Author: AmbreenChaudhary

The cyber threat group FamousSparrow has resurfaced in a coordinated set of attacks targeting a U.S. trade organization and a Mexican research institution. This time, they’re wielding two advanced versions of their signature malware, SparrowDoor, and, for the first time, deploying the notorious ShadowPad tool a favourite among Chinese state-aligned groups. These fresh developments signal not just the persistence of this group but also their evolving sophistication. According to a new analysis by cybersecurity firm ESET, these latest variants demonstrate a significant technical leap in how the malware executes commands, manages system interaction, and maintains stealth within infected environments. From Espionage to Innovation: Who Is Famous Sparrow? FamousSparrow has been active since at…

The fallout from the $1.5 billion Bybit cryptocurrency heist is becoming clearer, and it’s worse than initially feared. Safe{Wallet}, a platform offering secure multi-signature services for Web3 assets, has now confirmed that the attack was not only state-sponsored but also executed with surgical precision. The culprit? A North Korea-linked hacking group known as TraderTraitor — also tracked as Jade Sleet, PUKCHONG, and UNC4899. This group has been tied to multiple previous crypto-focused breaches and is now being held responsible for one of the largest digital heists in history. How the Attack Unfolded: From Docker to Developer A Social Engineering Trap…

Security researchers have uncovered a dangerous new method used by malicious browser extensions to steal user credentials by impersonating other legitimate add-ons in real time. This technique, dubbed a polymorphic extension attack, allows a fake extension to take on the exact appearance and behavior of a real, trusted one, making it incredibly difficult for users to spot the difference. The attack targets all Chromium-based browsers, including popular choices like Google Chrome, Microsoft Edge, Brave, and Opera. It’s a stealthy and sophisticated method that can fool even tech-savvy users by exploiting one simple fact, most people trust what they see in…

A cyber threat group known as Blind Eagle, also tracked under aliases like APT-C-36, AguilaCiega, and APT-Q-98, is actively targeting Colombian government and private organizations. These attacks, running since November 2024, rely on familiar social engineering tactics but with some dangerous new twists—including the use of GitHub-hosted malware, a now-patched NTLM vulnerability, and custom encryption tools. Researchers at Check Point who analyzed the campaign reported more than 1,600 confirmed victims in just one wave of attacks launched in mid-December 2024. That’s a high hit rate for an advanced persistent threat (APT) that typically favors focused, targeted operations. Why This Campaign…

A newly uncovered phishing campaign is targeting employees in the hospitality sector by impersonating Booking.com, one of the world’s largest online travel agencies. At the heart of the campaign is a clever trick called ClickFix—a social engineering tactic that convinces users to execute malware on their own systems. First detected in December 2024, the campaign has been traced to a threat actor Microsoft tracks as Storm-1865, and its impact has stretched across North America, Europe, Oceania, and Southeast Asia. The goal? Steal login credentials, plant malware, and commit financial fraud. A Simple Email, a Fake Review, and a Deceptive Link…

This week’s global cybersecurity roundup shows just how fast things are moving on both sides of the cyber battlefield. On one end, threat actors are breaking into outdated routers, sneaking into app stores, and spreading malware through trusted platforms like YouTube and GitHub. On the other end, researchers are building new decryptors, governments are pressing charges, and security vendors are tightening controls. Here’s your in-depth look at the stories shaping cyber defense and offense for March 2025. China-Linked UNC3886 Breaches End-of-Life Juniper Routers Old routers are still powering networks—and attackers know it One of the biggest threats this week came…

A severe Windows zero-day vulnerability, active since at least 2017, is being used by state-backed hackers from North Korea, China, Iran, and Russia. Despite its long-running exploitation across various industries and nations, the flaw still remains unpatched. Tracked as ZDI-CAN-25373 by Trend Micro’s Zero Day Initiative (ZDI), the flaw allows attackers to use specially crafted .LNK files — commonly known as Windows shortcuts — to run harmful commands without alerting the user. What’s more troubling is that Microsoft has classified it as low priority and has no immediate plans to fix it. A Silent Danger Hidden in Everyday Files How…

Cybercriminals have found a clever new way to distribute malware by uploading fake game cheat videos to YouTube, aimed at Russian-speaking users. These videos lead unsuspecting players to download password-protected files that hide a stealthy malware known as Arcane, a powerful stealer designed to collect a wide range of sensitive data. This new threat highlights how attackers continue to evolve, using popular platforms and interests like gaming to slip past defenses and infect devices silently. A Dangerous Setup Behind Game Cheat Promises Malware Hidden in Cheat Downloads The infection starts with a simple YouTube video promising free cheats or hacks…

A new cybercrime toolkit named VanHelsing is quickly making headlines in the digital underground. First spotted in early March 2025, this ransomware service already counts three victims and appears to be gathering momentum fast. VanHelsing is part of a growing trend where cybercriminals no longer need to build malware from scratch. Instead, they can buy access to full-featured ransomware platforms, complete with payment systems, attack controls, and a business model designed to split profits. A Ransomware Platform for Cybercriminal Entrepreneurs How the Affiliate Structure Works The VanHelsing platform operates like a franchise system for cybercrime. Affiliates, once accepted, can launch…

In a shocking revelation, cybersecurity firm Sygnia has reported that a major Asian telecommunications company was compromised by a group of Chinese state-sponsored hackers. This long-term breach, carried out by a group identified as Weaver Ant, allowed the attackers to quietly operate within the network for over forty eight months, collecting sensitive information without being detected. Although the name of the affected telecom provider has not been disclosed, the implications are significant, highlighting the evolving strategies and persistence of modern cyber espionage operations. Weaver Ant — A Stealthy and Persistent Threat Actor Sygnia describes Weaver Ant as a stealth-focused, highly…