Fake AI Video Tools Platforms Drop New Noodlophile Infostealer Malware
Fake AI Video Tools Platforms Drop New Noodlophile Infostealer Malware Cybercriminals are leveraging fake AI-powered video generation tools to spread a new information stealing malware family dubbed Noodlophile. Masquerading as an MP4 video file, the malware initiates a multi-stage infection chain designed to harvest browser credentials, session cookies and cryptocurrency wallet data. Exfiltration is carried […]
Lemon Sandstorm Breach Middle East Infrastructure
Lemon Sandstorm Breach Middle East Infrastructure The Iranian state-sponsored hacking group Lemon Sandstorm also known as Pioneer Kitten, Parisite, and UNC757 conducted a prolonged, multi-stage cyberattack targeting critical national infrastructure in the Middle East. According to a report by the FortiGuard Incident Response (FGIR) team, the campaign spanned from May 2023 to February 2025, involving […]
Uncover APT34-Like Infrastructure Before It Becomes a Threat
Uncover APT34-Like Infrastructure Before It Becomes a Threat From November 2024 to April 2025, researchers identified inactive infrastructure masquerading as an Iraqi educational entity and UK technology companies, hosted on M247. Indicators such as reused SSH credentials, standardized web layouts, and deceptive HTTP replies on port 8080 reflect tactics commonly associated with APT34 (OilRig). Although […]
HexaLocker Ransomware: A Modern Threat Forged for Maximum Pressure
HexaLocker Ransomware: A Modern Threat Forged for Maximum Pressure HexaLocker is a contemporary ransomware strain making waves across cybersecurity circles for its aggressive dual-threat capabilities: data encryption and the threat of public exposure. Once embedded within a target system, it encrypts critical files and simultaneously exfiltrates sensitive data. Victims are coerced not only with file […]
Earth Kurma APT Campaign Targets Government and Telecom Sectors in Southeast Asia
Earth Kurma APT Campaign Targets Government and Telecom Sectors in Southeast Asia Earth Kurma, a newly identified APT group, has been targeting government and telecom sectors in Southeast Asia since June 2024. The campaign involves sophisticated tactics including the use of custom malware, kernel-level rootkits, and cloud services like Dropbox and OneDrive for data exfiltration. […]
Android Phones Preloaded with Trojanized WhatsApp Target User Crypto Wallets
Android Phones Preloaded with Trojanized WhatsApp Target User Crypto Wallets Cheap Android smartphones mainly from Chinese manufacturers have been found preloaded with trojanized versions of WhatsApp and Telegram. These malicious apps contain clipper malware that targets cryptocurrency users by intercepting clipboard data and swapping wallet addresses. The malware also steals mnemonic phrases from images, hijacks […]
Waiting Thread Hijacking Malware Technique Bypasses Modern Defenses
Waiting Thread Hijacking Malware Technique Bypasses Modern Defenses Security researchers have uncovered a sophisticated new malware technique called Waiting Thread Hijacking (WTH). This stealthy method is an advanced form of classic Thread Execution Hijacking, designed to evade detection by Endpoint Detection and Response (EDR) systems and antivirus solutions. WTH manipulates waiting threads in Windows Thread […]
Beware Fake PDF Converters: Malware Stealing Passwords
Beware Fake PDF Converters: Malware Stealing Passwords A highly targeted malware campaign is exploiting users’ trust in online file conversion services by mimicking the legitimate platform pdfcandy.com. The attack utilizes fake PDF-to-DOCX converters designed to deceive victims into running a malicious PowerShell script, which installs Arechclient2, a variant of the SectopRAT infostealer. This malware is […]
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware A recent cyberattack exposed the risks of unpatched servers, as hackers exploited a critical flaw in an Atlassian Confluence instance to deploy LockBit ransomware. The attack leveraged CVE-2023-22527, a remote code execution vulnerability, enabling attackers to run arbitrary commands on the server. This incident underscores […]
SparkCat Malware: The Next-Gen Crypto Stealer Using OCR to Target Mobile Users
SparkCat Malware: The Next-Gen Crypto Stealer Using OCR to Target Mobile Users SparkCat is a highly sophisticated piece of malware that targets both Android and iOS devices, with the specific aim of stealing sensitive information, particularly cryptocurrency wallet recovery phrases. The malware uses Optical Character Recognition (OCR) technology to scan and extract text from images […]