U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.
Posted inCybersecurity News

U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.

The U.S. Department of the Treasury recently imposed sanctions on Song Kum Hyok, a North Korean cyber operative linked to the notorious Andariel hacking group. This action targets his central role in orchestrating a fraudulent IT worker scheme that generated illicit revenue for the North Korean regime, supporting its weapons of mass destruction (WMD) and ballistic missile programs.
An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.
Posted inCybersecurity News

An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.

An Iranian ransomware-as-a-service (RaaS) operation with direct ties to a government-backed cyber group has reemerged after nearly five years of inactivity, posing a renewed threat to organizations in the United States and Israel. The group, operating under the name Pay2Key.I2P, is actively recruiting cybercriminals and offering substantial financial incentives to affiliates who successfully compromise high-value targets.
Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.
Posted inCybersecurity News

Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.

A recent investigation by the security team at Koi Security has brought to light a significant threat affecting millions of internet users. The team identified a coordinated campaign involving 18 malicious browser extensions that remain accessible on both the Google Chrome and Microsoft Edge web stores. These extensions have collectively impacted over 2.3 million users, making this one of the most extensive browser hijacking operations in recent years.
The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.
Posted inCybersecurity News

The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.

The Anatsa banking trojan, also known as TeaBot, has once again breached the security of the Google Play Store, posing a significant threat to Android users—particularly those banking with US financial institutions. This sophisticated malware campaign underscores the evolving tactics of cybercriminals and the ongoing challenges facing mobile app marketplaces.
Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”
Posted inCybersecurity News

Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Microsoft Visual Studio Code (VS Code) extension “Ethcode,” a tool widely used by Ethereum smart contract developers. The malicious activity highlights the growing risks associated with third-party software components in modern development environments.
Computer hacker holding a large metal lock and key
Posted inCybersecurity News

Researchers reveal attack vectors, tools, and infrastructure used by the Gold Melody group, who are exploiting leaked cryptographic Machine Keys from ASP.NET web applications.

A recent threat intelligence report, TGR-CRI-0045, has shed light on the advanced tactics and infrastructure used by a sophisticated initial access broker (IAB) group. This group, tracked as TGR-CRI-0045 and linked to the threat actor known as Gold Melody (also called UNC961 or Prophet Spider), has been implicated in a series of attacks targeting organizations across Europe and the United States. The main sectors affected include financial services, manufacturing, wholesale and retail, high technology, and transportation and logistics.
Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.
Posted inCybersecurity News

Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.

The cyber threat landscape is undergoing a seismic shift, with identity-based attacks reaching unprecedented levels, according to a new report from cybersecurity firm eSentire. The study reveals that the proliferation of Infostealers-as-a-Service (IaaS) and Phishing-as-a-Service (PhaaS) platforms is fueling a dramatic increase in credential theft and subsequent cyber incidents across organizations of all sizes.
SAP releases 27 new security updates, including 6 that address critical vulnerabilities.
Posted inCybersecurity News

SAP releases 27 new security updates, including 6 that address critical vulnerabilities.

SAP announced the release of 27 new and four updated security notes as part of its July 2025 Security Patch Day on Tuesday, July 8, 2025. This comprehensive update addresses a range of vulnerabilities across SAP’s product portfolio, including six critical flaws that could have significant security implications for organizations worldwide.