news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Data Encrypted For Impact
- Handala
- Asia
- Israel
- Business Services
- Middle East
- Shelter Locations In Israel
- Retail
- Cyber Fattah Team
- Saudi Games
- Saudi Arabia
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Government
- Kibbutz Almog
- Saban Brands Israel
- Manufacturing
- Mprest
- Digitalghost
- The Knesset
- Evil_Byte
- Nobitex
- Gonjeshke Darande
- exclusive
- South-Eastern Asia
- Chemicals And Allied Products
- Indonesia
- Sentap
- Kimia Farma
- Sweden
- Hensi
- Transportation
- Scania
- Northern Europe
- Europe
- Media
- Tbn Israel
- Weizmann Institute Of Science
- Education
- Resistancetrench
- Israeli Air Force
- Israel Antiquities Authority
- Dienet
- Mirai
- Cve-2025-24016
- CVE-2025-24016
- Wazuh
- United States
- North America
- Technology
- Clayoxtymus1337
- Epsilor Electric Fuel
- Southern Asia
- India
- Advanced Weapons And Equipment India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Critical Infrastructures
- Zoldyck
- United Kingdom
- Edf Energy
- Credentials In Files
- Spectrum
- Match Legitimate Name Or Location
- Disable Or Modify Tools
- Telecommunications
- Amos
- Unix Shell
- Sudo And Sudo Caching
- Spearphishing Link
- Ingress Tool Transfer
- Israel Defense Forces
- Food And Kindred Products
- Ghna
- Coca-Cola Europacific Partners
- Italy
- Locauto
- Southern Europe
- Automotive
- Whitecoat
- Mercadona
- Spain
- Wow Health Solutions
- Ups
- Healthcare
- Cyprus Airways
- Rip_Real_World
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Cyberlock
- Unc6032
- Numero
- Lucky_Gh0$T
- Chaos
- Yashma
- 303
- Deloitte
- Gucci
- Input Capture
- Phishing
- Obfuscated Files Or Information
- Drive-By Compromise
- Credentials From Password Stores
- Exfiltration Over C2 Channel
- File And Directory Discovery
- Command And Scripting Interpreter
- Eddiestealer
- Data From Local System
- Credentials From Web Browsers
- Windows Credential Manager
- Password Managers
- User Execution
- Screen Capture
- System Information Discovery
- Virtualization/Sandbox Evasion
- W_Tchdogs
- Australia And New Zealand
- Australia
- Superloop
- Docker
- Deploy Container
- Lateral Tool Transfer
- Network Service Discovery
- Smb/Windows Admin Shares
- Exploit Public-Facing Application
- Escape To Host
- Resource Hijacking
- Remote System Discovery
- Exploitation For Client Execution
- Web Protocols
- External Remote Services
- Change Default File Association
- Romania
- Financial Theft
- Venom Rat
- Eastern Europe
- Cameleon
- Bitdefender
- Eastern Asia
- Cisco
- Macao Special Administrative Region
- Vicioustrap
- Cve-2023-20118
- CVE-2023-20118
- Cve-2025-0944
- Uat-6382
- Tetraloader
- CVE-2025-0944
- Trimble
- Rundll32
- Dynamic-Link Library Injection
- China
- Scheduled Task
- Valleyrat
- File Deletion
- Regsvr32
- Malicious File
- Silver Fox
- Reflective Code Loading
- Masquerade Task Or Service
- Process Discovery
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Powershell
- Bumblebee
- Qakbot
- Warmcookie
- Trickbot
- Danabot
- Cetus
- Purehvnc
- Bytebreaker
- Mexico
- Telcel
- Viralgod
- Latin America And The Caribbean
- Peter Green Chilled
- Cellcom
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.
-
May 26, 2025
New Malware Campaign Targets Chinese-Speaking Users with Winos 4.0
Cybersecurity researchers have uncovered a malware campaign that employs fake software installers disguised as popular applications like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. First identified by Rapid7 in February 2025, the campaign utilizes a sophisticated multi-stage loader called Catena, which operates entirely in memory to evade traditional antivirus detection. The malware, attributed to a threat actor known as Silver Fox, specifically targets Chinese-speaking environments and has been active throughout 2025, adapting its tactics to maintain persistence and avoid detection. The campaign leverages trojanized NSIS installers and is characterized by its careful planning and execution.