating from Vietnam has been targeting digital advertising and marketing professionals through fake job postings on legitimate employment platforms and custom-built recruitment websites. The campaign, which leverages remote […] The post Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials appeared first on Cyber Security News.

A sophisticated cyberattack campaign targeting Microsoft Internet Information Services (IIS) servers has emerged, exploiting decades-old security vulnerabilities to deploy malicious modules that enable remote command execution and search engine optimization fraud. The operation, which came to light in late August and early September 2025, leverages publicly exposed ASP.NET machine keys to compromise servers worldwide, affecting […] The post Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules appeared first on Cyber Security…

North Korean state-sponsored hackers from the Lazarus APT group launched a cyberespionage campaign targeting European companies involved in unmanned aerial vehicle development. Starting in late March 2025, attackers compromised three defense organizations across Central and Southeastern Europe, deploying advanced malware to steal proprietary UAV technology. The campaign, tracked as Operation DreamJob, employed social engineering using […] The post North Korean Hackers Attacking Unmanned Aerial Vehicle Industry to Steal Confidential Data appeared first on Cyber Security News.