A sophisticated malware campaign targeting developers has been operating since August 2025, deploying 126 malicious npm packages that have collectively accumulated over 86,000 downloads. The attack, now identified as PhantomRaven, has been actively harvesting npm authentication tokens, GitHub credentials, and CI/CD pipeline secrets from developers across the globe while employing advanced detection evasion techniques that […] The post PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code appeared first on Cyber Security News.

A sophisticated botnet campaign has compromised more than 25,000 IoT devices across 40 countries while establishing 140 command-and-control servers to facilitate cybercrime operations. The PolarEdge botnet, first disclosed in February 2025, exploits vulnerable IoT and edge devices to construct an Operational Relay Box network that provides infrastructure-as-a-service for advanced persistent threat actors. The malware operates […] The post PolarEdge Botnet Infected 25,000+ Devices and 140 C2 Servers Exploiting IoT Vulnerabilities appeared first on Cyber Security News.

Ukrainian government organizations continue facing relentless cyber threats from Russian-backed threat actors employing sophisticated evasion techniques to maintain persistent network access. Recent investigations have uncovered coordinated campaigns targeting critical infrastructure and government entities, with attackers deploying advanced tactics that circumvent traditional security defenses. These operations represent a significant escalation in targeting strategies, focusing on credential […] The post Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics appeared first on Cyber Security News.

Between August and October 2025, a sophisticated phishing campaign has emerged targeting Colombian and Spanish-speaking users through deceptive emails masquerading as official communications from Colombia’s Attorney General’s office. The campaign employs a carefully crafted social engineering strategy, luring victims with notifications about supposed lawsuits processed through labor courts. This marks a significant shift in attack […] The post Threat Actors Weaponizes Judicial Documents to Deliver PureHVNC RAT appeared first on Cyber Security News.

A newly discovered ransomware-as-a-service platform called Gentlemen’s RaaS has recently emerged on underground hacking forums, offering threat actors a sophisticated cross-platform attack capability. The service, advertised by the threat actor known as zeta88, represents a significant expansion in ransomware delivery models, targeting critical infrastructure across multiple operating systems. This development signals an intensified threat landscape […] The post New Gentlemen’s RaaS Advertised on Hacking Forums Targeting Windows, Linux and ESXi Systems appeared first on Cyber Security News.

Fraudulent investment platforms impersonating cryptocurrency and forex exchanges have emerged as the predominant method used by financially motivated cybercriminals to defraud victims across Asia and beyond. These sophisticated scam operations deploy advanced social engineering tactics to manipulate victims into transferring funds to attacker-controlled systems that masquerade as legitimate trading platforms. The threat landscape has evolved […] The post Huge Surge in Fake Investment Platforms Mimic Forex Exchanges Steal Logins appeared first on Cyber Security News.

A groundbreaking security vulnerability has emerged that fundamentally challenges the integrity of modern trusted execution environments across Intel and AMD server platforms. Researchers from Georgia Tech, Purdue University, and van Schaik LLC have unveiled TEE.fail, a sophisticated attack methodology that exploits weaknesses in DDR5 memory bus interposition to extract sensitive cryptographic keys from supposedly secure […] The post New TEE.fail Attack Breaks Trusted Environments to Exfiltrate Secrets from Intel and AMD DDR5 Environments appeared first on Cyber Security News.

The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive credential harvesting operation. This attack campaign represents a significant evolution in supply chain compromises, combining multiple layers of obfuscation with cross-platform compatibility to target developers across Windows, Linux, and macOS […] The post 10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester appeared first on Cyber Security News.