A recent incident uncovered how a threat actor inadvertently exposed its entire operational workflow by installing a popular endpoint detection and response (EDR) agent on their own attacking infrastructure. The scenario unfolded when the adversary, while evaluating various security platforms, triggered alerts that led Huntress analysts to investigate unusual telemetry data. Initial observations of system […] The post Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting Google Workspace organizations through fraudulent emails impersonating Google’s AppSheet platform. The attack demonstrates how cybercriminals exploit legitimate cloud services to bypass traditional email security measures and steal user credentials. Discovered in September 2025, this campaign represents a significant escalation in social engineering tactics, leveraging the inherent trust organizations […] The post New Phishing Attack Mimics Google AppSheet to Steal Login Credentials appeared first on Cyber Security News.

In recent weeks, security teams have observed a sophisticated new strain of malware—dubbed GONEPOSTAL—that subverts Microsoft Outlook to relay command and control (C2) instructions. Emerging through spear-phishing campaigns targeting corporate environments, GONEPOSTAL disguises itself as a benign Office document. Upon opening the weaponized attachment, victims unknowingly activate a multi-stage payload that interfaces directly with Outlook’s […] The post New GONEPOSTAL Malware Hijacking Outlook to Enable Command and Control Communication appeared first on Cyber Security News.

Security researchers have observed a sophisticated campaign in recent weeks targeting critical infrastructure and government entities across South Asia. Dubbed the DarkSamural operation, this attack chain leverages deceptively crafted LNK and PDF files to infiltrate networks, establish persistence, and exfiltrate sensitive information. Initial reconnaissance indicates that the adversaries disguise malicious MSC (Microsoft Management Console) files […] The post DarkSamural APT Group Malicious LNK and PDF Files to Steal Critical Data appeared first on Cyber Security News.

The North Korea-backed APT group Kimsuky has escalated its cyber operations by weaponizing GitHub repositories for malware delivery and data exfiltration, marking a sophisticated evolution in their attack methodology. This latest campaign demonstrates the group’s growing expertise in abusing legitimate cloud infrastructure to evade traditional security measures while maintaining persistent access to compromised systems. The […] The post Kimsuky Hackers Via Weaponized LNK File Abuses GitHub for Malware Delivery appeared first on Cyber Security News.

In recent months, security researchers have observed a surge in activity by a previously undocumented ransomware group known as The Gentlemen. This threat actor has rapidly distinguished itself through the deployment of highly specialized tools and meticulous reconnaissance tactics, targeting critical infrastructure across multiple sectors and regions. Leveraging legitimate Windows drivers and nuanced Group Policy […] The post New Gentlemen Ransomware Leverages Legitimate Drivers, Group Policies to Infiltrate Organizations appeared first on Cyber Security News.

Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in August 2025, this Go-based infostealer leverages a range of evasion tactics, including UPX packing and process masquerading, to slip past conventional defenses. Its operators advertise the malware through social engineering […] The post Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure appeared first on Cyber Security News.