Yurei ransomware first emerged in early September 2025, targeting Windows environments with a sophisticated Go-based payload designed for rapid, large-scale encryption. Once executed, the malware enumerates all accessible local and network drives, appends a .Yurei extension to each file, and writes unique ransom notes in every affected directory. Its operators then demand payment over Tor, […] The post Yurei Ransomware Leverages SMB Shares and Removable Drives to Encrypt Files appeared first on Cyber Security News.

WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign has emerged, leveraging silent PHP code injections within theme files to serve unwanted third-party scripts. The attack blends seamlessly with legitimate site operations, delivering obfuscated JavaScript that redirects visitors, displays […] The post Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently appeared first on Cyber Security News.

Ransomware operators have shifted from opportunistic malware distribution to highly targeted campaigns that exploit legitimate software for stealth and persistence. Emerging in early 2025, several ransomware families began abusing popular remote access tools—such as AnyDesk and Splashtop—to establish footholds within enterprise networks. By hijacking or silently installing these utilities, adversaries bypass security controls that traditionally […] The post Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses appeared first on Cyber Security News.

In recent months, security researchers have turned their attention to Asgard Protector, a sophisticated crypter employed by cybercriminals to obfuscate and deploy malicious payloads. First advertised on underground forums in late 2023, Asgard Protector has gained traction among threat actors for its seamless integration with popular C2 platforms such as LummaC2. By wrapping infostealers and […] The post Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques appeared first on Cyber Security News.

The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight implant for remote command execution, its modular codebase enabled rapid adaptation to new objectives. Over the past year, targets have included enterprise networks across multiple regions, with operators exploiting malvertising […] The post Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal appeared first on Cyber Security News.

In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive permissions under the guise of enhanced functionality. Initial distribution relies on phishing websites and fake […] The post New Android Spyware Attacking Android Users Mimic as Signal and ToTok Apps appeared first on Cyber Security News.

In recent months, a sophisticated campaign dubbed Cavalry Werewolf has emerged, targeting government and critical infrastructure organizations across Russia and neighboring regions. Adversaries initiated these attacks by sending meticulously crafted phishing emails that impersonate officials from Kyrgyz government agencies. These emails contain malicious RAR archives, which deploy a suite of custom tools, including the FoalShell […] The post Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT appeared first on Cyber Security News.