MuddyWater Deploys UDPGangster Backdoor In A Targeted Campaign Across Three Nations
Follow Us For More!

#MuddyWater #InformationSecurity #CyberSecurity #CyberAlerts

Qilin cybercrime gang claims hack on Japan's Asahi The ransomware group has a track record of intrusions against major entities around the world.

#Qilin, a ransomware group with a track record of intrusions against major entities around the world, claimed responsibility for a hack on Japan’s Asahi Group, which disrupted production at the beer and beverage giant. #RansomwareAttacks #AsahiBeer #CyberAlerts www.japantimes.co.jp/business/202...

Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page Passwordstate 9.9 fixes authentication bypass flaw on August 28, 2025, adding clickjacking defenses for 29,000 customers.

Passwordstate, used by 29,000 orgs worldwide, just patched a critical flaw.

A crafted URL could bypass its emergency access page — exposing credentials.

Researchers also warn its browser extension was at risk of clickjacking: one bad click could leak logins, cards, even 2FA codes. #CyberAlerts

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

#ShadowSilk hackers just hit nearly 30+ gov targets across Central Asia & APAC.

The crew? A Russian-Chinese tag team using Telegram bots to hide C2 traffic + stealing Chrome passwords.

They’re still active—new victims found in July. #CyberSecurity #CyberAlerts thehackernews.com/2025/08/shad...

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station Sni5Gect attack downgrades 5G to 4G via unencrypted messages, with 90% injection success rate.

New 5G attack discovered.

Researchers built #Sni5Gect, a tool that can hijack the 5G handshake, crash phones, or silently downgrade them to 4G — no fake cell tower needed. #CyberSecurity #CyberAlerts #smartphone thehackernews.com/2025/08/new-...

Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors Dutch NCSC warns of CVE-2025-6543 Citrix attacks on critical organizations, urging urgent patches to prevent further breaches.

WARNING: Dutch cyber watchdog confirms: a Citrix zero-day (CVE-2025-6543) was exploited for months before disclosure—hitting critical orgs, leaving hidden web shells, and erasing traces.

Patches are out. If you run NetScaler, act now. #CyberSecurity #CyberAlerts thehackernews.com/2025/08/dutc...

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims AI-powered phishing mimics Brazilian agencies, stealing data and PIX payments; Efimer Trojan targets crypto wallets.

Brazil hit by two cyber threats:

1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds. #CyberAlerts #Scam

thehackernews.com/2025/08/ai-t...

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes RubyGems and PyPI hit by credential-stealing packages targeting automation and crypto users, prompting new security rules.

RubyGems & PyPI under attack:

🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets

Both hide credential-stealing code in legit-looking packages. #CyberAlerts thehackernews.com/2025/08/ruby...

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes Attackers used 11 Go and 2 npm packages to spread malware across platforms, putting open-source developers at risk.

11 malicious Go packages just found — infecting both Windows and Linux.

They silently download payloads, hijack shells, and can steal browser data.

Worse: they look legit, preying on confused devs importing from GitHub. #CyberAlerts #Malware thehackernews.com/2025/08/mali...

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections ClickFix malware replaced ClearFake in 2024, infecting users via fake CAPTCHAs and trusted platforms.

CAPTCHAgeddon is here. A fake CAPTCHA scam called ClickFix hijacks devices with a single paste—no download, no file, just clipboard commands.

It's smarter than ClearFake—and spreading fast. #Scam #CyberAlerts thehackernews.com/2025/08/clic...

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign Russian hackers used Gmail app passwords and fake State Dept. emails to access inboxes of academics.

Russian APT29 hackers hijacked Gmail accounts using app passwords—bypassing 2FA with social engineering.

They posed as the U.S. State Dept to steal access from academics and critics. #APT29 #CyberAlerts thehackernews.com/2025/06/russ...

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign Water Curse exploited 76 GitHub accounts to deliver stealthy malware targeting developers and supply chains.

Water Curse hijacked 76 GitHub repos to spread stealthy, multi-stage malware.

Posing as dev tools, it steals credentials, hijacks sessions, and persists undetected—active since March 2023. #CyberAlerts #Malware thehackernews.com/2025/06/wate...

North Korea ramps up cyberspying in Ukraine to assess war risk The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations.

The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. #CyberAttacks #CyberAlerts www.bleepingcomputer.com/news/securit...

