October 16, 2025

Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate

Qilin is a sophisticated Ransomware-as-a-Service (RaaS) group that emerged in 2022 and has since targeted high-value organizations globally. The group leverages bulletproof hosting (BPH) infrastructure to evade law enforcement and sustain operations.

Chinese hackers abuse geo-mapping tool for year-long persistence

Chinese APT group Flax Typhoon exploited ArcGIS Server's Server Object Extension (SOE) to maintain undetected access in a target network for over a year. The attackers used valid admin credentials to deploy a malicious Java SOE.

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor known as TigerJack is actively distributing malicious VSCode extensions to steal crypto, exfiltrate source code, and execute arbitrary code. Researchers have identified at least 11 malicious VSCode extensions distributed by TigerJack.
October 11, 2025

North Korea IT worker scheme swells beyond US companies

Researchers have identified over 130 fake personas linked to more than 6,500 job interviews across approximately 5,000 companies over a four-year period through mid-2025.

North Korean hackers stole over $2 billion in crypto this year

North Korean threat actors have stolen over $2 billion in cryptocurrency assets in 2025, marking the largest annual total on record. The largest confirmed theft was the Bybit hack in February 2025, resulting in the loss of $1.46 billion.

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

A new ransomware alliance has emerged between DragonForce, LockBit, and Qilin, signaling a major evolution in the cyber threat landscape. This coalition aims to enhance attack effectiveness by sharing tools and infrastructure.

Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware

The Confucius hacking group has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware.

Oracle customers being bombarded with emails claiming widespread data theft

A widespread extortion campaign is targeting Oracle customers with emails claiming data theft from Oracle’s E-Business Suite. The emails are allegedly linked to the Clop ransomware group.
September 23, 2025

Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques

Threat actors are increasingly adopting stealthy and unconventional techniques inspired by the Chinese APT group Salt Typhoon, which previously infiltrated major telecommunications providers.
September 22, 2025

Two of the Kremlin’s most active hack groups are collaborating, ESET says

Turla has been known for deploying stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations. These activities suggest a strategic alignment between the two groups to enhance operational effectiveness.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags