Threats

Threats

Sicarii Ransomware Contains Fatal Coding Flaw That Makes Decryption Impossible Even After Payment

A critical coding error in the Sicarii ransomware, possibly introduced through over-reliance on AI-assisted development tools, renders decryption impossible for both victims and the ransomware operators themselves, according to researchers at Halcyon's Ransomware Research Center. The flaw means that paying the ransom will not result in data recovery.

Threats

Vietnamese Threat Actor Uses AI to Develop PureRAT Malware in Job-Themed Phishing Campaign

A Vietnamese cybercrime actor is using artificial intelligence to develop malware tools powering an ongoing phishing campaign that delivers PureRAT and other payloads through fake job opportunity lures, according to research published by Symantec. Multiple tools used by the attacker bear hallmarks of AI-assisted development, including detailed comments with numbered

Threats

Outlook Add-in Attack Enables Silent Email Exfiltration with Zero Forensic Traces

A newly disclosed attack technique allows threat actors to abuse Microsoft Outlook add-ins to silently exfiltrate sensitive email data from organizations without generating any audit logs or forensic traces, according to research published by Varonis Threat Labs. The attack method, dubbed Exfil Out&Look, exploits a visibility gap in

Threats

China-Aligned APT Groups Deploy PeckBirdy JScript Framework for Fileless Attacks on Government Targets

China-aligned advanced persistent threat groups have been using a previously undocumented JScript-based command-and-control framework called PeckBirdy to conduct fileless attacks against Asian government entities, educational institutions, and Chinese gambling operations since 2023, according to research published by Trend Micro. PeckBirdy is built entirely in JScript and leverages the Windows Script

Threats

Malicious npm Package "G_Wagon" Steals Browser Credentials and 100+ Cryptocurrency Wallets

A sophisticated malicious npm package disguised as a UI component library has been discovered deploying a multi-stage infostealer that targets browser credentials, over 100 cryptocurrency wallet extensions, cloud credentials, and messaging tokens, according to research published by Aikido Security. The package, named ansi-universal-ui, describes itself as "a lightweight, modular

Threats

Mustang Panda Upgrades CoolClient Backdoor with Clipboard Monitoring and Credential Theft Capabilities

The China-linked advanced persistent threat group HoneyMyte, also known as Mustang Panda or Bronze President, has significantly upgraded its CoolClient backdoor with new surveillance capabilities including clipboard monitoring, HTTP proxy credential sniffing, and browser credential theft, according to research published by Kaspersky. The group continues to actively target government entities

Threats

Fake Notepad++ and 7-Zip Websites Distribute Weaponized RMM Tools to Deploy Backdoor Malware

Threat actors are exploiting legitimate Remote Monitoring and Management software as an initial infection vector, distributing weaponized RMM tools through fake download sites impersonating popular utilities like Notepad++, 7-Zip, Telegram, and ChatGPT, according to research published by ASEC. The campaigns represent a shift in attacker tactics. Traditionally, threat actors deployed

Threats

Pakistan-Linked APT Targets Indian Government with New Golang Malware Using GitHub for Command and Control

A Pakistan-linked advanced persistent threat group is targeting Indian government entities with three previously undocumented malware tools that leverage private GitHub repositories for command-and-control communication, according to research published by Zscaler ThreatLabz. The campaign, dubbed Gopher Strike, deploys a new downloader called GOGITTER, a backdoor named GITSHELLPAD, and a shellcode

Threats

Russian Malware Toolkit Guarantees Chrome Web Store Approval for $6,000

A malware-as-a-service toolkit circulating on Russian cybercrime forums offers turnkey website spoofing capabilities disguised as a Chrome extension, with its premium tier guaranteeing publication on the official Chrome Web Store, according to research published by Varonis. The toolkit, dubbed Stanley after the seller's alias, sells for $2,000

Threats

WinRAR Vulnerability Exploited to Deploy Fileless Quasar RAT Without User Consent

A malware campaign is actively exploiting a WinRAR path validation vulnerability to deliver a fileless remote access trojan without requiring macros, exploit kits, or elevated privileges, according to research published by CYFIRMA. The attack chain abuses archive extraction behavior to silently establish persistence before any visible malware execution occurs. The

Threats

Bank of England Finds Financial Firms Failing Basic Cybersecurity Controls

The Bank of England's CBEST cybersecurity assessment program has found widespread failures in basic cybersecurity practices across UK financial institutions, according to a thematic report published jointly by the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority. The findings, derived from 13 threat-led penetration tests of

Threats

Sandworm Deployed New DynoWiper Malware Against Poland Energy Grid in Failed Attack

Russian state-linked threat group Sandworm targeted Poland's energy infrastructure in late 2025 with a previously undocumented data-wiping malware called DynoWiper, according to new research from ESET. Security experts have described the intrusion as one of the largest cyberattacks the country has faced in years. The attack failed to