Malware | Breaking Cybersecurity News | The Hacker News

Gone are the days of mass phishing campaigns. Today's attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams—exploiting human vulnerabilities with precision. The Zscaler ThreatLabz 2025 Phishing Report dives deep into the rapidly evolving phishing landscape and uncovers the latest trends, including top phishing targets, real-world examples of AI-driven phishing attacks, and actionable best practices to defend against the next wave of AI-powered phishing threats. Key findings on phishing attacks The ThreatLabz research team analyzed over 2 billion blocked phishing transactions captured across the Zscaler Zero Trust Exchange™ cloud security platform from January 2024 to December 2024 and uncovered several key findings: Phishing is down but is more tar...

While emerging risks like AI-generated malware capture headlines, the reality of today's threat landscape is more straightforward. Most modern attacks, including ransomware, are backed by manual hacking operations. Attackers carefully navigate systems, using a "Living Off the Land" (LOTL) approach, to exploit legitimate system utilities. To figure out exactly how common these LOTL binaries are, we analyzed 700,000 security incidents from our Bitdefender GravityZone platform along with telemetry data (legitimate usage) from the last 90 days. Security incidents were not simple alerts, but correlated events, and we analyzed the whole chain of commands to identify how frequently attackers are using LOTL binaries. The result? 84% of major attacks (incidents with high severity) involved the use of LOTL binaries. For validation, we also examined our MDR data and found a consistent trend: 85% of incidents involved LOTL techniques. While this was our internal research to suppor...

In today's digital landscape, where cyber threats are becoming increasingly sophisticated and pervasive, organizations must take a hard look at their traditional security models. For over three decades, firewalls and VPNs have been the backbone of network security. However, as the threat landscape evolves, it's clear that these legacy systems are no longer sufficient. Enter the Zero Trust model, exemplified by innovative solutions like Zscaler, which could revolutionize the way your organization approaches cybersecurity. Understanding the Risks Public IP Addresses as Attack Surfaces One of the critical vulnerabilities inherent in traditional security models is the reliance on public IP addresses. These addresses serve as direct attack surfaces for malicious actors. Just as having your phone number in a public directory makes you susceptible to unwanted calls, exposing public IPs makes organizations vulnerable to cyberattacks. Attackers can easily discover these IPs, allowing th...

Many moons ago, when the World Wide Web was young and the nerd in me was strong, I remember building a PC and setting it up as a web server. In those exciting, pioneering days, it was quite something to be able to have my very own IP address on the internet and serve my own web pages directly from my Apache server to the world. Great fun. I also remember looking at the server logs in horror as I scrolled through pages upon pages of failed login, and presumably hacking, attempts. I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an unpatched piece of software for a breach to occur, and from there, all bets would have been off. Even today, many internet service providers will let you provision your own server, should you feel brave enough. Of course, the stakes were not high for me at home, but knowing what we know now about the growth of ransomware attacks and how AI is facilitating them, no organization would da...

CTM360 has recently observed a sophisticated global scam campaign where victims are lured through fraudulent Google Play Store download pages. CTM360, a leading cybersecurity company for Digital Risk Protection, has identified over 6,000 instances of these fake pages, tricking users into downloading malicious apps. Once installed, the apps disguise themselves as legitimate software to deploy PlayPraetor (a malware named after the authoritative Roman praetor). It seizes control of infected devices to steal banking credentials, log keystrokes, and monitor clipboard activity. The operation's global reach and complexity highlight a highly coordinated effort to compromise users' data for malicious purposes. How the Scam Works Threat actors behind PlayPraetor execute a well-crafted deception strategy: Fake Play Store Pages – Cybercriminals create highly realistic clones of Google Play Store and other trusted sources to distribute Trojanized APKs. Malicious APKs Disguised as L...

So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video ...