Latest Cybersecurity News and Articles

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

A spam campaign that has been active since at least January 2025 is targeting Portuguese-speaking users in Brazil. The campaign abuses free trials of commercial RMM tools, including N-able and PDQ Connect, to gain unauthorized access to systems.

LockBit ransomware gang hacked, victim negotiations exposed

The LockBit ransomware gang has suffered a major breach after its dark web affiliate panels were defaced and replaced with a link to a MySQL database dump. This breach exposes sensitive operational data and further damages LockBit’s reputation.

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Backdooring the IDE: Malicious npm Packages Hijack Cursor Ed...

Security researchers have uncovered a supply chain attack involving three malicious npm packages—sw-cur, sw-cur1, and aiide-cur—that target macOS installations of the Cursor AI IDE.

Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation

A newly uncovered cyberespionage campaign, attributed with high confidence to Iranian threat actors and with lower confidence to APT35 (Charming Kitten), involves a fake website impersonating the German Mega Model Agency.

Ngioweb Remains Active 7 Years Later

Ngioweb, a proxy server botnet first identified in 2017, remains active with minimal code changes. It has grown from 3,000 daily IPs in 2020 to nearly 30,000 in 2024. It targets residential ISP users, who make up over 75% of infected systems.

Using Blob URLs to Bypass SEGs and Evade Analysis

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Microsoft: April updates cause Windows Server auth issues

Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.

Lampion Is Back With ClickFix Lures

A newly uncovered campaign by the Lampion banking malware group has targeted Portuguese organizations in the government, finance, and transportation sectors. Lampion is an info stealer known for stealing sensitive banking credentials.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags