North Korean hackers are using spear phishing emails that mimic human rights organizations and financial institutions to distribute malware. This campaign, called "Operation Poseidon," is linked to the Konni hacking group and aims to exploit vulnerabilities in email security through deceptive links. Cybersecurity experts warn that these sophisticated tactics make such attacks difficult to defend against.

Albiriox is a new Android malware that gives attackers full control over infected devices, enabling financial fraud. It spreads through deceptive SMS messages and fake apps, using advanced techniques to evade detection. The malware is part of a subscription-based service offered by Russian-speaking cybercriminals.

North Korean hackers are using Google’s Find Hub to track and factory reset Android devices of South Korean targets. They initiate attacks via spear-phishing on KakaoTalk, leading to data theft and device wipes to prevent recovery and spread malware to victims' contacts.

Researchers have uncovered a new Windows malware campaign using Pulsar RAT and Stealerv37. This malware can steal passwords, crypto, and gaming accounts while allowing hackers to interact with victims through a live chat window. It evades detection by running entirely in memory and hijacking trusted system tools.

North Korean hackers are using malicious Microsoft Visual Studio Code projects to deliver a backdoor that allows remote code execution. By tricking victims into cloning Git repositories and opening them in VS Code, the attackers exploit task configuration files to run harmful JavaScript payloads. This ongoing campaign targets software engineers, particularly in cryptocurrency and fintech sectors.

Iranian hacking group APT42 has been conducting a sophisticated campaign against senior defense and government officials, using social engineering tactics and even targeting their families to apply pressure. The malware they deploy operates stealthily, blending with normal activity and employing various techniques to maintain persistence and exfiltrate sensitive data.

This article details a phishing scheme by DPRK hackers posing as recruiters. It analyzes the malware used in the scam, including code obfuscation techniques and how the attackers gather sensitive information from victims.

The article discusses a report on the malware traffic associated with the notorious Los Pollos Hermanos network. It highlights the methods used by cybercriminals to exploit vulnerabilities and distribute malicious software, shedding light on the ongoing challenges in cybersecurity. The findings underscore the importance of vigilance and proactive measures in combating such threats.

Hackers are exploiting a vulnerability in domain name system (DNS) records to hide malware, allowing malicious scripts to fetch binaries without detection by traditional security measures. Researchers from DomainTools discovered that malware was encoded in hexadecimal and distributed across multiple subdomains, enabling retrieval through seemingly harmless DNS requests. As encrypted DNS methods like DOH and DOT gain traction, monitoring this type of traffic may become even more challenging.

Hackers are compromising end-of-life SonicWall Secure Mobile Access appliances, exploiting leaked administrator credentials and potentially using a custom backdoor malware called Overstep. Google’s Threat Intelligence Group urges organizations to analyze their devices for signs of compromise, as many details about the attacks and vulnerabilities remain unclear.