A sophisticated phishing campaign is actively targeting businesses worldwide by exploiting Meta’s legitimate Business Manager notifications. Cybercriminals are sending deceptive emails that are virtually indistinguishable from genuine Meta communications, leveraging the platform’s infrastructure to deliver malicious links. This tactic, identified by Trustwave SpiderLabs, bypasses standard email security checks by originating…

A new cyber threat has emerged, attributed to the Silver Fox APT group, which is utilizing a sophisticated method to distribute a potent remote access trojan known as ValleyRAT. The campaign centers on a fake Telegram Chinese language pack installer, designed to appear as a harmless software update but in…

A sophisticated hack-for-hire campaign targeting journalists and activists in the Middle East and North Africa has been uncovered, utilizing advanced spyware and infrastructure linked to a group with suspected Indian government connections. This discovery, detailed in reports released Wednesday by three collaborating cybersecurity organizations, highlights the persistent threat faced by…

A sophisticated router compromise campaign orchestrated by Russian state-sponsored attackers has been neutralized after compromising over 18,000 routers in more than 120 countries. This extensive espionage network, identified as Forest Blizzard, aimed to gain deep access into sensitive networks before its recent shutdown by international law enforcement and cybersecurity firms.…

A novel supply chain attack has been uncovered, specifically targeting software developers who utilize artificial intelligence (AI) coding tools. On March 20, 2026, a threat actor released a malicious npm package named `gemini-ai-checker` under the `gemini-check` account. This package was deceptively presented as a utility for verifying Google Gemini AI…

Cybercriminals are increasingly exploiting misconfigurations within Kubernetes clusters to gain access to cloud accounts, moving beyond individual containers to target core infrastructure. Recent telemetry data reveals a significant surge in Kubernetes-related threat operations, particularly service account token theft, which saw a 282% increase over the past year, with the information…

A sophisticated and dangerous Linux backdoor known as BPFDoor has resurfaced with significant enhancements, making it exceedingly difficult to detect and eradicate. Researchers have identified new variants of this malware specifically engineered to infiltrate and persist within critical network infrastructure, particularly targeting Linux servers embedded in global telecommunications networks. This…

A significant wave of cyberattacks is rapidly targeting web applications globally, with threat actors exploiting a critical security vulnerability known as React2Shell. This flaw, present in the popular Next.js framework which utilizes React Server Components, has allowed hackers to gain unauthorized access to sensitive data, including credentials and cloud keys,…

A new sophisticated cyber threat is emerging, targeting Windows users with a deceptive social engineering tactic dubbed “ClickFix.” This method lures victims into executing malicious code via a fake browser verification page, ultimately leading to the installation of a powerful Node.js-based Remote Access Trojan (RAT). This RAT leverages the anonymity…

Annual cybercrime losses climbed to nearly $20.9 billion last year, marking a significant 26% surge compared to 2024. This data comes from the FBI’s Internet Crime Complaint Center (IC3) annual report, released Tuesday, which paints a grim picture of escalating digital threats and their financial consequences. The report reveals that…

A sophisticated and prolonged malware campaign, identified as REF1695, has been actively deceiving users into downloading fake software installers. These deceptive applications secretly deploy potent remote access trojans (RATs) and Monero cryptocurrency miners, operating undetected for at least two years. The financially motivated threat actor behind this operation has been…

Organizations across the United States have become targets of a sophisticated multi-stage phishing campaign that leverages legitimate remote monitoring and management (RMM) tools, including LogMeIn Resolve and ScreenConnect, to bypass security measures and gain illicit access. The operation, which began as early as April 2025 with a surge in activity…