Chainlink Phishing: Trusted Sites Become Dangerous Gateways
Cybercriminals are using an increasingly deceptive tactic known as chainlink phishing, where they build a chain of seemingly harmless links that ultimately leads to a phishing site. This method allows attackers to bypass security filters, abuse the reputation of major online services, and trick even cautious users into visiting malicious pages. What Is Chainlink Phishing? Chainlink phishing describes a chain
Keyloggers Found on Outlook Login Pages in New Exploit
In a striking revelation, cybersecurity researchers have discovered JavaScript-based keyloggers silently operating on Outlook Web Access (OWA) login pages of Microsoft Exchange servers. These keyloggers Found on Outlook have been actively capturing credentials from users across dozens of compromised organizations, including government entities and private-sector firms worldwide. How the Attack Works The attackers injected custom JavaScript into the OWA login
Scattered Spider Strikes With Attacks on U.S. Insurance Firms
Google’s Threat Intelligence Group has issued a stark warning: the cybercriminal group known as Scattered Spider has shifted focus once again, this time toward U.S.-based insurance companies. Infamous for their high-profile breaches in the casino and retail sectors, this adaptable and increasingly aggressive group has now taken aim at a sector rich in sensitive data and operational vulnerabilities. Who Is
Anubis Ransomware Now Wipes Files Beyond Recovery
A new, far more destructive chapter has begun for the Anubis ransomware operation. Previously known for encrypting data and extorting victims, the cybercriminals behind Anubis have now introduced a wiper feature. One that makes data recovery virtually impossible, even if the ransom is paid. This strategic shift marks a dangerous evolution in the ransomware-as-a-service (RaaS) ecosystem and signals a chilling
Fog Ransomware Turns Legitimate Tools Against Defenders
In May 2025, incident responders at a regional bank in Southeast Asia stumbled upon a ransomware intrusion that looked nothing like the smash‑and‑grab playbooks they were used to. Instead of Cobalt Strike, MimiKatz or custom droppers, the adversary - operators of the Fog ransomware - stitched together a workbench of legitimate admin utilities and niche open‑source red‑team projects. Because every binary
Predator Spyware Bounces Back and Finds New Market
When U.S. and EU sanctions hit Intellexa, the company behind the Predator spyware platform, many observers predicted the mercenary‑surveillance market would retreat. Instead, freshly released telemetry from Recorded Future’s Insikt Group shows Predator morphing rather than melting away. Their latest report maps brand‑new command‑and‑control (C2) servers in Mozambique, the first public evidence of a customer there, plus infrastructure tied to
Hijacked Discord Invites Spawn Multi-Stage Malware Chains
A Discord invite you embedded in a blog post, social‑media thread, or product FAQ last year may no longer point to the community you intended. Because Discord allows boosted servers to re‑claim expired or deleted vanity codes, threat actors exploit hijacked abandoned Discord invites, attaching them to their own servers, and funnelling visitors into a slick, but malicious, “verification” flow.
DNS Security: Your First Line of Defense in 2025
Every connection to your website begins with a simple question: “Where do I find this domain?” That question is answered by the Domain Name System (DNS), a decades‑old protocol that was never designed to fend off modern attackers. If an adversary can tamper with (or completely overwhelm) your DNS, they can redirect visitors, steal data, or knock your brand offline
Operation Secure by Interpol Seizes Malicious 20,000 IPs
From January to April 2025, INTERPOL coordinated “Operation Secure,” a concerted strike on the technical backbone that fuels the global trade in stolen credentials. Working with cyber‑crime units from 26 Asia‑Pacific countries and telemetry from Group‑IB, Kaspersky and Trend Micro, investigators mapped more than 20,000 IP addresses and domains that funnelled loot from 69 different infostealer strains. By April’s end,
Rare Werewolf Targets Russian Devices for Crypto Mining
A stealthy cyber campaign called Rare Werewolf is silently siphoning computing power, and sensitive data from hundreds of devices across Russia. First observed in December 2024, this ongoing operation is targeting industrial organizations and engineering schools, with victims also reported in Belarus and Kazakhstan. Unlike the flashy ransomware attacks that dominate headlines, Rare Werewolf keeps a low profile. By blending