Chinese hackers behind attacks targeting SAP NetWeaver servers Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor. #CyberSecurity #CyberAlerts www.bleepingcomputer.com/news/securit...

FBI: End-of-life routers hacked for cybercrime proxy networks The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.

FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. #CyberAlerts www.bleepingcomputer.com/news/securit...

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed CISA adds CVE-2025-34028 to KEV list after real-world exploits, forcing federal patching by May 23.

Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.
#CyberAlerts
thehackernews.com/2025/05/comm...

Deadline for U.S. agencies: May 23.

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach Commvault confirms Azure breach via CVE-2025-3928 zero-day + no data loss + CISA mandates patch by May 19.

Nation-state hackers breached Commvault’s Azure-hosted environment by exploiting a zero-day in Commvault’s own web server — CVE-2025-3928.

👀 Check sign-ins
🚫 Block malicious IPs
📑 Report activity fast
#CyberSecurity #CyberAlerts
thehackernews.com/2025/05/comm...

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.

Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted.

Some victims are unknowingly losing their own AdSense earnings.

#CyberAlerts
thehackernews.com/2025/05/fake...

Product Walkthrough: Securing Microsoft Copilot with Reco Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats.

Your AI Copilot could leak your secrets — without you even knowing.

Microsoft 365 Copilot boosts productivity, but opens the door to massive data risks. Reco spots risky prompts, flags hidden attacks, and locks down your SaaS ecosystem. #CyberAlerts thehackernews.com/2025/04/prod...

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.

New Linux Rootkit Exploits io_uring, Evades Detection

ARMO’s Curing rootkit uses io_uring to bypass system call monitoring—Falco, Tetragon, and even Microsoft Defender can’t see it.
#CyberAlerts #Linux #CyberSecurity 🐧
Attackers can run commands without triggering system calls.

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure 159 CVEs exploited in Q1 2025 + 28.3% within 1 day + Exploits drive 20% of breaches.

159 Bugs Exploited in 90 Days!

1 in 4 breaches now starts with a CVE exploit. In Q1 2025, 159 flaws hit in the wild—28% within 24 hours of disclosure.
#CyberSecurity #CyberAlerts
Top targets: CMSes, edge devices, Windows.
thehackernews.com/2025/04/159-...

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware Lazarus exploited zero-days in South Korean software, targeting 6 firms with ThreatNeedle and more.

#LazarusGroup strikes South Korea—again.

6 major industries breached via watering hole attacks + zero-days in Cross EX & Innorix Agent.
Malware used: ThreatNeedle & more.
#CyberAlerts #Malware #SupplychainsAttacks
👀 Supply chains are the target.
thehackernews.com/2025/04/laza...

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely Commvault flaw CVE-2025-34028 enables pre-auth SSRF leading to code execution; fix in 11.38.20+ versions.

Critical Exploit Alert!

A 9.0 CVSS flaw in Commvault Command Center lets hackers run code without logging in.

🎯 Targets versions 11.38.0–11.38.19
💥 Pre-auth SSRF → Remote Code Execution
#CyberAlerts #CyberSecurity
Learn more about CVE-2025-34028 here:
thehackernews.com/2025/04/crit...

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp Russian threat actors exploit Microsoft OAuth since March 2025 + Target Ukraine allies + Steal 365 access.

New Tactics from Russian Hackers!

Since March 2025, Russian threat groups UTA0352 & UTA0355 are targeting Ukraine-linked orgs via Microsoft 365 OAuth abuse.

No fake sites—just official Microsoft URLs, real Signal/WhatsApp invites, and compromised Ukrainian Gov accounts.
#CyberAlerts

State-sponsored hackers embrace ClickFix social engineering tactic ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizin...

ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. #APThacker #CyberAlerts www.bleepingcomputer.com/news/securit...

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery Proton66-hosted IPs launched global cyberattacks since Jan 8, 2025, exploiting critical CVEs to deploy malware.

Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.
#CyberAlerts #CyberAttacks
thehackernews.com/2025/04/hack...

⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire. #CyberSecurity #CyberAlerts
thehackernews.com/2025/04/thn-...

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT SideCopy hackers adopt MSI staging and launch CurlBack RAT attacks on Indian ministries, oil, and rail sectors.

Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.
They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux. #CyberAlerts

Malicious VSCode extensions infect Windows with cryptominers Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero.

Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. #MaliciousVSCode #CyberAlerts www.bleepingcomputer.com/news/securit...

EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling t...

EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. #bugbounty #CyberAlerts