The resurgence of XWorm in mid-2025 marks a significant escalation in malware sophistication. After a lull following the abrupt discontinuation of official support for version 5.6 in late 2024, threat actors unveiled XWorm V6.0 on June 4, 2025. A post on hackforums.net by an account named XCoderTools first announced this release, claiming to patch a […] The post New XWorm V6 Variant Injects Malicious Code into a Legitimate Windows Program appeared first on Cyber Security News.

An operator known as GhostSocks advertised a novel Malware-as-a-Service (MaaS) on the Russian cybercrime forum XSS.is on October 15, 2023, promising to transform compromised devices into residential SOCKS5 proxies. The service capitalized on the inherent trust placed in residential IP addresses to bypass anti-fraud systems and avoid detection by network defenders. Early promotional posts showcased […] The post New GhostSocks Malware-as-a-Service Enables Threat Actors to Convert Compromised Devices into Proxies appeared first on Cyber Security News.

Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web interface and various administrative functions, creating multiple attack vectors that malicious actors can exploit to gain complete control over affected devices. The discovery highlights […] The post TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as Netlify, pages.dev, and workers.dev to serve fake login pages tailored to government and military targets […] The post SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials appeared first on Cyber Security News.

Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the malware not only establishes a foothold on the host system but also hijacks active WhatsApp […] The post Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware appeared first on Cyber Security News.

A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements, and target specific organizations or individuals. Once a phishing page is deployed, victims are presented […] The post New ‘Point-and-Click’ Phishing Kit Bypasses User Awareness and Security Filters to Deliver Malicious Payloads appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated campaign that leverages brand impersonation techniques to distribute malware through deceptive SMS phishing (smishing) attacks. This emerging threat demonstrates an evolution in social engineering tactics, where attackers strategically craft URLs containing trusted brand names to bypass user skepticism and security filters. The attack methodology centers on manipulating URL structures to […] The post Threat Actors Mimic Popular Brands to Deceive Users and Deploy Malware in New Wave of Attacks appeared first on Cyber Security News.

Rhadamanthys, a sophisticated multi-modular information stealer, first emerged in September 2022 and has since evolved into one of the most commercially advanced malware offerings on underground forums. Originally advertised by the actor “kingcrete2022,” its initial design drew heavily on the earlier Hidden Bee project, enabling rapid feature growth and professional polish. Over time, Rhadamanthys steadily […] The post Rhadamanthys Stealer Available on Dark Web Prices Ranging from $299 to $499 appeared first on Cyber Security News.

Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it. From insecure configurations to dangerous permissions and outdated libraries, the apps that millions trust are […] The post Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data appeared first on Cyber Security News.

The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor has now shifted to a sophisticated multi-stage infection chain that leverages OLE-embedded scripts, VBScript droppers, […] The post Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware appeared first on Cyber Security News.