Category: DarkNet

A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. Klopatra is described as a powerful trojan that can monitor the screen in real time, capture input, simulate gesture navigation, and features a hidden Virtual Network Computing (VNC) mode. Researchers at

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. The new tool was spotted by Varonis researchers, who told BleepingComputer that MatrixPDF was first spotted on a cybercrime forum. The seller also

Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. Cybersecurity correspondent Joe Tidy revealed in a story on the BBC that the hackers wanted to use his laptop to breach the British public-service broadcaster’s network and then ask for a

Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns. 

Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday. According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague. BleepingComputer has contacted Europol to confirm the reports, and a

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. Edge enables developers to install extensions locally (also known as sideloading) for testing purposes before publishing them to the Microsoft Edge Add-ons store by toggling the “Developer Mode” option on the Extensions management

Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company’s firewall software. The first one (CVE-2025-20333) allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software, while the second (CVE-2025-20362) enables remote attackers

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. Tracked as CVE-2025-20352, the flaw is due to a stack-based buffer overflow weakness found in the Simple Network Management Protocol (SNMP) subsystem of vulnerable IOS and IOS XE software, impacting

Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). DDoS attacks typically exhaust either system or network resources, aiming to make services slow or unavailable to legitimate users. Record-breaking DDoS attacks are becoming more frequent, as just three weeks ago

A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. The technique eliminates the need of a vulnerable driver and puts security agents like endpoint detection and response (EDR) tools into a state of hibernation. By using the WER framework together