A sophisticated Russian-aligned threat actor known as Hive0156 has intensified its cyber espionage campaigns against Ukrainian government and military organizations, deploying the notorious Remcos Remote Access Trojan through carefully crafted social engineering attacks. The group has demonstrated remarkable persistence in…
Tag: Cyber Security News
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Spoofed Microsoft SharePoint notifications have been a familiar lure for corporate users, but a wave of campaigns traced between March and July 2025 shows a sharp uptick in both volume and sophistication. The operators register look-alike domains such as “sharepoint-online-docs-secure[.]co”…
BlackSuit Ransomware’s Data Leak and Negotiation Portal Seized
A major win against cybercrime happened this week, as authorities from around the world teamed up to take down key websites run by the BlackSuit ransomware gang. If you visit the group’s data leak site or their negotiation portal now,…
Hackers Injected Destructive System Commands in Amazon’s AI Coding Agent
A malicious pull request slipped through Amazon’s review process and into version 1.84.0 of the Amazon Q extension for Visual Studio Code, briefly arming the popular AI assistant with instructions to wipe users’ local files and AWS resources. The rogue…
Elephant APT Group Attacking Defense Industry Leveraging VLC Player, and Encrypted Shellcode
The Dropping Elephant advanced persistent threat group has launched a sophisticated cyber-espionage campaign targeting Turkish defense contractors, particularly companies manufacturing precision-guided missile systems. This malicious operation represents a significant evolution in the group’s capabilities, employing a complex five-stage execution chain…
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups
A critical zero-day vulnerability in Microsoft SharePoint servers has become a playground for threat actors across the cybercriminal spectrum, with attacks ranging from opportunistic hackers to sophisticated nation-state groups since mid-July 2025. On July 19, 2025, Microsoft confirmed that vulnerabilities…
TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing…
First Known LLM-Powered Malware From APT28 Hackers Integrates AI Capabilities into Attack Methodology
The newly revealed LAMEHUG campaign signals a watershed moment for cyber-def: Russian state-aligned APT28 has fused a large language model (LLM) directly into live malware, allowing each infected host to receive tailor-made shell commands on the fly. By invoking the…
NoName057(16)’s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months
The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published on July 22, 2025. The group, which emerged in March 2022 shortly after Russia’s full-scale…
Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files,…