EncryptHub strikes again, sneaking trojanized game onto Steam as a early-access title.
Posted inCybersecurity News

EncryptHub strikes again, sneaking trojanized game onto Steam as a early-access title.

Threat actor group EncryptHub has been implicated in a malware campaign that leveraged the popular gaming platform Steam to distribute info-stealing malware to unsuspecting users. Steam says EncryptHub was able to infiltrate Steam's ecosystem by uploading a trojanized game, masquerading as a legitimate early-access title. This malicious game served as a delivery mechanism for stealer malware, targeting high-value data such as browser cookies and session tokens, saved passwords and authentication credentials, and cryptocurrency wallets and sensitive system files.
XSS cybercrime forum rises from the dead – just one day after being raided by Europol. Ahem… honeypot.
Posted inCybersecurity News

XSS cybercrime forum rises from the dead – just one day after being raided by Europol. Ahem… honeypot.

On July 22, 2025, the XXX.is forum, one of the largest and longest-standing Russian-speaking cybercrime marketplaces, was taken offline after a coordinated, multi-year investigation involving Ukrainian authorities, French police, and Europol. The forum’s main domain was seized and replaced with a law enforcement notice. However, today, the XSS forum re-emerged within 24 hours on its mirror sites and .onion domains on the dark web. A statement posted by an administrator account claimed the forum’s infrastructure remained intact and reassured users that restoration efforts were underway. Security researchers say, not so fast. Is this a real-life resurrection or a law enforcement honeypot?
Ah, iPhone users, you’re a wild and reckless bunch. New study suggests Android users exhibit stronger security habits.
Posted inCybersecurity News

Ah, iPhone users, you’re a wild and reckless bunch. New study suggests Android users exhibit stronger security habits.

A recent analysis conducted by cybersecurity firm Malwarebytes sheds light on the contrasting online security behaviors of Android and iPhone users. The report highlights notable differences in information-sharing tendencies, adoption of security tools, password management practices, and susceptibility to scams between the two user groups.
The Active Soco404 campaign targets cloud environments to deploy cryptomining software.
Posted inCybersecurity News

The Active Soco404 campaign targets cloud environments to deploy cryptomining software.

Researchers from Wiz have uncovered a sophisticated cryptomining campaign, dubbed Soco404, that targets cloud environments by exploiting various vulnerabilities and misconfigurations. The attackers employ a unique method of embedding malicious payloads within fake 404 error pages hosted on Google Sites, demonstrating alarming ingenuity in cloud threat tactics.
The new China-based Storm-2603 group is deploying Warlock ransomware on Microsoft SharePoint servers.
Posted inCybersecurity News

The new China-based Storm-2603 group is deploying Warlock ransomware on Microsoft SharePoint servers.

A sophisticated cyber threat actor known as Storm-2603 has been identified exploiting critical vulnerabilities in Microsoft SharePoint to deploy Warlock ransomware on unpatched enterprise systems. According to Microsoft’s recent security advisory, this group, believed to be China-based, is leveraging unpatched flaws in on-premises SharePoint servers to gain unauthorized access, establish persistence, and spread ransomware across targeted networks.