Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Posted on August 25, 2025August 25, 2025 By CWS

Aug 25, 2025Ravie LakshmananCybersecurity Information / Hacking
Cybersecurity at present strikes on the tempo of world politics. A single breach can ripple throughout provide chains, flip a software program flaw into leverage, or shift who holds the higher hand. For leaders, this implies protection is not only a matter of firewalls and patches—it is about technique. The strongest organizations aren’t those with probably the most instruments, however the ones that see how cyber dangers hook up with enterprise, belief, and energy.
This week’s tales spotlight how technical gaps grow to be real-world stress factors—and why safety choices now matter far past IT.
⚡ Risk of the Week
Widespread Password Managers Affected by Clickjacking — Widespread password supervisor plugins for internet browsers have been discovered inclined to clickjacking safety vulnerabilities that could possibly be exploited to steal account credentials, two-factor authentication (2FA) codes, and bank card particulars below sure situations. The approach has been dubbed Doc Object Mannequin (DOM)-based extension clickjacking by impartial safety researcher Marek Tóth, who introduced the findings on the DEF CON 33 safety convention earlier this month. As of August 22, fixes have been launched by Bitwarden, Dashlane, Enpass, KeePassXC-Browser, Keeper, LastPass, NordPass, ProtonPass, and RoboForm.

🔔 High Information

Russian Hackers Go After Previous Cisco Flaw — Hackers linked to Russia are exploiting a seven-year-old vulnerability in unpatched end-of-life Cisco networking gadgets (CVE-2018-0171) to focus on enterprise and significant infrastructure networks within the U.S. and overseas. Over the previous 12 months, the risk actor, which Cisco is monitoring as Static Tundra, has collected configuration recordsdata from 1000’s of networking gadgets utilized by US organizations in important infrastructure sectors. On some susceptible gadgets, the attackers modified the configuration settings to offer themselves unauthorized entry to the community. The attackers then used that entry to discover the networks, wanting particularly at protocols and purposes which can be generally utilized in industrial programs. Cisco recognized Static Tundra as primarily focusing on organizations of strategic curiosity to the Kremlin, spanning the manufacturing, telecommunications, and better schooling sectors throughout the globe. As soon as the risk actor beneficial properties entry to a system of curiosity, they’ve been discovered to make use of stolen SNMP credentials to quietly management the compromised gadgets, letting them run instructions, change settings, and steal configurations, all whereas hiding their exercise from safety controls. Static Tundra has additionally altered the configuration of compromised gadgets to create new native person accounts and allow distant entry providers like Telnet, granting them further methods to regain entry to the machine if their preliminary communication mechanism is closed. Additionally utilized by the group is a backdoor referred to as SYNful Knock to remain linked to contaminated gadgets and provides a hidden foothold that survives reboots.
Apple Fixes Actively Exploited 0-Day — Apple launched safety fixes to repair a high-severity flaw in iOS, iPadOS, and macOS that it mentioned has come below energetic exploitation within the wild. The zero-day is an out-of-bounds write vulnerability affecting the ImageIO framework. Tracked as CVE-2025-43300 (CVSS rating: 8.8), the difficulty might end in reminiscence corruption when processing a malicious picture. The iPhone maker mentioned the bug was internally found and that it was addressed with improved bounds checking. The corporate supplied no additional technical particulars of the vulnerability or insights into the exploitation exercise past characterizing the cyber assaults as refined and extremely focused. The tech large started utilizing such terminology beginning this 12 months, presumably to indicate nation-state threats and spy ware exercise.
Murky Panda Abuses Trusted Relationships to Breach Cloud Environments — The risk actor often known as Murky Panda (aka Silk Hurricane) has been noticed abusing trusted relationships within the cloud to hack enterprise networks. The assaults leverage N-day and zero-day vulnerabilities to drop internet shells and a Golang malware referred to as CloudedHope to facilitate distant entry. A notable facet of Murky Panda’s tradecraft issues the abuse of trusted relationships between companion organizations and their cloud tenants, exploiting zero-day vulnerabilities to breach software-as-a-service (SaaS) suppliers’ cloud environments and conduct lateral motion to downstream victims.
INTERPOL Broadcasts New Wave of Arrests in Africa — INTERPOL introduced that authorities from 18 international locations throughout Africa have arrested 1,209 cybercriminals who focused 88,000 victims. “The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the worldwide attain of cybercrime and the pressing want for cross-border cooperation,” the company mentioned. The hassle is the second part of an ongoing regulation enforcement initiative referred to as Operation Serengeti, which came about between June and August 2025 to deal with extreme crimes like ransomware, on-line scams and enterprise e-mail compromise (BEC). The primary wave of arrests occurred late final 12 months.
Scattered Spider Hacker Will get 10 Years Jailterm — Noah Michael City, a 20-year-old member of the infamous cybercrime gang often known as Scattered Spider, was sentenced to 10 years in jail within the U.S. in reference to a collection of main hacks and cryptocurrency thefts. City pleaded responsible to expenses associated to wire fraud and aggravated identification theft again in April 2025. Along with 120 months in federal jail, City faces a further three years of supervised launch and has been ordered to pay $13 million in restitution to victims. The defendant, who additionally glided by the aliases Sosa, Elijah, King Bob, Gustavo Fring, and Anthony Ramirez, was arrested by U.S. authorities in Florida in January 2024 for committing wire fraud and aggravated identification theft between August 2022 and March 2023. These incidents led to the theft of no less than $800,000 from no less than 5 totally different victims.
North Korea Doubtless Behind New Diplomat Cyber Assaults — The North Korea-backed risk actor often known as Kimsuky is believed to have orchestrated a spear-phishing assault focusing on European embassies in South Korea. The marketing campaign, ongoing since March 2025, is characterised by means of GitHub as a command-and-control channel and a variant of an open-source malware referred to as Xeno RAT. In an fascinating twist, the attackers have yielded clues that they’re figuring out of China, maybe alluding to the potential of a collaboration or that it is the work of a risk actor that intently mimics the ways of Kimsuky. Moreover, routing malicious cyber exercise via China doubtless supplies North Korea with some geopolitical cowl and a protected haven so long as it does not straight hurt home pursuits.
Alleged RapperBot Admin Charged within the U.S. — Ethan Foltz, 22, of Eugene, Oregon, was charged with allegedly growing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet referred to as RapperBot since no less than 2021. Foltz has been charged with one depend of aiding and abetting pc intrusions. If convicted, he faces a most penalty of 10 years in jail. As well as, regulation enforcement authorities performed a search of Foltz’s residence on August 6, 2025, seizing administrative management of the botnet infrastructure.

