Cybersecurity & InfoSec

/cybersecurity283

Incentivize good Cybersecurity Hygiene - Come help build a Web3 Security DAO! /scam to report scams! Let's make web3 safer.

348747
noname ๐Ÿฅธ
@n3rdยท20 hours ago
๐Ÿ›‘ Hacker Caught Mid-Interviewโ€”Live on Zoom!

North Korean attackers are posing as job applicants using fake resumes, AI tools, and stealth malware to breach companies. Some have slipped through.

OtterCookie v4 reveals just how deep the campaign goesโ€”stealing credentials, crypto wallets, even iCloud Keychain data.

๐Ÿ”— See the full story โ†’ https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

OtterCookie v4 adds VM evasion and MetaMask theft in April 2025, signaling rapid malware evolution.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท2 days ago
๐Ÿšจ AI devs, you're the target.

Malicious npm packages disguised as โ€œcheap Cursor AI toolsโ€ are stealing credentials, rewriting code, and disabling updates โ€” on macOS.

3,200+ installs โ€” still live.

Find out how it works: https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท3 days ago
Google identifies new malware linked to Russia-based hacking group

Source: Reuters
https://search.app/C7kj9

search.app
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท3 days ago
โš ๏ธ"Iโ€™m not a robot" just became dangerous.

A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage toolโ€”LOSTKEYS.

Targets? The usual... and some surprising ones.

Read full story โ†’ https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

Russia-linked COLDRIVER uses LOSTKEYS malware via ClickFix lures, targeting advisors, NGOs, and journalists.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท4 days ago
๐Ÿ’ช Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacksโ€”for as little as โ‚ฌ10 a hit.

๐Ÿ”น 4 arrested in Poland
๐Ÿ”น 9 domains seized by the U.S.
๐Ÿ”น Operation PowerOFF strikes again.

These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.

๐Ÿ”— Read โ†’ https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol dismantled six DDoS-for-hire services, arrested four, seized nine domainsโ€”disrupting attacks since 2022.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท5 days ago
๐Ÿšจ Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363โ€”a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

๐Ÿ”— Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Googleโ€™s May 2025 Android update patches 46 flaws; one critical bug exploited since March via FreeType.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท6 days ago
๐Ÿšจ New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

๐Ÿ“ฆ Spread via EXE, MSI, LNK, OCX
๐Ÿ“ค Sends data to Telegram + shady domain

๐Ÿ”— Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Golden Chickens launch TerraStealerV2 and TerraLogger; both still developing but actively steal data via OCX payloads.

thehackernews.com
/Cybersecurity & InfoSec
661936
Noisk8
@noisk8ยท21:03 04/05/2025
https://gist.github.com/Noisk8/5da944548fb5bf3275e4b7b00daad2cf

๐ŸŽฌ๐‹๐ข๐ฌ๐ญ ๐จ๐Ÿ ๐‡๐š๐œ๐ค๐ž๐ซ ๐š๐ง๐ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐Œ๐จ๐ฏ๐ข๐ž๐ฌ๐Ÿฟ

๐ŸŽฌ๐‹๐ข๐ฌ๐ญ ๐จ๐Ÿ ๐‡๐š๐œ๐ค๐ž๐ซ ๐š๐ง๐ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐Œ๐จ๐ฏ๐ข๐ž๐ฌ๐Ÿฟ. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท20:18 04/05/2025
๐Ÿ”ฅ Two years inside. Nation-state footprints. Critical infrastructure targeted.

Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23โ€“Feb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.

Read this story โžก๏ธ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

Iranian threat actor Lemon Sandstorm accessed Middle East CNI from 2023โ€“2025 using VPN flaws, web shells, and 8 custom tools.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท23:57 02/05/2025
๐Ÿšจ TikTok Fined โ‚ฌ530M for secretly storing EU user data in China, violating GDPR rules.

๐Ÿ‡ช๐Ÿ‡บ Irelandโ€™s DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored Chinaโ€™s surveillance risks.

They now have 6 months to stop transfers.

๐Ÿ”— Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html

๐Ÿ“‰ Second major GDPR fine after a โ‚ฌ345M penalty in 2023.

TikTok Slammed With โ‚ฌ530 Million GDPR Fine for Sending E.U. Data to China

TikTok fined โ‚ฌ530M for illegally transferring EEA user data to China, violating GDPR Article 46(1).

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท10:26 01/05/2025
Chinese Hacking Competitions Fuel the Countryโ€™s Broad Cyber Ambitions

Source: https://search.app/wu6fY

search.app
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท16:26 30/04/2025
๐Ÿšจ New Espionage Alert!

A Russian-speaking APT group, Nebulous Mantis, is deploying the stealthy RomCom RAT to target NATO-linked entities, gov agencies, and critical infra โ€” using bulletproof hosting, IPFS, and over 40 remote commands.

