Researchers have identified a new ransomware strain named QWCrypt, believed to be operated by the long-active espionage group RedCurl. Known for years of corporate spying, RedCurl’s shift toward ransomware marks a notable change in tactics. In a recent wave of targeted attacks, the Chinese threat actor FamousSparrow has deployed updated variants of its SparrowDoor backdoor. Phishing just got a messaging upgrade. Chinese developers have launched Lucid, a PhaaS platform that hijacks the advanced features of iMessage and RCS to deliver convincingly slick scam campaigns. Read on for more.
01
A new ransomware, QWCrypt, has been discovered and is believed to be used by the long-running cyberespionage group RedCurl, marking a shift in its strategy from corporate espionage to cryptolocking malware attacks.
02
The Chinese threat actor, FamousSparrow, deployed new versions of its flagship backdoor SparrowDoor and ShadowPad, in attacks targeting a trade group in the U.S. and a research institute in Mexico.
03
An ongoing malware campaign has compromised approximately 150,000 websites by injecting malicious JavaScript to promote Chinese-language gambling platforms.
04
Zscaler spotted a new sophisticated malware family, named CoffeeLoader, which is being distributed through SmokeLoader, with some behavior similarities observed between the two.
05
Chinese malware developers have created Lucid PhaaS platform that exploits the advanced features of iMessage and RCS to carry out effective scams, with a success rate of approximately 5%.
06
Resecurity discovered a local file inclusion vulnerability in the data leak site of BlackLock ransomware, which led to the exposure of clearnet IP addresses and server details related to the ransomware operators' network infrastructure.
07
The npm packages ethers-provider2 and ethers-providerz were found to contain malicious code that patches the legitimate npm package ethers with a reverse shell.
08
The CISA has added two security flaws impacting Sitecore CMS and Experience Platform (XP) to its KEV catalog due to evidence of active exploitation.
09
In 2024, threat actors increasingly used online document hosting services to bypass SEGs for credential phishing, accounting for 8.8% of all credential phishing campaigns.
10
AI security startup SplxAI raised $7 million in a seed funding round led by LAUNCHub Ventures, with participation from DNV Ventures, Inovo, and others.
