Fortinet researchers have uncovered a new phishing campaign delivering the XWorm remote access trojan (RAT) by chaining a years-old Microsoft Office vulnerability with fileless execution techniques to evade detection. The Attack Chain The campaign uses business-themed phishing emails with malicious Excel add-ins that exploit CVE-2018-0802, a memory corruption flaw in Microsoft Office’s Equation Editor that…
Google has revealed it detected and blocked a sophisticated campaign involving more than 100,000 prompts designed to extract the proprietary reasoning capabilities of its Gemini AI model, according to the Google Threat Intelligence Group’s latest quarterly threat report. The Growing Threat of Model Extraction The coordinated attack represents what security researchers call model extraction or…
Threat actors are actively exploiting a critical remote code execution vulnerability in the popular @react-native-community/cli npm package, impacting countless mobile application developers worldwide. The Vulnerability: CVE-2025-11953 Dubbed Metro4Shell, this critical vulnerability (CVSS 9.8) affects the Metro Development Server bundled with the React Native CLI. The flaw allows remote unauthenticated attackers to execute arbitrary operating system…
Researchers at browser security platform LayerX have uncovered a coordinated malware campaign dubbed “AiFrame” involving 30 malicious Chrome extensions installed by more than 300,000 users. The extensions masquerade as AI assistants while secretly stealing credentials, email content, and browsing information. Campaign Overview All analyzed extensions share the same internal structure, JavaScript logic, permissions, and communicate…
A new phishing campaign leveraging the infamous Phorpiex botnet has been observed distributing Global Group ransomware through weaponized Windows shortcut (.LNK) files, according to a new advisory from Forcepoint X-Labs. The Attack Chain The campaign uses phishing emails with the subject line “Your Document” — a lure that has remained effective throughout 2024 and 2025….
A sophisticated attack campaign is exploiting user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), representing a dangerous evolution in social engineering tactics that combines legitimate AI chatbot services with paid Google advertising. According to research from Flare, threat actors are creating shareable AI chat links on ChatGPT and Grok containing…
FortiGuard Labs has uncovered a sophisticated phishing campaign delivering XWorm version 7.2, a multi-functional Remote Access Trojan (RAT) that provides attackers with full remote control of compromised Windows systems. Campaign Overview The campaign utilizes multiple phishing email themes written in various languages to maximize its reach. Emails are disguised as: Payment detail requests requiring recipient…
Google Threat Intelligence Group (GTIG) has published a comprehensive report revealing persistent cyber operations targeting the defense industrial base (DIB) from Russia and China-linked threat actors. The findings detail how state-sponsored hackers are exploiting everything from battlefield messaging apps to edge network devices to compromise defense contractors, military personnel, and the broader supply chain. Key…
A threat actor has leaked the complete WormGPT database, exposing over 19,000 users of the notorious cybercrime AI platform along with their email addresses, billing data, and subscription information.
Singapore’s government has officially confirmed that a sophisticated Chinese cyber-espionage group breached all four of the nation’s largest telecommunications providers in a coordinated campaign that exploited zero-day vulnerabilities and deployed advanced persistence mechanisms. The Cyber Security Agency of Singapore (CSA) disclosed that UNC3886, a threat actor tracked by Google’s Mandiant security unit and linked to…
