The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent threat organization has shifted away from its traditional exploitation of Microsoft Office vulnerabilities, instead embracing […] The post Sidewinder Hacker Group Weaponizing LNK File to Execute...
Microsoft to enhance security for its Teams platform by automatically warning users about malicious links in chat messages. The new feature, part of Microsoft Defender for Office 365, is designed to protect users from phishing, spam, and malware attacks by flagging potentially harmful URLs shared in both internal and external conversations. The update will begin […] The post Microsoft Teams Introduces Automatic Alerts for Malicious Links from Attackers appeared first on Cyber Security News .
Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…
Cyber attackers constantly refine their evasion methods. That’s what makes threats, including phishing, increasingly hard to detect and investigate. Kits like Tycoon 2FA regularly evolve with new tricks added to their arsenal. They slip past defenses and compromise companies, demonstrating great adaptivity in modern cyber threats. Let’s review three key evasion techniques of Tycoon 2FA […] The post PhishKit Evasion Tactics: What You Need to Pay Attention to Right Now appeared first on Cyber Secu...
In early May 2025, cybersecurity researchers began tracking a novel Remote Access Trojan (RAT) targeting Chinese-speaking users via phishing sites hosted on GitHub Pages. Masked as legitimate installers for popular applications, the initial ZIP archives contained malicious executables engineered to bypass sandbox and virtual machine defenses. Once executed, the first-stage shellcode performs time stability analysis […] The post kkRAT Employs Network Communication Protocol to Steal Clipboard Cont...
AegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes. The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek .
Early this month, cybersecurity researchers uncovered a novel phishing campaign attributed to the Lazarus Group that targets developers and crypto professionals through a cleverly crafted Git symlink vulnerability. Rather than relying solely on traditional malware distribution channels, the attackers have weaponized the way Git handles repository paths, embedding malicious hooks within symbolic links to trigger […] The post Lazarus Hackers Exploiting Git Symlink Vulnerability in Sophisticated Ph...
A sophisticated phishing campaign has emerged targeting Google Workspace organizations through fraudulent emails impersonating Google’s AppSheet platform. The attack demonstrates how cybercriminals exploit legitimate cloud services to bypass traditional email security measures and steal user credentials. Discovered in September 2025, this campaign represents a significant escalation in social engineering tactics, leveraging the inherent trust organizations […] The post New Phishing Attack Mimics...
In recent weeks, security teams have observed a sophisticated new strain of malware—dubbed GONEPOSTAL—that subverts Microsoft Outlook to relay command and control (C2) instructions. Emerging through spear-phishing campaigns targeting corporate environments, GONEPOSTAL disguises itself as a benign Office document. Upon opening the weaponized attachment, victims unknowingly activate a multi-stage payload that interfaces directly with Outlook’s […] The post New GONEPOSTAL Malware Hijacking Outlook ...
Meet Buterat, a new backdoor malware spreading through phishing and trojanized downloads, giving attackers persistent access to enterprise and government networks.
A new wave of phishing attacks purporting to originate from South Korea’s National Tax Service has emerged, leveraging familiar electronic document notifications to trick recipients into divulging their Naver credentials. Distributed on August 25, 2025, the email mimics the official format used by Naver’s secure document service, displaying the sender as “National Tax Service” and […] The post Beware of Phishing Email from Kimusky Hackers With Subject Spetember Tax Return Due Date Notice appeare...
A widespread issue with Microsoft’s anti-spam filtering service is preventing some Exchange Online and Microsoft Teams users from opening URLs, disrupting workflows across organizations. The problem, tracked under Microsoft advisory MO1148487, remains ongoing as the company works on a permanent fix. According to Microsoft, the issue stems from an anti-spam detection mechanism that is mistakenly […] The post Microsoft Anti-Spam Bug Blocks Users From Opening URLs in Exchange Online and Teams appea...