A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000 and comes with a guarantee that it will pass Google’s Chrome Web Store review process. […]

The post New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants.  North Korean threat actors linked to […]

The post New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,” weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems.​ The campaign begins with targeted […]

The post SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but […]

The post New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Priced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.

The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek.

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools.

Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process.

10 years after disrupting the Ukrainian power grid, the APT targeted Poland with data-wiping malware.

The post Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid appeared first on SecurityWeek.

Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers in an attempt to disrupt electricity delivery operations.

A cyberattack, Reuters reported, occurred during the last week of December. The news organization said it was aimed at disrupting communications between renewable installations and the power distribution operators but failed for reasons not explained.

Wipers R Us

On Friday, security firm ESET said the malware responsible was a wiper, a type of malware that permanently erases code and data stored on servers with the goal of destroying operations completely. After studying the tactics, techniques, and procedures (TTPs) used in the attack, company researchers said the wiper was likely the work of a Russian government hacker group tracked under the name Sandworm.

Read full article

Comments

© Getty Images

A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.

The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.

A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.

The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.

Another day, another trove of login credentials in plain text found online.

According to authorities, both suspects were in the United States unlawfully.

Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors.

The post Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks appeared first on Security Boulevard.

When ransomware cripples a business’s systems or stealthy malware slips past defenses, the first instinct is to get everything back online as quickly as possible. That urgency is understandable — Cybersecurity Ventures estimates ransomware damage costs $156 million per day. But businesses cannot let speed overshadow the more pressing need to understand exactly what happened,..

The post From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience appeared first on Security Boulevard.

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions […]

The post Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practical Trading Core Secret Book”), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users’ trust […]

The post Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Unlike traditional attacks that rely on exploits, this succeeds through social engineering combined with abuse of Windows' own security architecture.

The post Hackers Disable Windows Security With New Malware Attack appeared first on TechRepublic.

Unlike traditional attacks that rely on exploits, this succeeds through social engineering combined with abuse of Windows' own security architecture.

The post Hackers Disable Windows Security With New Malware Attack appeared first on TechRepublic.

That LinkedIn message pretending to be job offer could just be malwre.