Early October 2025 witnessed the resurgence of a retro phishing technique that exploits legacy Basic Authentication URLs to deceive users into divulging sensitive credentials. Threat actors crafted links in the format https://username:password@domain.com, embedding a trusted institution’s domain in the username field to visually mimic legitimate services. When users click these links, their browsers authenticate to […] The post New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials appeared first on Cyber Security News.

A sophisticated multi-stage malware campaign is targeting organizations globally, utilizing the PhantomVAI Loader to distribute dangerous information-stealing malware. The attack chain, which begins with carefully crafted phishing emails, has emerged as a significant threat to businesses across manufacturing, education, healthcare, technology, utilities, and government sectors. This malware family, previously known as Katz Stealer Loader, has […] The post PhantomVAI Loader Attacking Organizations Worldwide to Deliver AsyncRAT, XWorm, FormBook and DCRat appeared first on Cyber Security News.

An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have registered lookalike domains such as ivanti-pulsesecure.com and ivanti-secure-access.org to host trojanized installers that appear official. Unsuspecting victims clicking on top search results are redirected to these malicious sites, where a […] The post Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware appeared first on Cyber Security News.

Since its public debut in October 2025, nightmare has quickly become a vital tool for malware analysts seeking to streamline static and dynamic analysis workflows. Developed by Elastic Security Labs, nightmare brings together mature open-source reverse engineering components under a unified Python API. Rather than forcing users to juggle disparate dependencies, nightmare leverages Rizin via […] The post New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators appeared first on Cyber Security News.

A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October 2025, with cybersecurity solutions blocking over 62,000 infection attempts in just the first ten days of the month. The threat specifically targets Brazilian users through Portuguese-language […] The post New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer appeared first on Cyber Security News.

In early 2025, a novel campaign attributed to the Chinese APT group known as Jewelbug began targeting an IT service provider in Russia. The attackers infiltrated build systems and code repositories, laying the groundwork for a potential software supply chain compromise. Initial access was achieved via a renamed Microsoft Console Debugger binary, “7zup.exe,” which executed […] The post Chinese APT Group IT Service Provider Leveraging Microsoft Console Debugger to Exfiltrate Data appeared first on Cyber Security News.

In mid-2025, Lab539 researchers observed an unexpected surge in a novel browser-based malware campaign dubbed “ClickFix.” Emerging quietly in July, the threat quickly expanded its reach by registering over 13,000 unique domains designed to lure users into executing malicious commands on their own devices. The attack leverages compromised or low-cost hosting infrastructure, including a significant […] The post Hackers Registered 13,000+ Unique Domains and Leverages Cloudflare to Launch Clickfix Attacks appeared first on Cyber Security News.

The GhostBat RAT campaign has emerged as a sophisticated threat targeting Indian Android users through counterfeit Regional Transport Office (RTO) applications. First observed in mid-2025, these malicious APKs masquerade as the official “mParivahan” app, exploiting user trust in government services. Distribution occurs primarily via smishing—WhatsApp messages and SMS containing shortened URLs redirecting victims to GitHub-hosted […] The post GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data appeared first on Cyber Security News.