news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Asia
- Israel
- Data Encrypted For Impact
- Middle East
- Handala
- Business Services
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Cyber Fattah Team
- Saudi Games
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Saban Brands Israel
- Manufacturing
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Gonjeshke Darande
- Nobitex
- Kimia Farma
- Sentap
- exclusive
- Indonesia
- Chemicals And Allied Products
- South-Eastern Asia
- Europe
- Sweden
- Transportation
- Hensi
- Scania
- Northern Europe
- Tbn Israel
- Media
- Education
- Weizmann Institute Of Science
- Israeli Air Force
- Resistancetrench
- Dienet
- Israel Antiquities Authority
- Wazuh
- CVE-2025-24016
- United States
- North America
- Cve-2025-24016
- Mirai
- Epsilor Electric Fuel
- Clayoxtymus1337
- Technology
- India
- Advanced Weapons And Equipment India
- Southern Asia
- Fin6
- More_Eggs
- Cryptocurrency
- Alex Lab
- Edf Energy
- Critical Infrastructures
- United Kingdom
- Zoldyck
- Spearphishing Link
- Ingress Tool Transfer
- Telecommunications
- Spectrum
- Credentials In Files
- Amos
- Unix Shell
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Sudo And Sudo Caching
- Israel Defense Forces
- Ghna
- Food And Kindred Products
- Coca-Cola Europacific Partners
- Southern Europe
- Automotive
- Italy
- Locauto
- Whitecoat
- Mercadona
- Spain
- Healthcare
- Ups
- Wow Health Solutions
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Numero
- Yashma
- Unc6032
- Cyberlock
- Chaos
- Lucky_Gh0$T
- 303
- Deloitte
- Gucci
- Virtualization/Sandbox Evasion
- Input Capture
- Credentials From Web Browsers
- Credentials From Password Stores
- Exfiltration Over C2 Channel
- Data From Local System
- System Information Discovery
- User Execution
- Phishing
- Command And Scripting Interpreter
- Eddiestealer
- Obfuscated Files Or Information
- Drive-By Compromise
- Password Managers
- File And Directory Discovery
- Screen Capture
- Windows Credential Manager
- W_Tchdogs
- Superloop
- Australia And New Zealand
- Australia
- Smb/Windows Admin Shares
- Docker
- Exploitation For Client Execution
- Remote System Discovery
- Lateral Tool Transfer
- Network Service Discovery
- Resource Hijacking
- Change Default File Association
- Deploy Container
- External Remote Services
- Exploit Public-Facing Application
- Web Protocols
- Escape To Host
- Bitdefender
- Venom Rat
- Cameleon
- Financial Theft
- Eastern Europe
- Romania
- Vicioustrap
- Eastern Asia
- Cve-2023-20118
- CVE-2023-20118
- Macao Special Administrative Region
- Cisco
- Cve-2025-0944
- CVE-2025-0944
- Trimble
- Uat-6382
- Tetraloader
- Rundll32
- China
- Dynamic-Link Library Injection
- Regsvr32
- Scheduled Task
- Malicious File
- Masquerade Task Or Service
- Process Discovery
- Valleyrat
- Reflective Code Loading
- File Deletion
- Silver Fox
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Powershell
- Bumblebee
- Qakbot
- Warmcookie
- Trickbot
- Danabot
- Cetus
- Purehvnc
- Bytebreaker
- Telcel
- Mexico
- Latin America And The Caribbean
- Viralgod
- Peter Green Chilled
- Cellcom
-
Jun 11, 2025
Exploitation of Wazuh Vulnerability by Mirai Botnet Variants
Researchers have reported that threat actors are exploiting a critical vulnerability (CVE-2025-24016) in Wazuh servers to deploy Mirai botnet variants for conducting distributed denial-of-service (DDoS) attacks. This vulnerability allows remote code execution and has been targeted shortly after its public disclosure in February 2025. The attacks involve two different botnets using malicious shell scripts to download Mirai payloads from external servers. The research indicates that the botnets are leveraging various exploits, including those targeting IoT devices, and have been found to particularly focus on devices in regions such as China, India, and several others. The ongoing exploitation of this vulnerability highlights the rapid response of botnet operators to newly published security flaws.
-
Jun 11, 2025
Fin6 Leverages Fake Resumes for Malware Delivery
The financially motivated threat actor Fin6 has been observed using fake resumes hosted on Amazon Web Services (AWS) to deliver the malware family known as More_Eggs. By posing as job seekers on platforms like LinkedIn and Indeed, Fin6 builds rapport with recruiters and sends phishing messages that lead to malware downloads. More_Eggs, developed by another cybercrime group called Golden Chickens, is a JavaScript-based backdoor capable of credential theft and system access. Fin6 has a history of targeting e-commerce sites to steal payment card data and has been operational since 2012.
