In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward commoditized anonymization platforms that blend threat actor traffic with legitimate user activity. Initial compromise vectors […] The post Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure appeared first on Cyber Security News.

In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the Central Bank of the Russian Federation against a shield background. Although the interface displays only […] The post New Android Spyware Disguised as an Antivirus Attacking Business Executives appeared first on Cyber Security News.

In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the group’s espionage toolkit, revealing how Kimsuky conducts phishing campaigns, maintains persistence and evades detection within […] The post Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered appeared first on Cyber Security News.

A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote Access Trojan (RAT). This malicious operation targets unsuspecting users by creating static HTML clones of popular Android application install pages, complete with copied CSS styling and JavaScript functionality designed to […] The post Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware appeared first on Cyber Security News.

A newly observed malware campaign has emerged targeting a broad range of network appliances, including routers from DrayTek, TP-Link, Raisecom, and Cisco. Throughout July 2025, threat researchers observed a stealthy loader spread by exploiting unauthenticated command injection flaws in embedded web services. Initial compromise is achieved through straightforward HTTP requests, which silently deliver a downloader […] The post New Stealthy Malware Exploiting Cisco, TP-Link and Other Routers to Gain Remote Control appeared first on Cyber Security News.

Over the past year, security teams have observed an uptick in adversaries leveraging native Windows Scheduled Tasks to maintain footholds in compromised environments. Unlike elaborate rootkits or zero-day exploits, these techniques exploit built-in system functionality, enabling threat actors to persist without deploying additional binaries or complex toolchains. By integrating malicious commands directly into Task Scheduler […] The post Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools appeared first on Cyber Security News.

A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation and trusted-relationship compromises, marking a concerning evolution in state-sponsored […] The post Chinese MURKY PANDA Attacking Government and Professional Services Entities appeared first on Cyber Security News.

Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS providers like Hyonix, Host Universal, Mevspace, and Hivelocity to […] The post Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts appeared first on Cyber Security News.

A sophisticated traffic direction system known as Help TDS has been weaponizing compromised websites since 2017, transforming legitimate sites into gateways for elaborate tech support scams. The operation specializes in deploying PHP code templates that redirect unsuspecting visitors to fraudulent Microsoft Windows security alert pages designed to deceive users into believing their systems are compromised. […] The post Help TDS Weaponize Legitimate Sites’ PHP Code Templates With Fake Microsoft Windows Security Alert Pages appeared first on Cyber Security News.