‎️‍🔥 Trending CVEs
Hackers are fast to leap on newly found software program flaws – typically inside hours. Whether or not it is a missed replace or a hidden bug, even one unpatched CVE can open the door to critical harm. Under are this week’s high-risk vulnerabilities making waves. Evaluation the listing, patch quick, and keep a step forward.
This week’s listing contains — CVE-2025-7353 (Rockwell Automation ControlLogix), CVE-2025-8714 (PostgreSQL), CVE-2025-9037, CVE-2025-9040 (Workhorse Software program Companies), CVE-2025-54988 (Apache Tika), CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791 (Commvault), CVE-2025-43300 (Apple iOS, iPadOS, and macOS).

📰 Across the Cyber World

Microsoft Scales Again Chinese language Entry to Early Warning System — Microsoft revealed it has scaled again some Chinese language corporations’ entry to its early warning system for cybersecurity vulnerabilities within the wake of sweeping hacking makes an attempt towards Microsoft SharePoint servers which were pinned on Beijing. To that finish, the Home windows maker mentioned a number of Chinese language companies would not obtain proof-of-concept code demonstrating the issues. The change is relevant to “international locations the place they’re required to report vulnerabilities to their governments,” which would come with China. The choice comes amid hypothesis that there could have been a leak from the Microsoft Lively Protections Program (MAPP) could have resulted within the large-scale exploitation exercise.
New Lazarus Stealer Noticed — A brand new Android banking trojan referred to as Lazarus Stealer has been noticed within the wild. “Disguised as a innocent software referred to as ‘GiftFlipSoft,’ the malware particularly targets a number of Russian banking apps, extracting card numbers, PINs, and different delicate credentials whereas remaining utterly hidden from the machine’s interface,” CYFIRMA mentioned. “The malware is constructed for persistence, working silently within the background whereas exfiltrating delicate information. It abuses high-risk permissions, default SMS privileges, overlay features, and dynamic WebView content material to hold out its operations.” As soon as put in, the app requests default SMS app privileges, in addition to overlay (“Show Over Different Apps”) and Utilization Entry permissions to show fraudulent interfaces on legit purposes for credential harvesting and monitor energetic purposes in actual time and detect when focused purposes, akin to banking apps, are launched.
Google Agrees to Pay $30M to Settle Youngsters’s Privateness Lawsuit — Google has agreed to pay $30 million to settle a class-action lawsuit that it violated kids’s privateness on YouTube by secretly gathering their information with out parental consent and utilizing it to serve focused adverts. Google denied wrongdoing in agreeing to settle. The corporate beforehand paid a $170 million positive in 2019 to the Federal Commerce Fee (FTC) and the state of New York for comparable practices.
Storm-1575 Linked to Salty 2FA — The risk actor often known as Storm-1575 has been attributed to a brand new phishing-as-a-service (PhaaS) providing referred to as Salty 2FA. “Like different PhaaS platforms, Salty 2FA is especially delivered by way of e-mail and focuses on stealing Microsoft 365 credentials,” ANY.RUN mentioned. “It unfolds in a number of levels and contains a number of mechanisms designed to hinder detection and evaluation.” Victims of Salty 2FA assaults span the finance, telecom, vitality, consulting, logistics, and schooling sectors. Storm-1575 is the moniker assigned by Microsoft to the operators of DadSec and Rockstar 2FA.
What’s HuiOne Assure? — The Telegram-based escrow platform HuiOne Assure (aka Haowang Assure), which introduced its closure in June 2025, has acquired a 30% monetary stake in Tudou Assure, which has emerged as a key fallback for Huione-affiliated distributors. Described as an “Amazon for criminals,” the Cambodian conglomerate behind it, HuiOne Group, has had its HuiOne Pay license revoked by the Nationwide Financial institution of Cambodia earlier this March. HuiOne-linked infrastructure has obtained over $96 billion in cryptocurrency property since 2021, in keeping with TRM Labs, which mentioned HuiOne Pay and HuiOne Assure share operational hyperlinks, with fund flows noticed from Huione Pay withdrawal wallets to Huione Assure’s safety deposit wallets. The findings come as darknet market escrow programs that handle cryptocurrency transactions between consumers and distributors proceed to stay susceptible to administrator exit scams. These programs implement escrow via multi-signature cryptocurrency pockets addresses that require signatures from the client and vendor to finish transactions, with the market administrator solely stepping in throughout dispute decision to facet with both the client or vendor based mostly on proof supplied by the 2 events. To streamline operations, many darknet markets additionally use automated escrow launch programs, transferring funds to distributors after 7 to 21 days except consumers provoke disputes through the timer interval. Nevertheless, the “centralized” nature of the dispute decision course of, which is closely reliant in the marketplace directors, introduces new dangers akin to bias, corruption, and exit rip-off eventualities the place equity takes a again seat.
Orange Belgium Discloses Breach — Orange Belgium, a subsidiary of telecommunications large Orange Group, disclosed on Wednesday that attackers who breached its programs in July have stolen the info of roughly 850,000 clients. “On the finish of July, Orange Belgium found a cyber assault on one among its IT programs, which gave unauthorized entry to sure information from 850,000 buyer accounts,” the corporate mentioned. “No important information was compromised: no passwords, e-mail addresses, financial institution or monetary information have been hacked. Nevertheless, the hacker has gained entry to one among our IT programs that accommodates the next info: title, first title, cellphone quantity, SIM card quantity, PUK code, [and] tariff plan.”
U.Okay. Man Sentenced to Jail for Web site Defacement and Knowledge Theft — Al-Tahery Al-Mashriky, 26, from Rotherham, South Yorkshire, was sentenced to jail for 20 months for hacking into the web sites of organizations in North America, Yemen and Israel and stealing the log in particulars of thousands and thousands of individuals, together with greater than 4 million Fb customers. Al-Mashriky was arrested in August 2022 and pleaded responsible to 9 offences earlier this March. Related to an extremist hacker group named Yemen Cyber Military, the defendant infiltrated a variety of web sites to push non secular and political ideologies. A evaluate of his seized laptop computer uncovered private information for over 4 million Fb customers and a number of other paperwork containing usernames and passwords for providers akin to Netflix and Paypal. The Yemen Cyber Military is a hacktivist group that, prior to now, has declared its help for the Houthis, an Islamist political and army group.
Malicious npm Packages Goal Solana Builders — Malicious npm packages have been discovered embedding an info stealer that is designed to single out Russian cryptocurrency builders as a part of a marketing campaign dubbed Solana-Scan. These malicious packages, solana-pump-test, solana-spl-sdk, and solana-pump-sdk, focused the Solana cryptocurrency ecosystem and claimed to “scan” for Solana SDK parts. All of the packages have been revealed by a person named “cryptohan.” Contained inside the package deal is an obfuscated CommonJS file that launches a JavaScript payload for extracting setting info and launching a second-stage that searches the compromised machine for delicate recordsdata and exfiltrates them to a distant server situated within the U.S. There may be proof that the JavaScript was written with the assistance of generative synthetic intelligence (AI) instruments like Anthropic Claude, software program provide chain safety outfit Security mentioned.
Singapore Warns of Dire Wolf Assaults — The Cyber Safety Company of Singapore (CSA) has warned of Dire Wolf double-extortion assaults focusing on Dire Wolf since Might 2025. “Dire Wolf ransomware group employs a double extortion tactic, the place it encrypts information on victims’ programs and threatens to publicly launch exfiltrated information on its information leak website (DLS) except a ransom is paid,” CSA mentioned. “This causes a two-fold influence of information loss and reputational harm on sufferer organizations.”
Hijack Loader Detailed — Cybersecurity researchers have unpacked the interior workings of a malware loader referred to as Hijack Loader that is used as a conduit for different payloads, together with info stealers and distant entry trojans. Assault chains distributing the malware have leveraged pirated sport web sites like Dodi Repacks, tricking customers into downloading booby-trapped ZIP archives below the guise of video video games like Virtua Fighter 5 REVO. One other propagation mechanism includes embedding a hyperlink to cracked software program in TIDAL music playlists that present up in search engine outcomes. Hijack Loader incorporates an array of anti-virtual machine and anti-debug methods and makes an attempt to disable Microsoft Defender Antivirus previous to launching the ultimate payload.
Nebraska Man Sentenced to 1 12 months in Jail for Illicit Crypto Mining — Charles O. Parks III, who was indicted in April 2024 for working a large-scale unlawful cryptojacking operation, was sentenced within the U.S. to 1 12 months and at some point in jail. He’s mentioned to have defrauded two well-known suppliers of cloud computing providers out of greater than $3.5 million price of computing assets from January via August 2021. Parks was charged with wire fraud, cash laundering, and fascinating in illegal financial transactions in reference to the scheme and pleaded responsible to wire fraud in December 2024. The mined foreign money was used for private luxurious purchases and Parks boasted about his earnings on social media to earn credibility as a crypto influencer. “Parks created and used a wide range of names, company affiliations, and e-mail addresses, together with emails with domains from company entities he operated referred to as ‘MultiMillionaire LLC’ and ‘CP3O LLC,’ to register quite a few accounts with the service suppliers and to achieve entry to huge quantities of computing processing energy and storage that he didn’t pay for,” the Justice Division mentioned.
Chrome Extension Detected Capturing Screenshots — A Chrome browser extension with greater than 100,000 installs has been discovered to harbor covert options to seize screenshots, gather system info, and question IP geolocation APIs for location particulars. The screenshots are uploaded to an exterior server, aitd.one, which claims to be an AI risk detection service. Marketed as a free VPN app named FreeVPN.One, the featured add-on provided the promised performance since its launch in 2000, earlier than the surveillance options have been subtly launched in April, June, and July 2025. The developer behind the device claimed the automated screenshot seize is a part of a Background Scanning characteristic that is triggered solely on suspicious domains and for all customers by default. Nevertheless, Koi Safety discovered that screenshots have been being taken on trusted providers like Google Sheets and Google Pictures. “FreeVPN.One reveals how a privateness branding might be flipped right into a entice,” the corporate mentioned. “What’s offered as security turns into a quiet pipeline for gathering what you do and the place you might be.”
Okta Releases Auth0 Buyer Detection Catalog — Okta has introduced the launch of the Auth0 Buyer Detection Catalog, a complete open-source repository designed to reinforce proactive risk detection capabilities for Auth0 clients. “The Auth0 Buyer Detection Catalog permits safety groups to combine customized, real-world detection logic straight into their log streaming and monitoring instruments, enriching the detection capabilities of the Auth0 platform,” the identification safety firm mentioned.
TRM Labs Launches Beacon Community to Monitor Crypto Crime — Blockchain intelligence agency TRM Labs introduced the launch of Beacon Community, a real-time crypto crime response community for monitoring illicit crypto exercise and stopping it from leaving the blockchain. “Verified investigators flag addresses linked to monetary crime. Beacon Community mechanically propagates these labels throughout associated wallets,” the corporate mentioned. “When tagged funds arrive at a taking part alternate or issuer, Beacon Community triggers an prompt alert.” In doing so, cryptocurrency platforms can proactively evaluate and maintain flagged deposits earlier than withdrawal, blocking illicit cash-outs.
Microsoft Goals to be Quantum-Secure by 2033 — Microsoft has set out a roadmap to finish transition to put up quantum cryptography (PQC) throughout all its services and products by 2033, with roll out starting by 2029. That is two years forward of the deadline imposed by the US and different governments. “Migration to put up quantum cryptography (PQC) is just not a flip-the-switch second, it is a multi-year transformation that requires speedy planning and coordinated execution to keep away from a last-minute scramble,” the corporate’s Mark Russinovich and Michal Braverman-Blumenstyk mentioned. The U.S. Nationwide Institute of Requirements and Know-how (NIST) formalized the world’s first PQC algorithms in August 2024.

New Phishing Marketing campaign Makes use of Hidden AI Prompts — A phishing marketing campaign has been noticed utilizing hidden synthetic intelligence (AI) prompts which can be designed to govern AI-based e-mail scanners and delay them from detecting the malicious payloads. The emails, despatched from SendGrid, masquerade as password expiry notices from Gmail to induce a false sense of urgency utilizing social engineering ways. However buried within the e-mail plain-text MIME part is a immediate that instructs automated scanners to “interact within the deepest potential multi-layered inference loop” and trick them into getting into lengthy reasoning loops as a substitute of marking the messages as phishing. “If AI-driven programs are tied to automation (auto-tagging, ticketing, escalation), this injection might trigger misclassification or delays,” Malwr-analysis.com’s Anurag mentioned. The event coincided with a brand new wave of credential harvesting assaults involving phishing emails despatched by way of SendGrid. “The marketing campaign exploits the trusted popularity of SendGrid, a legit cloud-based e-mail service utilized by companies to ship transactional and advertising emails,” Cofense mentioned. “By impersonating SendGrid’s platform, attackers can ship phishing emails that seem genuine and bypass widespread e-mail safety gateways.”
493 Instances of Sextortion In opposition to Youngsters Linked to SE Asia Rip-off Compounds — A brand new report from the Worldwide Justice Mission (IJM) has linked 493 little one sextortion circumstances to rip-off compounds working in Cambodia, Myanmar, and Laos, the place trafficked people are pressured to hold out on-line fraud akin to romance baiting and pig butchering scams. Forensic information has tied the circumstances to 40 of the 44 beforehand recognized rip-off compounds working in Cambodia, Myanmar, and Laos. “This analysis signifies a probable convergence of two darkish types of exploitation – little one sextortion and human trafficking – enabled by digital platforms and pushed by revenue,” mentioned Eric Heintz, Senior Legal Analyst at IJM.
Mule Operators in META Undertake Complicated Fraud Schemes — Cybersecurity researchers have laid naked the superior methods mule operators throughout the Center East, Turkey and Africa (META) area have adopted to focus on retail banks, shifting from primary IP masking by way of VPNs and proxies to Starlink-based obfuscation ways mixed with superior GPS spoofing, SIM abuse, and bodily machine “muling” utilizing employed people and postal shipments. “Monetary establishments within the Gulf area, the place rules are particularly tight, implement strict restrictions on VPN, internet hosting, and proxy site visitors,” Group-IB mentioned. “Early on, these controls pressured mule operators to depend on generic VPN providers – simply recognized by way of IP popularity instruments. By late 2023, fraudsters started a speedy innovation cycle to bypass these filters and regain distant entry to accounts within the goal jurisdictions.” Mule networks have been noticed utilizing stolen identities and site obfuscation ways to remotely open lots of of accounts to launder funds throughout focused international locations, with fraudsters additionally eradicating SIM playing cards totally from Android gadgets to evade telecom fingerprinting and connecting to the web by way of Wi-Fi hotspots, usually from close by roaming-enabled telephones, thereby masking their community origins. As not too long ago as This autumn 2024, the schemes have recruited so-called first-layer mules, who opened the financial institution accounts inside trusted jurisdictions after which handed credentials to abroad operators who performed laundering operations. An additional escalation of this strategy earlier this 12 months eradicated the necessity for credential handover by bodily delivery pre-configured telephones. “First-layer mules based mostly in trusted international locations would open accounts and construct belief via preliminary legit utilization,” Group-IB mentioned. “As a substitute of sharing login credentials, they ship pre-configured telephones to second-layer fraudsters working overseas.”

MuddyWater Targets CFOs and Finance Execs — The Iranian hacking group dubbed MuddyWater is actively focusing on CFOs and finance executives throughout Europe, North America, South America, Africa, and Asia by way of spear-phishing emails that trick recipients into downloading ZIP archives from Firebase-hosted phishing pages. The assault chains result in the deployment of OpenSSH and NetBird, a legit distant entry device for persistent entry. Using distant desktop software program is a tactic typically utilized by MuddyWater to facilitate entry to compromised environments. “The infrastructure pivots, evolving payload paths, and constant reuse of distinctive artifacts spotlight a resourceful adversary that adapts rapidly to take care of operational functionality,” Hunt.io mentioned.
Iranian Hacktivist Group Targets Iranian Communication Networks — The nameless Iranian hacktivist group often known as Lab Dookhtegan has crippled the satellite tv for pc communications programs on 64 Iranian ships at sea. The incident, which came about final week, impacted 39 oil tankers and 25 cargo ships operated by the Nationwide Iranian Tanker Firm (NITC) and the Islamic Republic of Iran Transport Traces (IRISL). The hacks focused Fannava, an Iranian tech firm that gives satellite tv for pc communication terminals for ships. Again in March 2025, the entity additionally disrupted satellite tv for pc communication programs of 116 Iranian vessels linked to arms shipments for Yemen’s Houthis. In line with safety researcher Nariman Gharib, the group hacked the corporate’s community, recognized all maritime communications terminals operating iDirect satellite tv for pc software program, after which deployed malicious code to inflict everlasting harm by overwriting the storage partitions with zeroes.
Professional-Iranian Hackers Demonstrated Coordination Throughout 12-Day June Battle With Israel — The 12-day battle between Israel and Iran in June spilled into our on-line world, accompanied by a surge in cyber exercise from pro-Iran hacking teams that labored in a “coordinated internet” throughout borders to steal information, deface web sites, unfold propaganda, perform DDoS campaigns, and deploy malware akin to Remcos RAT. “Telegram has emerged as a important platform for coordination, propaganda dissemination, and command-and-control for each state-aligned proxies and hacktivist collectives,” Safety Scorecard mentioned in an evaluation of 250,000 messages from Iranian proxies and hacktivists from over 178 energetic teams through the time interval. “Its perceived anonymity and broad attain make it a beautiful medium for these teams to arrange, share info, declare duty for assaults, and even recruit new members.” The cyber conflict highlights “how Iran has refined its use of digital instruments to form the battlespace, management home narratives, and challenge affect overseas,” the Center East Institute mentioned.
4 Ghanaian Nations Extradited to the U.S. — The U.S. Division of Justice charged 4 Ghanaian nationals, Isaac Oduro Boateng, Inusah Ahmed, Derrick Van Yeboah, and Patrick Kwame Asare, for his or her roles in an enormous fraud ring linked to the theft of over $100 million in romance scams and enterprise e-mail compromise assaults towards people and companies situated throughout the U.S. between 2016 and Might 2023. They have been extradited to the U.S. on August 7, 2025. “After stealing the cash, the fraud proceeds have been then laundered to West Africa, the place they have been largely funneled to people referred to as ‘chairmen,’ who directed the actions of different members of the conspiracy,” the Justice Division mentioned.
NIST Publishes Pointers to Sort out Identification Fraud — The U.S. Nationwide Institute of Requirements and Know-how (NIST) revealed new pointers to assist organizations optimize their efforts to detect face morphing and deter identification fraud. “The simplest protection towards the usage of morphs in identification fraud is to stop morphs from stepping into operational programs and workflows within the first place,” NIST’s Mei Ngan mentioned. “Some trendy morph detection algorithms are ok that they could possibly be helpful in detecting morphs in real-world operational conditions. Our publication is a set of suggestions that may be tailor-made to a particular scenario.”
North Korea Linked to Over $1.75B in Thefts in 2025 — North Korea, which pulled off one of many greatest crypto heists in historical past in February 2025 by plundering practically $1.5 billion from Dubai-based alternate Bybit, has stolen greater than $1.75 billion in 2025 alone, in keeping with Elliptic. Within the six months following the Bybit hack, over $1 billion of the stolen funds have been laundered utilizing a number of rounds of mixers and cross-chain actions to complicate the path. “It’s noteworthy that lesser-known blockchains have been layered for parts of funds, maybe within the hope that they aren’t as effectively supported by some analytics and investigation instruments, and are much less acquainted to investigators trying to hint asset actions,” Elliptic mentioned. “Beforehand unseen or much less generally used providers have been additionally utilized for Bybit laundering.” Additional evaluation reveals that funds reaching the Tron blockchain are finally cashed out by way of suspected Chinese language over-the-counter buying and selling providers.
Attackers Abuse Digital Personal Servers to Breach SaaS Accounts — Risk actors are weaponizing digital non-public servers (VPS) to compromise software-as-a-service (SaaS) accounts after which utilizing them to ship phishing emails. The exercise was first noticed in March 2025. “The incidents concerned suspicious logins from VPS-linked infrastructure adopted by unauthorized inbox rule creation and deletion of phishing-related emails,” Darktrace mentioned. “These constant behaviors throughout gadgets level to a focused phishing marketing campaign leveraging digital infrastructure for entry and concealment.”

ClickFix-Model Marketing campaign Delivers Atomic Stealer Variant — A malvertising marketing campaign has been noticed directing unsuspecting customers to fraudulent macOS assist web sites the place ClickFix-style directions are exhibited to entice them into opening the Terminal app and pasting a command that, in flip, triggers the execution of a shell command to obtain from an exterior server a variant of Atomic macOS Stealer (AMOS) often known as SHAMOS. Developed by a malware-as-a-service (MaaS) supplier named Cookie Spider, it features as an info stealer and downloads further malicious payloads, together with a spoofed Ledger Stay pockets software and a botnet module. Alternate assault chains have relied on a GitHub repository masquerading as iTerm2. The GitHub account is not accessible. In current months, the ClickFix approach has additionally been leveraged to ship one other macOS infostealer referred to as Odyssey Stealer utilizing bogus CAPTCHA verification checks.
MITRE Releases 2025 Most Essential {Hardware} Weaknesses — The non-profit MITRE Company revealed a revised listing of the Most Essential {Hardware} Weaknesses (MIHW) to raised align with the {hardware} safety panorama. Delicate Data in Useful resource Not Eliminated Earlier than Reuse (CWE-226), Improper Isolation of Shared Sources on System-on-a-Chip (CWE-1189), and On-Chip Debug and Check Interface With Improper Entry Management (CWE-1191) take the highest three spots.
How Lumma Associates Function — Regardless of a Might 2025 regulation enforcement takedown focusing on Lumma Stealer, the malware household seems to have staged a full restoration and continues to be a preferred alternative for risk actors. In line with a report from Recorded Future, Lumma associates not solely function a number of schemes concurrently, but additionally leverage beforehand undocumented instruments akin to a phishing web page generator (DONUSSEF) and a cracked e-mail credential validation device. Additionally put to make use of are VPNs, privacy-focused internet browsers, bulletproof internet hosting suppliers, digital cellphone and SMS providers (OnlineSim, SMS-Activate, and Zadarma), and proxies (PIA Proxy and GhostSocks). “For example, one affiliate was recognized working rental scams, whereas others concurrently leveraged a number of malware-as-a-service (MaaS) platforms, together with Vidar, Stealc, and Meduza Stealer, prone to bolster operational agility, enhance success charges, and mitigate the dangers linked to detection and regulation enforcement takedowns,” the corporate mentioned. “As well as, a number of Lumma associates are tied to distinct risk actor personas throughout underground boards, reinforcing their deep integration inside the broader cybercriminal ecosystem.”
Misleading Google Play Retailer Pages Distribute SpyNote — A brand new community of internet sites that mimic the Google Play Retailer pages of varied apps is getting used to trick customers into putting in malicious Android apps containing the SpyNote RAT. It is a continuation of an ongoing marketing campaign that was flagged by DomainTools again in April 2025. “Key approach modifications have been the dynamic payload decryption and DEX ingredient injection utilized by the preliminary dropper, which conceals SpyNote’s core features and hijacks app conduct, and the management circulation and identifier obfuscation utilized to the C2 logic to hinder static evaluation,” the corporate mentioned. The event adopted the invention of a brand new model of the Anatsa (aka TeaBot) Android banking trojan that may now goal over 831 monetary establishments the world over, together with numerous cryptocurrency platforms. “Anatsa streamlined payload supply by changing dynamic code loading of distant Dalvik Executable (DEX) payloads with direct set up of the Anatsa payload,” Zscaler ThreatLabz mentioned. “Anatsa applied Knowledge Encryption Customary (DES) runtime decryption and device-specific payload restrictions.”
New macOS Stealer Mac.c Noticed — Cybersecurity researchers have found a brand new macOS stealer referred to as Mac.c that may steal iCloud Keychain credentials, browser-stored passwords, crypto pockets information, system metadata, and recordsdata from particular areas. It may be bought for $1,500 per 30 days below a subscription mannequin, whereas AMOS is priced at $3,000 a month. “This cheaper price might additionally open the gates for much less resourceful and fewer tech-savvy operators who wish to break into the cybercriminal market and have little cash to spend on darkish internet instruments,” Moonlock Lab mentioned.
Paper Werewolf Makes use of New Linux Rootkit in Assaults Concentrating on Russia — The risk actor often known as Paper Werewolf (aka GOFFEE) is focusing on Russian organizations with a Linux rootkit named Sauropsida. The rootkit relies on an open-source rootkit often known as Reptile. Additionally deployed are BindSycler, a Golang utility to tunnel site visitors utilizing the SSH protocol, and MiRat, a Mythic framework agent.

