A sophisticated new threat actor designated TAG-150 has emerged as a significant cybersecurity concern, demonstrating rapid development capabilities and technical sophistication in deploying multiple self-developed malware families since March 2025. The group has successfully created and deployed CastleLoader, CastleBot, and their latest creation, CastleRAT, a previously undocumented remote access trojan that represents a concerning evolution […] The post TAG-150 Hackers Deploying Self-Developed Malware Families to Attack Organizations appeared first on Cyber Security News.

A sophisticated cyber campaign has emerged targeting U.S.-based organizations through trojanized ConnectWise ScreenConnect installers, marking a significant evolution in remote monitoring and management (RMM) tool abuse. Since March 2025, these attacks have demonstrated increased frequency and technical sophistication, leveraging legitimate administrative software to establish persistent footholds within corporate networks. The campaign employs deceptive social engineering […] The post Threats Actors Weaponize ScreenConnect Installers to Gain Initial Access to Organizations appeared first on Cyber Security News.

A recently discovered strain of cryptomining malware has captured the attention of security teams worldwide by abusing the built-in Windows Character Map application as an execution host. The threat actor initiates the attack through a PowerShell script that downloads and executes a heavily obfuscated AutoIt loader entirely in memory, avoiding disk writes and common detection […] The post New Malware Leverages Windows Character Map to Bypass Windows Defender and Mine Cryptocurrency for The Attackers appeared first on Cyber Security News.

Over the past year, cybersecurity researchers have observed a surge in activity from North Korean threat actors leveraging military-grade social engineering techniques to target professionals in the cryptocurrency industry. This campaign, dubbed Contagious Interview, employs a deceptively benign job-application process that masks the delivery of sophisticated malware. Victims receive invitations to participate in mock assessments […] The post North Korean Threat Actors Reveal Their Tactics in Replacing Infrastructure With New Assets appeared first on Cyber Security News.

Cybersecurity researchers have identified a sophisticated new command-and-control framework that exploits legitimate Google Calendar APIs to establish covert communication channels between attackers and compromised systems. The MeetC2 framework, discovered in September 2025, represents a concerning evolution in adversarial tactics where threat actors abuse trusted cloud services to bypass traditional security controls and evade detection mechanisms. […] The post Hackers Leverages Google Calendar APIs With Serverless MeetC2 Communication Framework appeared first on Cyber Security News.

Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025. Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts. Initial infection chains often start with customized “ClickFix” landing pages that trick users into executing […] The post New NightshadeC2 Botnet Uses ‘UAC Prompt Bombing’ to Bypass Windows Defender Protections appeared first on Cyber Security News.

A previously unseen malware campaign began circulating in early August 2025, through email attachments and web downloads, targeting users in Colombia and beyond. By leveraging two distinct vector-based file formats—Adobe Flash SWF and Scalable Vector Graphics (SVG)—the attackers crafted a multiphase operation that evaded traditional antivirus detection. Initial reports surfaced when a benign-looking SWF file […] The post Colombian Malware Weaponizing SWF and SVG to Bypass Detection appeared first on Cyber Security News.