news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Asia
- Israel
- Data Encrypted For Impact
- Middle East
- Handala
- Business Services
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Cyber Fattah Team
- Saudi Games
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Saban Brands Israel
- Manufacturing
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Gonjeshke Darande
- Nobitex
- Kimia Farma
- Sentap
- exclusive
- Indonesia
- Chemicals And Allied Products
- South-Eastern Asia
- Europe
- Sweden
- Transportation
- Hensi
- Scania
- Northern Europe
- Tbn Israel
- Media
- Education
- Weizmann Institute Of Science
- Israeli Air Force
- Resistancetrench
- Dienet
- Israel Antiquities Authority
- Wazuh
- CVE-2025-24016
- United States
- North America
- Cve-2025-24016
- Mirai
- Epsilor Electric Fuel
- Clayoxtymus1337
- Technology
- India
- Advanced Weapons And Equipment India
- Southern Asia
- Fin6
- More_Eggs
- Cryptocurrency
- Alex Lab
- Edf Energy
- Critical Infrastructures
- United Kingdom
- Zoldyck
- Spearphishing Link
- Ingress Tool Transfer
- Telecommunications
- Spectrum
- Credentials In Files
- Amos
- Unix Shell
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Sudo And Sudo Caching
- Israel Defense Forces
- Ghna
- Food And Kindred Products
- Coca-Cola Europacific Partners
- Southern Europe
- Automotive
- Italy
- Locauto
- Whitecoat
- Mercadona
- Spain
- Healthcare
- Ups
- Wow Health Solutions
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Numero
- Yashma
- Unc6032
- Cyberlock
- Chaos
- Lucky_Gh0$T
- 303
- Deloitte
- Gucci
- Virtualization/Sandbox Evasion
- Input Capture
- Credentials From Web Browsers
- Credentials From Password Stores
- Exfiltration Over C2 Channel
- Data From Local System
- System Information Discovery
- User Execution
- Phishing
- Command And Scripting Interpreter
- Eddiestealer
- Obfuscated Files Or Information
- Drive-By Compromise
- Password Managers
- File And Directory Discovery
- Screen Capture
- Windows Credential Manager
- W_Tchdogs
- Superloop
- Australia And New Zealand
- Australia
- Smb/Windows Admin Shares
- Docker
- Exploitation For Client Execution
- Remote System Discovery
- Lateral Tool Transfer
- Network Service Discovery
- Resource Hijacking
- Change Default File Association
- Deploy Container
- External Remote Services
- Exploit Public-Facing Application
- Web Protocols
- Escape To Host
- Bitdefender
- Venom Rat
- Cameleon
- Financial Theft
- Eastern Europe
- Romania
- Vicioustrap
- Eastern Asia
- Cve-2023-20118
- CVE-2023-20118
- Macao Special Administrative Region
- Cisco
- Cve-2025-0944
- CVE-2025-0944
- Trimble
- Uat-6382
- Tetraloader
- Rundll32
- China
- Dynamic-Link Library Injection
- Regsvr32
- Scheduled Task
- Malicious File
- Masquerade Task Or Service
- Process Discovery
- Valleyrat
- Reflective Code Loading
- File Deletion
- Silver Fox
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Powershell
- Bumblebee
- Qakbot
- Warmcookie
- Trickbot
- Danabot
- Cetus
- Purehvnc
- Bytebreaker
- Telcel
- Mexico
- Latin America And The Caribbean
- Viralgod
- Peter Green Chilled
- Cellcom
-
Jun 03, 2025
Exploiting AI: The Rise of Fake Installers and Ransomware
A new cybersecurity threat involves fake installers for popular AI tools like ChatGPT and InVideo AI, which are being used to distribute various ransomware families, including Cyberlock and Lucky_gh0$t, as well as a destructive malware called Numero. These fake installers are promoted through SEO poisoning and lure users with claims of free access, only to deploy malicious software that encrypts files and demands hefty ransoms. The threat actors behind this campaign are targeting individuals and organizations in the B2B sales and marketing sectors, and their tactics include using legitimate-sounding filenames and exploiting popular AI tools to gain trust. The campaign has been linked to a threat cluster with a Vietnam nexus, indicating a sophisticated and ongoing operation.