๐Ÿ”— See how it works, whoโ€™s behind it, and why it matters now: https://thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html

Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

RomCom RAT uses bulletproof hosting and encrypted C2 for stealth; PRODAFT links it to Russian-speaking APT Nebulous Mantis.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท06:23 30/04/2025
France accuses Russian intelligence of repeated cyber attacks since 2021

Source: Reuters
https://search.app/aTifL

search.app
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท09:51 26/04/2025
๐Ÿ”ฅ Fake jobs, real danger.

North Korean hackers are posing as crypto firms to lure devs into malware traps.

๐Ÿ”น3 fronts: BlockNovas, Angeloper, SoftGlide
๐Ÿ”น3 Malware: BeaverTail, InvisibleFerret, OtterCookie ๐Ÿ”น3 Target: Your wallet, data & trust.

Read: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korean hackers use fake crypto firms and job interview lures to spread cross-platform malware targeting IT professionals globally.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท13:19 25/04/2025
๐Ÿ‘€ New Linux Rootkit Exploits io_uring, Evades Detection

ARMOโ€™s Curing rootkit uses io_uring to bypass system call monitoringโ€”Falco, Tetragon, and even Microsoft Defender canโ€™t see it.

Attackers can run commands without triggering system calls.

Read โ†’ https://thehackernews.com/2025/04/linux-iouring-poc-rootkit-bypasses.html

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.

thehackernews.com
/Cybersecurity & InfoSec
6196
Mikko
@mooยท09:45 25/04/2025
US frauds and scams report 2024 by FBI
https://imagedelivery.net/BXluQx4ige9GuW0Ia56BHw/91634ca3-3cc9-465e-4ec1-80853b905200/original
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท11:50 24/04/2025
๐Ÿ”’ WhatsApp rolls out Advanced Chat Privacy!

๐Ÿ”ธ Blocks chat exports, auto-downloads, & AI use in sensitive convos.
๐Ÿ”ธ Still allows screenshots & manual media saves.
๐Ÿ”ธ Available now for all users on the latest update.

Update to try it ๐Ÿ‘‰ https://thehackernews.com/2025/04/whatsapp-adds-advanced-chat-privacy-to.html

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

WhatsApp adds chat export block for privacy + Meta fined โ‚ฌ200M by EU for illegal ad consent model.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท10:22 24/04/2025
โš ๏ธ Target: Russian Military!

Android.Spy.1292.origin spyware steals data via fake Alpine Quest apps.

โ€” Spread via fake Telegram & Rus. app stores
โ€” Steals loc., contacts, files
โ€” Sends data to Telegram bot, runs hidden malware

Doctor Web says it mimics Alpine Quest Pro, widely used in military zones.

Read: https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html

๐Ÿ‘€ Kaspersky found a Windows backdoor in fake ViPNet updates targeting Russian government, finance, and industry.

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Android spyware hidden in Alpine Quest targets Russian military, stealing files and locations via Telegram.

thehackernews.com
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท08:19 24/04/2025
My weekend plan is to dive deeper into networking and get plenty of hands-on practice. I might even work on building a more complex network setup โ€” Iโ€™m sure the results will be exciting to see.
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท08:16 24/04/2025
I woke up feeling really tired, but Iโ€™m determined to push through and get things done today. Iโ€™ve got a cybersecurity class in less than 3 hours, so I need to get myself prepped and mentally ready before it starts.
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท05:32 24/04/2025
Incase you are wondering what a GUI is

A GUI stands for Graphical User Interface.

Itโ€™s the visual part of a computer that you interact with โ€” like windows, icons, buttons, and menus โ€” instead of typing commands.

โธป

Example:
โ€ข GUI: Clicking a folder to open it, dragging files, using apps with buttons and sliders.
โ€ข Command Line (CLI): Typing cd Documents to go into a folder or ls to list files.

โธป

In Linux, some distros like Ubuntu come with a GUI by default, but you can also run it entirely through the terminal (CLI), which is what makes it feel more โ€œhands-onโ€ and fun โ€” especially for tech-savvy folks like you.๐Ÿ˜‰
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท05:26 24/04/2025
Linux is actually pretty fun โ€” using all those commands makes it exciting. You donโ€™t even need a GUI; just writing code to get things done is part of the thrill.
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท15:10 23/04/2025
๐Ÿšจ New Tactics from Russian Hackers!

Since March 2025, Russian threat groups UTA0352 & UTA0355 are targeting Ukraine-linked orgs via Microsoft 365 OAuth abuse.

No fake sitesโ€”just official Microsoft URLs, real Signal/WhatsApp invites, and compromised Ukrainian Gov accounts.