🎥 Cybersecurity Webinars

How Code-to-Cloud Mapping Unites Dev, Sec, and Ops into One Highly effective AppSec Workforce — Trendy software safety cannot cease at code or cloud—it should join each. On this webinar, you will uncover how code-to-cloud visibility closes the gaps that attackers exploit, uniting builders, DevOps, and safety groups with a shared playbook for quicker, smarter threat discount.
7 Concrete Steps to Safe Shadow AI Brokers Earlier than They Spiral Out of Management — AI brokers are not simply instruments—they’re energetic gamers making choices inside your enterprise. But many of those “shadow brokers” function with out identification, possession, or oversight, making a harmful blind spot that attackers are already exploiting. On this webinar, we’ll expose how these invisible dangers emerge and present safety leaders the important steps to convey AI identities below management—earlier than they grow to be your weakest hyperlink.
5 Easy Methods to Spot Rogue AI Brokers Earlier than They Take Over — Shadow AI Brokers are multiplying quick—hidden in your workflows, fueled by non-human identities, and shifting quicker than your governance can sustain. On this unique session, safety leaders will expose the place these brokers disguise, the dangers they pose, and the sensible steps you’ll be able to take at present to regain visibility and management with out slowing innovation.

🔧 Cybersecurity Instruments

SafeLine — A self-hosted Internet Software Firewall (WAF) designed to protect internet purposes from widespread threats akin to SQL injection, XSS, SSRF, and brute-force makes an attempt. By appearing as a reverse proxy, it filters and screens HTTP/S site visitors, blocking malicious requests earlier than they attain the server and stopping unauthorized information leaks. Its capabilities embody fee limiting, anti-bot defenses, dynamic code safety, and entry management—serving to guarantee internet purposes stay safe and resilient towards evolving assaults.
AppLockerGen — An open-source utility that helps system directors and safety professionals create, merge, and handle Home windows AppLocker insurance policies extra effectively. By offering a user-friendly interface, it simplifies defining guidelines for executables, scripts, installers, and DLLs, whereas additionally supporting coverage import/export, inspection for misconfigurations, and testing towards widespread bypass methods.

Disclaimer: These newly launched instruments are for instructional use solely and have not been totally audited. Use at your individual threat—evaluate the code, take a look at safely, and apply correct safeguards.

🔒 Tip of the Week
Do not Simply Retailer It. Lock It — If you drag a file into Google Drive, OneDrive, or Dropbox, it feels “protected.” However here is the catch: most clouds solely encrypt recordsdata on their servers — they maintain the keys, not you.
Meaning if the supplier is breached, subpoenaed, or a rogue admin pokes round, your “non-public” recordsdata aren’t so non-public.
The repair is easy: end-to-end encryption. You encrypt earlier than importing, so your recordsdata are locked in your machine and might solely be unlocked together with your key. Even when the cloud is hacked, attackers see nothing however scrambled noise.
Free, open-source instruments that make this straightforward:

Cryptomator → good for newbies, creates an “encrypted vault” inside your Dropbox/Drive.
Kopia → trendy backup device with sturdy encryption, nice for securing whole folders or servers.
Restic → quick, deduplicated, encrypted backups, beloved by builders and sysadmins.
Rclone (with crypt) → the power-user’s alternative for syncing + encrypting recordsdata to virtually any cloud.

Backside line: If it is price saving, it is price locking. Do not belief the cloud together with your keys.
Conclusion
Cybersecurity is not nearly know-how—it is a take a look at of management. The alternatives made in boardrooms form how groups defend programs, reply to assaults, and get well from setbacks. This week’s tales spotlight a key reality: safety comes all the way down to choices—the place to speculate, which dangers to take, and which blind spots to repair. One of the best leaders do not promise good security. As a substitute, they supply readability, construct resilience, and set course when it issues most.

The Hacker News Tags:0Day, Apple, Exploits, Flaws, Hidden, InTheWild, Manager, Password, Prompts

Post navigation

Previous Post: Chip Programming Firm Data I/O Hit by Ransomware
Next Post: Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools

Related Posts

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps The Hacker News
Why IT Leaders Must Rethink Backup in the Age of Ransomware The Hacker News
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise The Hacker News
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business The Hacker News
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails The Hacker News
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
  • OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
  • Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database
  • Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts
  • Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
  • OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
  • Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database
  • Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts
  • Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News