The threat landscape for e-commerce websites has once again shifted with the emergence of a sophisticated Magecart-style attack campaign, characterized by the deployment of obfuscated JavaScript to harvest sensitive payment information. The campaign first came to light in mid-September 2025 following a tweet indicating an ongoing skimming operation, which was later investigated in detail by […] The post New Magecart Skimmer Attack With Malicious JavaScript Injection to Skim Payment Data appeared first on Cyber Security News.

A sophisticated mobile ad fraud operation dubbed “SlopAds” has infiltrated Google Play Store with 224 malicious applications that collectively amassed over 38 million downloads across 228 countries and territories. The campaign represents one of the most extensive mobile fraud schemes discovered to date, utilizing advanced steganography techniques and multi-layered obfuscation to deliver fraudulent advertising payloads […] The post 224 Malicious Android Apps on Google Play With 38 Million Downloads Delivering Malicious Payloads appeared first on Cyber Security News.

Since mid-2024, cybercriminals have leveraged a subscription-based phishing platform known as RaccoonO365 to harvest Microsoft 365 credentials at scale. Emerging as an off-the-shelf service, RaccoonO365 requires minimal technical skill, allowing threat actors to deploy convincing phishing campaigns by impersonating official Microsoft communications. These kits replicate Microsoft branding, email templates, and login portals to trick recipients […] The post Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service appeared first on Cyber Security News.

The digital advertising ecosystem has become a prime hunting ground for cybercriminals, who are increasingly exploiting advertising technology companies to distribute malware and conduct malicious campaigns. Rather than simply abusing legitimate platforms, threat actors are now operating as the platforms themselves, creating a sophisticated web of deception that leverages the inherent complexity and fragmentation of […] The post Threat Actors Abuse Adtech Companies to Target Users With Malicious Ads appeared first on Cyber Security News.

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […] The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.

In recent weeks, cybersecurity researchers have observed the emergence of XillenStealer, a Python-based information stealer publicly hosted on GitHub and rapidly adopted by threat actors. First reported in mid-September 2025, the stealer leverages a user-friendly builder GUI to lower the bar for malicious deployment. Operators can configure exfiltration channels, such as a Telegram bot, and […] The post Python Based XillenStealer Attacking Windows Users to Steal Sensitive Data appeared first on Cyber Security News.

A sophisticated cyberthreat campaign has emerged that represents a significant evolution in social engineering attacks, introducing the first real-world implementation of FileFix attack methodology beyond proof-of-concept demonstrations. This advanced threat leverages steganography techniques to conceal malicious payloads within seemingly innocent JPG images, ultimately delivering the StealC information stealer to compromised systems. The attack campaign represents […] The post New Innovative FileFix Attack in The Wild Leverages Steganography to Deliver StealC Malware appeared first on Cyber Security News.

The cybersecurity landscape has witnessed an unprecedented surge in API-focused attacks during the first half of 2025, with threat actors launching over 40,000 documented incidents against application programming interfaces across 4,000 monitored environments. This alarming escalation represents a fundamental shift in attack methodology, as cybercriminals have identified APIs as the most lucrative and vulnerable entry […] The post 40,000+ Cyberattacks Targeting API Environments To Inject Malicious Code appeared first on Cyber Security News.