BERT Ransomware: A New Threat Targeting ESXi Virtual Machines
A new cross-platform ransomware strain, known as BERT, has emerged, posing a significant threat to organizations running VMware ESXi environments. This article explores how BERT ransomware operates, its unique features, and how businesses can defend against it. What is BERT Ransomware? First identified in April 2025, BERT ransomware targets Windows, Linux, and ESXi systems. Its primary focus on ESXi virtual
SatanLock Ransomware Group Abruptly Shuts Down, Leaks Stolen Data
The notorious SatanLock ransomware gang has unexpectedly announced its shutdown. The announcement raises fresh questions about the shifting dynamics within the cybercriminal ecosystem. The gang revealed this on July 9, 2025, via the group’s dark web site and Telegram channel. It turns out they not only end their operations but also the decide to leak all victim files. A Short-Lived
Malicious Extensions Hijack Chrome and Edge Users
A new large-scale browser security incident has compromised millions of users worldwide. Eighteen popular Chrome and Edge extensions, once trusted by users, have been quietly turned into malicious tools, redirecting users to phishing websites and collecting sensitive browsing data. This alarming discovery highlights the growing threat of 'sleeper agent' extensions—tools that start off clean but turn rogue through stealth updates.
Leaked Shellter Elite Tool Abused by Cybercriminals
A legitimate cybersecurity tool designed for penetration testing has become the latest weapon in the arsenal of cybercriminals, raising fresh concerns about the responsible disclosure of security threats. Shellter Elite, a widely used red-team utility, was leaked earlier this year. Hackers have since abused it to deploy infostealer malware in a string of cyberattacks. From Pentesting to Cybercrime Shellter Elite's
Fake Solana Bot on GitHub Steals Users’ Crypto Wallets
A new cybersecurity threat is targeting crypto enthusiasts using Solana's trading ecosystem. Security researchers from SlowMist have uncovered a malicious GitHub repository posing as a legitimate trading bot for Solana's popular Pump.fun platform. Instead of helping users make trades, the malware embedded in this fake Solana bot steals sensitive wallet information. The Scam: Malicious GitHub Repository The fraudulent repository, named
Batavia Spyware Campaign Hits Dozens of Russian Organizations
A newly discovered Windows spyware campaign, called Batavia, is making waves in the cybersecurity community after being exposed by researchers at Kaspersky. The campaign, active since at least July 2024, has already targeted dozens of Russian organizations, primarily large industrial enterprises. How the Attack Works The Batavia campaign begins with carefully crafted phishing emails that masquerade as legitimate business correspondence,
Ingram Micro Hit by Ransomware Attack, Causing Global Service Outages
Ingram Micro, one of the world's largest IT distributors, has confirmed that a ransomware attack caused an ongoing outage affecting its systems and services. The incident, which began on July 3, 2025, has impacted the company's ability to process online orders, manage back-end systems, and provide essential services to partners and clients. The ransomware group, identifying itself as "SafePay," claims
Fake Crypto Wallet Extensions Flood Firefox Store
A recent surge of malicious browser extensions targeting cryptocurrency users has been uncovered in the Firefox Add-ons Store, putting unsuspecting users at risk of devastating financial losses. Cybersecurity researchers have identified over 40 fake wallet extensions impersonating popular crypto wallets, including MetaMask, Coinbase Wallet, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero. This malicious campaign, dubbed "FoxyWallet," has been active
Fake Websites Target Shoppers Ahead of Amazon Prime Day
As Amazon Prime Day approaches (July 8-11, 2025), cybercriminals are capitalizing on the shopping frenzy by unleashing a wave of fake websites designed to scam unsuspecting consumers. Recent research by cybersecurity experts at NordVPN has revealed the existence of over 120,000 fraudulent websites mimicking Amazon in just the past two months. What is Prime Day? Prime Day, one of the
IconAds, a Massive Mobile Ad-Fraud Operation Disrupted
A sophisticated mobile ad-fraud operation, named "IconAds," has been disrupted. The dismantling came after it was discovered that 352 Android applications were secretly bombarding users with intrusive ads while hiding their presence on devices. This extensive campaign, which peaked at over 1.2 billion ad bid requests daily, primarily targeted users in Brazil, Mexico, and the United States. How the IconAds
