Fake KeePass Version Executes Ransomware Attacks
A malicious version of the popular open-source password manager KeePass is being used to launch ransomware attacks on VMware ESXi servers. Security researchers have uncovered a trojanized variant, dubbed “KeeLoader” that mimics the real interface while silently compromising users' systems. Once installed, this fake KeePass plants a Cobalt Strike beacon and exfiltrates the user’s password database in plaintext. Thus, paving
Skitnet Malware Fuels Ransomware Attacks
Ransomware gangs are evolving fast, and their newest weapon, Skitnet malware, proves it. Known alternately as “Bossnet,” this emerging post-exploitation malware is gaining traction among threat actors like BlackBasta and Cactus. Designed for stealth, Skitnet leverages in-memory execution, DNS-based command and control, and anti-forensics to maintain a low profile while enabling persistent remote access. As its use spreads in phishing
Dynamic DNS: The Silent Partner in Modern Cybercrime
In the hectic atmosphere of cyber threats, attackers constantly seek new tools and techniques to evade detection. One such overlooked enabler is Dynamic DNS (DDNS). It’s a legitimate service that’s now being co-opted to power phishing campaigns, malware delivery, and command-and-control operations. While Dynamic DNS was originally designed to help users cope with changing IP addresses, its convenience has unintentionally
Procolored Distributed Malware-Laced Drivers for Half a Year
In an alarming cybersecurity lapse, popular printer brand Procolored has unknowingly distributed malware-infected drivers via its official website for at least six months. The infected software included a Remote Access Trojan (RAT) called XRedRAT and a cryptocurrency stealer known as SnipVex, both capable of compromising user systems and exfiltrating sensitive data. What Happened? The malware was embedded in driver installation
Steam Data Leaked Online – No Cause for Panic, Valve Says
A new cybersecurity scare rippled through the gaming community this week. Allegedly, Steam data leaked online with reports speculating that data from 89 million Steam accounts has been breached. However, Valve, the company behind the world’s largest PC gaming platform, has responded swiftly, stating that no breach occurred and user accounts remain secure. What Happened? On May 15, 2025, reports
Chrome Vulnerability Leaks Cross-Origin Data
Google has released an urgent security update for Chrome to patch a newly discovered zero-day vulnerability, tracked as CVE-2025-4664, that is currently being exploited by attackers in the wild. This high-severity flaw affects how Chrome handles cross-origin requests and could allow attackers to leak sensitive information from users simply by luring them to a malicious web page. What Is CVE-2025-4664?
CPU-Level Ransomware: Is It Possible and How Dangerous Is It?
Ransomware has officially leveled up. In a chilling new development, cybersecurity researchers have unveiled the world’s first proof-of-concept CPU-level ransomware - an attack so deeply embedded in hardware that it bypasses every traditional defense in the cybersecurity playbook. Unlike conventional ransomware that encrypts files through software-level exploits, this innovation taps directly into the processor’s microcode, rewriting the rules of engagement.
LockBit Ransomware Hacked: What We Know So Far
In a major blow to one of the world’s most active ransomware groups, LockBit has been hacked, and the fallout could reshape the cybercrime landscape. On May 7, 2025, an unknown hacker gained access to LockBit’s administration panel, defaced its dark web site with the message “Don’t do crime, crime is bad xoxo from Prague,” and leaked a trove of
DoppelPaymer Ransomware Suspect Arrested in Moldova
DoppelPaymer Ransomware suspect was arrested. In a significant blow to the global ransomware ecosystem, Moldovan authorities have seized a 45-year-old foreign national. He is suspected of playing a central role in the notorious DoppelPaymer ransomware attacks. The arrest, carried out on May 6, 2025, follows a coordinated operation with Dutch law enforcement and is part of a broader international effort
Hackers Hiding Malware in JPEG in a New Wave of Attacks
In today’s cybersecurity landscape, even the most ordinary-looking files can be vehicles for sophisticated attacks. Recent findings have exposed a new method used by cybercriminals - hackers hiding malware in JPEG files to bypass security systems. This technique, known as steganography, allows attackers to hide harmful scripts inside files that appear completely harmless, turning images into a serious cybersecurity threat.
