A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals. The campaign represents one…
Category: Cyber Security News
CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks
CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern…
Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection
A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive…
Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database
A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers…
New Android Spyware Disguised as an Antivirus Attacking Business Executives
In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward…
Hackers Using PUP Advertisements to Silently Drop Windows Malware
In recent weeks, cybersecurity investigators have uncovered a novel campaign in which hackers leverage seemingly benign potentially unwanted program (PUP) advertisements to deliver stealthy Windows malware. The lure typically begins with ads promoting free PDF tools or desktop assistants that…
Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts
Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download…
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that…
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware
A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms. By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation…