Thursday, May 22, 2025

THREATS

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll fraud against a manufacturing sector customer. This deceptive strategy involves crafting fake authentication portals that...

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive...

71 Fake Websites Impersonating German Retailer to Steal Payment Information

Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer,...

IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials

IBM X-Force's 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend,...

DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions

A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This...

Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time

Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds...

New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection

A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a significant cybersecurity threat due to its advanced stealth mechanisms and...

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European...

Investigating Cobalt Strike Beacons Using Shodan: A Researcher’s Guide

Security researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by...

CISA to Stop Publishing Cybersecurity Alerts and Advisories on Webpages

Cybersecurity and Infrastructure Security Agency (CISA) has announced significant changes to how it communicates cybersecurity updates and guidance to stakeholders. In a recent announcement,...

Chinese Agent Impersonate as Stanford Student For Intelligence Gathering

Chinese intelligence operative posing as a Stanford University student has been uncovered following an investigation into suspicious approaches made to students conducting China-related research....