news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Business Services
- Jobinfo
- Israel
- Asia
- Data Encrypted For Impact
- Handala
- Middle East
- Shelter Locations In Israel
- Saudi Games
- Cyber Fattah Team
- Retail
- Saudi Arabia
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Government
- Kibbutz Almog
- Manufacturing
- Saban Brands Israel
- Digitalghost
- Mprest
- Evil_Byte
- The Knesset
- Nobitex
- Gonjeshke Darande
- Indonesia
- exclusive
- Sentap
- Chemicals And Allied Products
- South-Eastern Asia
- Kimia Farma
- Sweden
- Hensi
- Transportation
- Scania
- Europe
- Northern Europe
- Media
- Tbn Israel
- Education
- Weizmann Institute Of Science
- Resistancetrench
- Israeli Air Force
- Israel Antiquities Authority
- Dienet
- North America
- United States
- CVE-2025-24016
- Wazuh
- Mirai
- Cve-2025-24016
- Technology
- Epsilor Electric Fuel
- Clayoxtymus1337
- Advanced Weapons And Equipment India
- Southern Asia
- India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Critical Infrastructures
- Zoldyck
- Edf Energy
- United Kingdom
- Spearphishing Link
- Match Legitimate Name Or Location
- Ingress Tool Transfer
- Disable Or Modify Tools
- Telecommunications
- Sudo And Sudo Caching
- Credentials In Files
- Unix Shell
- Spectrum
- Amos
- Israel Defense Forces
- Food And Kindred Products
- Ghna
- Coca-Cola Europacific Partners
- Italy
- Locauto
- Southern Europe
- Automotive
- Mercadona
- Spain
- Whitecoat
- Wow Health Solutions
- Ups
- Healthcare
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Unc6032
- Lucky_Gh0$T
- Numero
- Chaos
- Yashma
- Cyberlock
- 303
- Deloitte
- Gucci
- Eddiestealer
- File And Directory Discovery
- Command And Scripting Interpreter
- Credentials From Password Stores
- System Information Discovery
- Screen Capture
- Password Managers
- Phishing
- Virtualization/Sandbox Evasion
- User Execution
- Input Capture
- Credentials From Web Browsers
- Data From Local System
- Obfuscated Files Or Information
- Windows Credential Manager
- Exfiltration Over C2 Channel
- Drive-By Compromise
- W_Tchdogs
- Superloop
- Australia And New Zealand
- Australia
- Network Service Discovery
- Lateral Tool Transfer
- Docker
- Web Protocols
- Change Default File Association
- Smb/Windows Admin Shares
- Escape To Host
- Exploitation For Client Execution
- Deploy Container
- Resource Hijacking
- External Remote Services
- Exploit Public-Facing Application
- Remote System Discovery
- Financial Theft
- Eastern Europe
- Cameleon
- Romania
- Venom Rat
- Bitdefender
- Eastern Asia
- Cisco
- Vicioustrap
- Cve-2023-20118
- Macao Special Administrative Region
- CVE-2023-20118
- CVE-2025-0944
- Cve-2025-0944
- Trimble
- Tetraloader
- Uat-6382
- Reflective Code Loading
- Valleyrat
- Rundll32
- Regsvr32
- China
- Scheduled Task
- Dynamic-Link Library Injection
- Powershell
- Silver Fox
- Masquerade Task Or Service
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- File Deletion
- Malicious File
- Process Discovery
- Danabot
- Trickbot
- Bumblebee
- Qakbot
- Warmcookie
- Cetus
- Purehvnc
- Bytebreaker
- Telcel
- Latin America And The Caribbean
- Mexico
- Viralgod
- Peter Green Chilled
- Cellcom
-
Jun 01, 2025
EDDIESTEALER: New Rust-Based Infostealer Spreads via Fake CAPTCHA Campaigns
"EDDIESTEALER," a sophisticated Rust-based infostealer distributed through fake CAPTCHA verification pages designed to trick users into executing a malicious PowerShell script. Once deployed, the malware targets and exfiltrates sensitive data such as credentials, browser information, and cryptocurrency wallet contents. Communicating with a command and control server, "EDDIESTEALER" uses advanced evasion techniques including string and API obfuscation. It specifically focuses on compromising crypto wallets, browsers, password managers, FTP clients, and messaging apps. Its use of the Rust programming language highlights a growing trend among cybercriminals favoring stealth and resistance to traditional detection methods.
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.