ransomware | Breaking Cybersecurity News | The Hacker News

Most businesses don't make it past their fifth birthday - studies show that  roughly 50% of small businesses fail within the first five years. So when  KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks across the UK. But in June 2025, one easily guessed password brought down the company in a matter of days. The Northamptonshire-based firm  fell victim to the Akira ransomware group after hackers gained access by guessing an employee's weak password. Attackers didn't need a sophisticated phishing campaign or a zero-day exploit - all they needed was a password so simple that cybercriminals could guess it correctly. When basic security fails, everything falls No matter what advanced security mechanisms your organization has in place, everything falls if basic security measures fail. In ...

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus . "The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks," Zscaler ThreatLabz said in a Tuesday report. "YiBackdoor is able to execute arbitrary commands, collect system information, capture screenshots, and deploy plugins that dynamically expand the malware's functionality." The cybersecurity company said it first identified the malware in June 2025, adding it may be serving as a precursor to follow-on exploitation, such as facilitating initial access for ransomware attacks. Only limited deployments of YiBackdoor have been detected to date, indicating it's currently either under development or being tested. Given the similarities between YiBackdoor, IcedID, and Latrodectus, it's b...

The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow's breach. This week's recap explores the trends driving that constant churn: how threat actors reuse proven tactics in unexpected ways, how emerging technologies widen the attack surface, and what defenders can learn before the next pivot. Read on to see not just what happened, but what it means—so you can stay ahead instead of scrambling to catch up. ⚡ Threat of the Week Google Patches Actively Exploited Chrome 0-Day — Google released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability, CVE-2025-10585, has been described as a type confusion issue in the V8 JavaScript ...

Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab Threat Intelligence researcher Oliver Smith said in a report published last week. First exposed by Palo Alto Networks in late 2023, BeaverTail and InvisibleFerret have been deployed by North Korean operatives as part of a long-running campaign dubbed Contagious Interview (aka Gwisin Gang), wherein the malware is distributed to software developers under the pretext of a job assessment. Assessed to be a subset of the umbrella group Lazarus , the cluster has been active since at least December 2022. Over the years, BeaverTail has also been propagated via bogus npm packages and f...

Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference. In a report examining the malicious use of LLMs, the cybersecurity company said AI models are being increasingly used by threat actors for operational support, as well as for embedding them into their tools – an emerging category called LLM-embedded malware that's exemplified by the appearance of LAMEHUG (aka PROMPTSTEAL) and PromptLock . This includes the discovery of a previously reported Windows executable called MalTerminal that uses OpenAI GPT-4 to dynamically generate ransomware code or a reverse shell. There is no evidence to suggest it was ever deployed in the wild, raising the possibility that it could also be a proof-of-concept malware or red team tool. ...