๐Ÿ”— Learn more: https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Russian threat actors exploit Microsoft OAuth since March 2025 + Target Ukraine allies + Steal 365 access.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท10:24 23/04/2025
๐Ÿ”ฅ Google pulls the plug on third-party cookie prompts in Chrome.

No more new pop-ups โ€” just Incognito upgrades & IP protection by Q3 2025.

While Firefox & Safari banned 3rd-party cookies in 2020, Google stallsโ€”caught between privacy & profit.

Read โ€” https://thehackernews.com/2025/04/google-drops-cookie-prompt-in-chrome.html

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google scraps new third-party cookie prompt in Chrome + boosts Incognito protections + DOJ eyes Chrome breakup.

thehackernews.com
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท08:37 22/04/2025
โ€œThis year, Iโ€™m focused on achieving a cybersecurity certification โ€” itโ€™s my top priority. How about you? Whatโ€™s your goal?โ€
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท08:22 22/04/2025
A few reminders for today:
โ€ข Use MFA everywhere
โ€ข Keep systems and software updated
โ€ข Train your team โ€” humans are often the weakest link
โ€ข Donโ€™t trust, always verify

Stay sharp, stay secure.

#CyberSecurity #InfoSec #MFA #Phishing #ZeroTrust #TechTips #Warpcast
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท16:58 21/04/2025
๐Ÿ•ต๏ธโ€โ™‚๏ธ Kimsuky is backโ€”and digging deep.

A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyondโ€”with targets across energy, finance & tech.

Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Kimsuky exploited CVE-2019-0708 and CVE-2017-11882 since Oct 2023 to target 15 countries.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท09:48 21/04/2025
๐Ÿšจ Surge in cyberattacks tied to Russian bulletproof host Proton66 since Jan 8, 2025.

New research links it to brute-force, malware, ransomwareโ€”even traffic routed via Kaspersky Labโ€™s network path.

Attackers exploit 2024โ€“25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.

Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Proton66-hosted IPs launched global cyberattacks since Jan 8, 2025, exploiting critical CVEs to deploy malware.

thehackernews.com
/Cybersecurity & InfoSec
441504
Babatunde Dailass
@biggtunchyยท03:42 21/04/2025
In a small organizational setup, incorporating network switches can offer significant advantages over relying solely on wireless connectivity. Switches provide a more stable and reliable connection by directly linking devices through Ethernet. This results in:
โ€ข Consistent high-speed data transfer, ideal for file sharing and real-time applications
โ€ข Reduced latency and interference, ensuring smooth performance even in high-traffic environments
โ€ข Enhanced security, as wired connections are less susceptible to unauthorized access compared to Wi-Fi
โ€ข Scalability and manageability, making it easier to expand and control the network as the business grows

While wireless access has its place for mobility, a switch-based infrastructure ensures efficiency, performance, and dependability โ€” all critical for day-to-day operations in a professional setting.

#Networking #ITInfrastructure #SmallBusiness #TechSolutions #WiredVsWireless #Cybersecurity
https://imagedelivery.net/BXluQx4ige9GuW0Ia56BHw/6a910cd2-4912-4473-28a2-3628c2a2b800/original
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท10:44 20/04/2025
๐Ÿšจ Russiaโ€™s APT29 hits EU diplomats with new malware disguised as wine-tasting invites.

๐Ÿท GRAPELOADER is a stealthy first-stage loader hidden in โ€œwine-zipโ€
๐ŸŽฏ Targets: European Ministries of Foreign Affairs
๐Ÿ”„ Launches WINELOADER for deep system access

๐Ÿ”— Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

APT29 deployed GRAPELOADER to target European diplomats in early 2025, enhancing stealth and persistence.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท09:33 19/04/2025
๐Ÿ‘€ Attackers are now using multi-stage payloads that slip past detectionโ€”via simple tricks, not complex code.

One phishing email = 3 malware strains:
โ€ข Agent Tesla
โ€ข Remcos RAT
โ€ข XLoader

๐Ÿ” Plus: a new MysterySnail variant is targeting Mongolia & Russiaโ€”40+ commands, remote access, and evasion built-in.

โžก๏ธ See the full analysis: https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

Multi-stage phishing attack in Dec 2024 used .JSE, PowerShell, and AutoIt to deliver Agent Tesla.

thehackernews.com
/Cybersecurity & InfoSec
348747
noname ๐Ÿฅธ
@n3rdยท09:27 18/04/2025
๐Ÿšจ New XorDDoS Variant Targets U.S. Servers!

The malware is now hijacking Docker and Linux systems via SSH brute-force attacks.

A new โ€œVIPโ€ controller spotted in 2024 suggests itโ€™s being sold as a service, expanding botnet operations.

Full story โ†’ https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

XorDDoS malware targeted 71.3% of U.S. systems in latest wave; Docker, IoT, and Linux bots fuel rise.

thehackernews.com
/Cybersecurity & InfoSec