news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Asia
- Israel
- Data Encrypted For Impact
- Middle East
- Handala
- Business Services
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Cyber Fattah Team
- Saudi Games
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Saban Brands Israel
- Manufacturing
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Gonjeshke Darande
- Nobitex
- Kimia Farma
- Sentap
- exclusive
- Indonesia
- Chemicals And Allied Products
- South-Eastern Asia
- Europe
- Sweden
- Transportation
- Hensi
- Scania
- Northern Europe
- Tbn Israel
- Media
- Education
- Weizmann Institute Of Science
- Israeli Air Force
- Resistancetrench
- Dienet
- Israel Antiquities Authority
- Wazuh
- CVE-2025-24016
- United States
- North America
- Cve-2025-24016
- Mirai
- Epsilor Electric Fuel
- Clayoxtymus1337
- Technology
- India
- Advanced Weapons And Equipment India
- Southern Asia
- Fin6
- More_Eggs
- Cryptocurrency
- Alex Lab
- Edf Energy
- Critical Infrastructures
- United Kingdom
- Zoldyck
- Spearphishing Link
- Ingress Tool Transfer
- Telecommunications
- Spectrum
- Credentials In Files
- Amos
- Unix Shell
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Sudo And Sudo Caching
- Israel Defense Forces
- Ghna
- Food And Kindred Products
- Coca-Cola Europacific Partners
- Southern Europe
- Automotive
- Italy
- Locauto
- Whitecoat
- Mercadona
- Spain
- Healthcare
- Ups
- Wow Health Solutions
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Numero
- Yashma
- Unc6032
- Cyberlock
- Chaos
- Lucky_Gh0$T
- 303
- Deloitte
- Gucci
- Virtualization/Sandbox Evasion
- Input Capture
- Credentials From Web Browsers
- Credentials From Password Stores
- Exfiltration Over C2 Channel
- Data From Local System
- System Information Discovery
- User Execution
- Phishing
- Command And Scripting Interpreter
- Eddiestealer
- Obfuscated Files Or Information
- Drive-By Compromise
- Password Managers
- File And Directory Discovery
- Screen Capture
- Windows Credential Manager
- W_Tchdogs
- Superloop
- Australia And New Zealand
- Australia
- Smb/Windows Admin Shares
- Docker
- Exploitation For Client Execution
- Remote System Discovery
- Lateral Tool Transfer
- Network Service Discovery
- Resource Hijacking
- Change Default File Association
- Deploy Container
- External Remote Services
- Exploit Public-Facing Application
- Web Protocols
- Escape To Host
- Bitdefender
- Venom Rat
- Cameleon
- Financial Theft
- Eastern Europe
- Romania
- Vicioustrap
- Eastern Asia
- Cve-2023-20118
- CVE-2023-20118
- Macao Special Administrative Region
- Cisco
- Cve-2025-0944
- CVE-2025-0944
- Trimble
- Uat-6382
- Tetraloader
- Rundll32
- China
- Dynamic-Link Library Injection
- Regsvr32
- Scheduled Task
- Malicious File
- Masquerade Task Or Service
- Process Discovery
- Valleyrat
- Reflective Code Loading
- File Deletion
- Silver Fox
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Powershell
- Bumblebee
- Qakbot
- Warmcookie
- Trickbot
- Danabot
- Cetus
- Purehvnc
- Bytebreaker
- Telcel
- Mexico
- Latin America And The Caribbean
- Viralgod
- Peter Green Chilled
- Cellcom
-
May 26, 2025
Vicioustrap Threat Actor Compromises Thousands of Network Devices
Cybersecurity researchers have uncovered a threat actor known as Vicioustrap, who has compromised approximately 5,300 network edge devices across 84 countries, primarily in Macau. This actor exploits a critical vulnerability (CVE-2023-20118) in various Cisco routers to redirect traffic to a honeypot-like infrastructure, allowing them to monitor and intercept network flows. The attack chain involves executing a shell script that facilitates adversary-in-the-middle attacks, with indications that the actor may be of Chinese-speaking origin. The ultimate goal of the Vicioustrap operation remains uncertain, although it is believed to be focused on creating a honeypot network.
-
May 26, 2025
New Malware Campaign Targets Chinese-Speaking Users with Winos 4.0
Cybersecurity researchers have uncovered a malware campaign that employs fake software installers disguised as popular applications like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. First identified by Rapid7 in February 2025, the campaign utilizes a sophisticated multi-stage loader called Catena, which operates entirely in memory to evade traditional antivirus detection. The malware, attributed to a threat actor known as Silver Fox, specifically targets Chinese-speaking environments and has been active throughout 2025, adapting its tactics to maintain persistence and avoid detection. The campaign leverages trojanized NSIS installers and is characterized by its careful planning and execution.