-
Jun 10, 2025
ALEX Protocol Reports Theft of Over 8 Million Dollars
In June 2025, ALEX Protocol became the victim of a data breach when threat actors exploited a vulnerability in the platform's self-listing verification logic, resulting in losses of approximately $8.37 million. According to ALEX Protocol, around 8.4 million stacks (stx) tokens, 21.85 stacks bitcoin (sbtc), 149,850 in USDC and USDT, and 2.8 wrapped bitcoin (wbtc) were taken, including various cryptocurrencies.
-
Jun 10, 2025
New Clickfix Infostealer Campaign Targets macOS Users
Cybersecurity researchers have identified a new malware campaign that uses social engineering tactics to distribute an information stealer known as Atomic macOS Stealer (AMOS) targeting Apple macOS systems. The campaign employs typosquatting domains that mimic the U.S.-based telecom provider Spectrum, tricking users into executing a malicious shell script that steals system passwords and downloads the AMOS variant. The attack begins on a fake webpage that prompts users to complete a CAPTCHA verification, ultimately leading them to execute harmful commands under the guise of fixing a non-existent issue. The campaign is believed to be orchestrated by Russian-speaking cybercriminals, as indicated by the presence of Russian language comments in the malware's code.
-
Jun 04, 2025
Threat Actor Claims Breach of WoW Health
In June 2025, WoW Health became the victim of a data breach when a threat actor named "ups" managed to gain access to its database. According to the threat actor, approximately 423,650 customers' data was taken, including last names, first names, email addresses, physical addresses, and sensitive healthcare information.
-
Jun 04, 2025
Threat Actor Claims Breach of Cyprus Airways
In June 2025, a threat actor named "Rip_Real_World" claimed to be selling data from Cyprus Airways, including over 45 GB of information. The breach allegedly includes passenger records from 2018 to June 2025, such as names, emails, phone numbers, travel dates, payment amounts, and document details. The actor also claimed to have real-time access to flight systems and data on 12 authorized personnel. The leak comprises 41 GB of passenger data and 2 GB of electronic ticket (ET) data.
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.
-
May 26, 2025
Vicioustrap Threat Actor Compromises Thousands of Network Devices
Cybersecurity researchers have uncovered a threat actor known as Vicioustrap, who has compromised approximately 5,300 network edge devices across 84 countries, primarily in Macau. This actor exploits a critical vulnerability (CVE-2023-20118) in various Cisco routers to redirect traffic to a honeypot-like infrastructure, allowing them to monitor and intercept network flows. The attack chain involves executing a shell script that facilitates adversary-in-the-middle attacks, with indications that the actor may be of Chinese-speaking origin. The ultimate goal of the Vicioustrap operation remains uncertain, although it is believed to be focused on creating a honeypot network.
-
May 26, 2025
Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks
A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.
-
May 25, 2025
Cetus Protocol Suffers $223 Million Breach, Offers Threat Actors Legal Amnesty and $5M Bounty for Leads
Decentralized exchange "Cetus Protocol," operating on the Sui and Aptos blockchains, confirmed a $223 million cryptocurrency theft due to a vulnerable package, with $162 million of the funds paused following emergency measures. The platform, which uses a "Concentrated Liquidity Market Maker" (CLMM) model, temporarily halted operations for investigation and has since identified the threat actors’ Ethereum wallet. "Cetus" offers the threat actor a legal amnesty deal if the funds are returned and has issued a $5 million bounty for information leading to their identification and arrest.
-
May 22, 2025
Malware Campaign Exploiting Kling AI to Target Users
A new malware campaign has been identified that uses counterfeit Facebook pages and sponsored ads to lure users to fake websites impersonating Kling AI, an AI-powered platform. The campaign, first detected in early 2025, tricks victims into downloading a malicious file that installs a remote access trojan (RAT) on their systems, allowing attackers to steal sensitive data. The operation is linked to Vietnamese threat actors, who have been increasingly using social engineering tactics to exploit the popularity of generative AI tools. The campaign highlights the growing trend of sophisticated social media-based attacks targeting unsuspecting users.
-
May 21, 2025
Threat Actor Claims to Have Scraped Hundreds of Millions of Facebook Records
In May 2025, a threat actor named ByteBreaker claimed to have scraped accounts from Facebook. According to the threat actor, hundreds of millions of records belonging to Facebook's users were taken, including various types of data scraped by abusing one of their APIs.
-
May 21, 2025
Cellcom Reports Data Breach Following Outages
In May 2025, mobile carrier Cellcom became the victim of a cyberattack that caused widespread service outages and disruptions across Wisconsin and Upper Michigan. According to Cellcom, while the incident affected voice and SMS services, there is no evidence that personal information, such as names, addresses, or financial data, was compromised during the attack.