A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, first identified in July 2025, presents itself as an…
Tag: Cyber Security News
VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host
Multiple severe vulnerabilities have been addressed affecting VMware ESXi, Workstation, Fusion, and Tools that could allow attackers to execute malicious code on host systems. The vulnerabilities, identified as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239, carry CVSS scores ranging from 6.2 to…
Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems
Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across the United States. The group, operating under the…
BaitTrap – 17,000+ Fake News Websites Caught Promoting Investment Frauds
A massive network of fraudulent news websites has been uncovered, with cybersecurity researchers identifying over 17,000 Baiting News Sites (BNS) across 50 countries orchestrating sophisticated investment fraud schemes. These malicious platforms masquerade as legitimate news outlets, publishing fabricated stories featuring…
North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware
North Korean threat actors have escalated their software supply chain attacks with the deployment of 67 malicious npm packages that collectively garnered over 17,000 downloads before detection. This latest campaign represents a significant expansion of the ongoing “Contagious Interview” operation,…
Google Chrome 0-day Vulnerability Actively Exploited in the Wild
Google has released an emergency security update for Chrome, addressing a critical zero-day vulnerability that attackers are actively exploiting in real-world attacks. The tech giant confirmed that CVE-2025-6558 is being leveraged by threat actors, prompting an immediate patch deployment across…
Hacktivist Groups Attacks on Critical ICS Systems to Steal Sensitive Data
The cybersecurity landscape has witnessed an alarming evolution in hacktivist operations, with threat actors increasingly shifting their focus from traditional DDoS attacks and website defacements to sophisticated industrial control system (ICS) infiltrations. This tactical transformation represents a significant escalation in…
North Korean Hackers Using Fake Zoom Invites to Attack Crypto Startups
North Korean threat actors have escalated their sophisticated cyber operations against cryptocurrency startups, deploying an evolved malware campaign that leverages fraudulent Zoom meeting invitations to infiltrate target organizations. The campaign, which has been active for over a year, specifically targets…
Ransomware Gangs Actively Expanding to Attack VMware and Linux Systems
The cybersecurity landscape has experienced a dramatic shift as ransomware operators increasingly target Linux and VMware environments, abandoning their traditional focus on Windows systems. Recent threat intelligence indicates that criminal groups are developing sophisticated, Linux-native ransomware specifically engineered to exploit…
NCSC Urges Organizations to Upgrade Microsoft Windows 11 to Defend Cyberattacks
The National Cyber Security Centre (NCSC) has issued a critical advisory urging organizations to prioritize upgrading to Windows 11 before the October 14, 2025 end-of-life deadline for Windows 10. This recommendation comes amid growing concerns about the cybersecurity implications of…