ALERTS HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY | 2024 2025
2025 January(36) February(50) March(77) April(54) May(54) June(65) July(50) August(54) SEPTEMBER(61) October(0) November(0) December(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 4.10.25 | ModStealer - a new macOS malware | Security firm Mosyle and follow-up reports detailed the emergence of ModStealer, a cross-platform infostealer distributed via malvertising campaigns, often disguised as fake software downloads or job advertisements. | VIRUS | |
| 4.10.25 | SEO fraud activities conducted by the UAT-8099 threat group | Cisco Talos has published details regarding UAT-8099, a cybercrime group focused on search engine optimization (SEO) fraud and the theft of miscellaneous sensitive data such as credentials, configuration files, logs, and more. This threat group specifically targets vulnerable Internet Information Services (IIS) servers globally, with confirmed victims spanning across universities, technology companies, and telecom providers, among others. | GROUP | |
| 4.10.25 | Confucius Threat Group Deploys New Anondoor Backdoor | The cyber-espionage group Confucius, known for targeting government and critical industries across South Asia has been observed leveraging sophisticated phishing campaigns primarily against high-value targets in Pakistan, showing a major technical evolution. | GROUP | |
| 4.10.25 | ProSpy & ToSpy - Android Spyware in UAE | New spyware campaigns targeting privacy-conscious Android users in the UAE has been reported by ESET. The campaigns deploy two previously undocumented spyware families, ProSpy and ToSpy, disguised as legitimate Signal or ToTok apps distributed via phishing sites and fake app stores. | VIRUS | |
| 4.10.25 | WARMCOOKIE Operators Expand Infrastructure, Refine Tactics | Researchers recently published a report on the WARMCOOKIE backdoor, revealing that its operators have expanded their infrastructure and refined their tactics. First observed in recruitment-themed phishing campaigns, WARMCOOKIE is still active and capable of host fingerprinting, command execution, screenshot capture, and delivery of additional payloads. | ALERTS | OPERATION |
| 4.10.25 | CORS vulns exploited to deliver Latrodectus via injected FakeCaptcha | According to recent reports, Lunar Spider (aka Gold SwathMore) has evolved its toolkit by exploiting CORS misconfigurations on websites—mainly in Europe—to inject a “FakeCaptcha” overlay that tricks victims into running malicious commands. The injected JavaScript creates a fake verification UI, copying a PowerShell command into the clipboard, which, when executed, initiates an MSI loader. | EXPLOIT | |
| 4.10.25 | DarkCloud's infostealer recent activity | A new activity delivering the DarkCloud version 3.2 payload has been reported by the researchers from eSentire. The attack is initiated via targeted spear-phishing campaign with financial lure that delivers the infostealing malware within the .zip archive attachment. | VIRUS | |
| 4.10.25 | GuLoader campaign targets Francophone Businesses, deploying MassLogger | Symantec has observed a new GuLoader campaign in which actors are impersonating a well-known hospitality and luxury resort/events group in Morocco. Sending fraudulent quotation requests with the subject line “DEMANDE DEVIS N° 25090358.” | CAMPAIGN | |
| 4.10.25 | Acreed Infostealer | Acreed is an advanced infostealer variant first discovered in early 2025 and sold on underground markets. Once on the infected machine, Acreed deploys JavaScript modules designed for financial theft, performing cryptocurrency clipping (replacing legitimate wallet addresses on web pages) and clipboard hijacking. | VIRUS | |
| 4.10.25 | New LockBit ransomware variant 5.0 found in the wild | The LockBit ransomware group has resurfaced following a February 2024 disruption, deploying an new variant dubbed LockBit 5.0. A new research published by Trend Micro has confirmed the existence of Windows, Linux, and ESXi variants, signifying the group’s continued cross-platform strategy targeting entire enterprise networks, including virtualized environments. | RANSOM | |
| 4.10.25 | CVE-2025-10035 - Fortra GoAnywhere MFT vulnerability | CVE-2025-10035 is a recently disclosed critical (CVSS score 10.0) deserialization vulnerability affecting Fortra GoAnywhere which is comprehensive managed file transfer (MFT) software. | VULNEREBILITY | |
| 4.10.25 | New Android malware Klopatra | Klopatra is a newly observed Android malware which functions as both a banking Trojan and Remote Access Trojan (RAT). A report provided by researchers at Cleafy shares technical details and campaign activity associated with this threat. Highlights from the report include: | VIRUS | |
| 4.10.25 | Olymp Loader: Emerging Malware-as-a-Service | A new assembly-written Malware-as-a-Service called Olymp Loader advertised as “FUD” (fully undetectable) has been reported by Outpost24. It includes anti-debugging, code-signing and crypter options and targets browsers, Telegram and crypto wallets. | ALERTS | VIRUS |
| 4.10.25 | Rise in Jumbo lottery phishing emails as Halloween nears | Lately, Symantec has observed Halloween themed jumbo lottery phish runs targeting Japanese users. Threat actors have recently initiated jumbo lottery phish runs that masquerade as lottery campaign announcement emails. | PHISHING | |
| 4.10.25 | XWorm RAT uses Excel Add-Ins for Fileless Attack | A malware campaign delivering the XWorm .NET RAT using shellcode hidden inside Office attachments has been observed by Forcepoint. As part of the multi-stage attack, a phishing email is sent with a seemingly benign .xlam workbook that embeds an Ole10Native stream containing encrypted shellcode. | VIRUS | |
| 4.10.25 | New XCSSET Malware variant targets Xcode Projects | Microsoft Threat Intelligence has identified a new variant of XCSSET malware targeting Xcode projects. The malware employs run-only compiled AppleScripts for stealthy execution, now targets a broader range of browsers including Firefox, steals information from Telegram, hijacks clipboards by substituting wallet addresses and establishes persistence via LaunchDaemons and Git commits. | ALERTS | VIRUS |
| 4.10.25 | Oyster backdoor spread via malicious Teams Setup | A recent campaign has been reported by Blackpoint SOC in which attackers are abusing SEO poisoning and malvertising to trick users into downloading trojanized Microsoft Teams installers that deliver the Oyster (also known as Broomstick) backdoor. | VIRUS |