A new threat known as EtherHiding is reshaping how malware spreads through the internet. Unlike older methods that rely on traditional servers to deliver harmful code, this attack uses blockchain smart contracts to store and update malware payloads. The approach makes it harder for security teams to track and stop attackers because the payloads can […] The post New EtherHiding Attack Uses Web-Based Attacks to Deliver Malware and Rotate Payloads appeared first on Cyber Security News.

The ToddyCat APT group has developed new ways to access corporate email communications at target organizations. Email remains the main way companies handle business communications, whether through their own servers like Microsoft Exchange or through cloud services such as Microsoft 365 and Gmail. Many believe that cloud services provide better protection for company communications. Even […] The post ToddyCat APT Accessing Organizations Internal Communications of Employees at Target Companies appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated Python-based malware that employs process injection techniques to hide inside legitimate Windows binaries. This threat represents a new evolution in fileless attack strategies, combining multi-layer obfuscation with trusted system utilities to evade detection. The malware’s ability to masquerade as harmless files while deploying a full Python runtime environment marks […] The post Threats Actors Leverage Python-based Malware to Inject Process into a Legitimate Windows Binary appeared first on Cyber Security News.

A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform. Validin security researchers have uncovered a new variant of what they call the “Contagious Interview” operation, designed to compromise job seekers through a seemingly legitimate hiring process. The campaign […] The post Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers appeared first on Cyber Security News.

A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have demonstrated sophisticated knowledge of mobile security vulnerabilities, combining multiple evasion strategies […] The post AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload appeared first on Cyber Security News.

Xillen Stealer, a sophisticated Python-based information stealer, has emerged as a significant threat in the cybercriminal landscape. Originally identified by Cyfirma in September 2025, this cross-platform malware has recently evolved into versions 4 and 5, introducing a dangerous arsenal of features designed to steal sensitive credentials, cryptocurrency wallets, and system information while evading modern security […] The post Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers appeared first on Cyber Security News.

The dark web has transformed into a functioning parallel labor market where cyber specialists find employment through unconventional channels. Unlike traditional job boards, this shadow economy operates with distinct recruitment norms and salary expectations that differ significantly from legitimate hiring practices. A comprehensive analysis of 2,225 job-related posts collected from dark web forums between January […] The post Dark Web Job Market Evolved – Prioritizes Practical Skills Over Formal Education appeared first on Cyber Security News.

Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus groups are working together to steal sensitive intelligence and cryptocurrencies through a systematic approach that combines social engineering with zero-day exploitation. This partnership represents a major shift in how state-sponsored […] The post North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide appeared first on Cyber Security News.

A new command-and-control platform called Matrix Push C2 has emerged as a serious threat to web users across all operating systems. This browser-based attack framework turns legitimate web browser features into a weapon for delivering malware and phishing attacks. Unlike traditional malware that requires file downloads, Matrix Push C2 operates silently through a fileless attack […] The post Hackers Using New Matrix Push C2 to Deliver Malware and Phishing Attacks via Web Browser appeared first on Cyber Security News.

In August 2025, a sophisticated cyber attack targeted an Asian subsidiary of a large European manufacturing organization through a deceptive job offer scheme. The intrusion campaign, identified as Operation DreamJob, demonstrates how threat actors continue to refine social engineering techniques to compromise high-value targets within the manufacturing sector. This attack specifically exploited WhatsApp Web messaging […] The post Operation DreamJob Attacking Manufacturing Industries Using Job-related WhatsApp Web Message appeared first on Cyber Security News.