Latest Cybersecurity News and Articles

Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services

Node.js has released critical security updates addressing three vulnerabilities—CVE-2025-23166, CVE-2025-23167, and CVE-2025-23165—that could allow attackers to crash server processes and disrupt services.

Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers

A cyber-espionage campaign by Fancy Bear (APT28), linked to Russia’s GRU, has targeted Ukrainian government and military entities, as well as international defense contractors.

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

A newly discovered malicious npm package, os-info-checker-es6, masquerades as a utility for retrieving OS information but is designed to stealthily deliver a next-stage payload.

TransferLoader Malware Loader Deploys Morpheus Ransomware Using Obfuscated Backdoor and IPFS-Based C2

TransferLoader is a newly identified malware loader active since at least February 2025. It comprises three main components—a downloader, a backdoor loader, and a backdoor—each employing advanced anti-analysis and obfuscation techniques.

Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

A new wave of ransomware and extortion attacks is targeting the US retail sector, with threat intelligence suggesting the involvement of the advanced threat actor group Scattered Spider (UNC3944).

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

A sophisticated phishing campaign dubbed Meta Mirage has been uncovered, targeting users of Meta's Business Suite. This campaign specifically focuses on hijacking high-value accounts.

Nova Scotia Power says customer banking details may have been stolen by hackers

On April 25, 2025, Nova Scotia Power discovered a cyberattack that compromised sensitive customer data. The breach, which occurred over a month earlier, has prompted the utility to isolate affected systems.

Idaho hospital notifies 34K people of data breach that compromised SSNs, health info

Weiser Memorial Hospital in Idaho has notified 34,249 individuals of a data breach that occurred in September 2024. The breach, attributed to the Embargo ransomware group, compromised sensitive personal and medical information.

Researchers Uncover Malicious .desktop File Campaign Targeting Linux Systems

Researchers have identified a surge in malicious `.desktop` files targeting Linux systems. These files exploit standard desktop behaviors to execute hidden commands and download malware.

The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge

In a major disruption to global cybercrime infrastructure, the notorious Haowang Guarantee (formerly Huione Guarantee) black market has been shut down following Telegram’s enforcement action.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags