Search results for Spider software last update 2022 | Breaking Cybersecurity News | The Hacker News

Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program . The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is concerning not least because it not only undermines a key security mechanism but also allows threat actors to subvert traditional detection methods and infiltrate target networks to perform highly privileged operations. The probe, Redmond stated, was initiated after it was notified of rogue drivers being used in post-exploitation efforts, including deploying ransomware, by cybersecurity firms Mandiant, SentinelOne, and Sophos on October 19, 2022. One notable aspect of these attacks was that the adversary had already obtained administrative privileges on compromised systems before ...

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824 , a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by Microsoft last month. Play , also called Balloonfly and PlayCrypt, is known for its double extortion tactics, wherein sensitive data is exfiltrated prior to encryption in exchange for a ransom. It's active since at least mid-2022. In the activity observed by Symantec, the threat actors are said to have likely leveraged a public-facing Cisco Adaptive Security Appliance (ASA) as an entry point, taking advantage of an as-yet-undetermined method to move to another Windows machine on the target network. The attack is notable for the use of Grixba , a bespoke information stealer previously attr...

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command execution Kali Linux Integrates Claude AI Assistant via MCP Kali Linux, an advanced penetration testing Linux distribution used for ethical hacking and network security assessments, has added an integration with Anthropic's Claude large language model through the Model Context Protocol (MCP) to issue commands in natural language and translate them into technical commands. Belarus-linked Android spyware ResidentBat Infrastructure Analyzed ResidentBat is an Android spyware implant used by Belarusian autho...

Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look can make all the difference. If you're responsible for protecting systems, data, or people—these updates aren’t optional. They’re essential. These stories reveal how attackers think—and where we’re still leaving doors open. ⚡ Threat of the Week Google Releases Patches for Actively Exploited Chrome 0-Day — Google has released Google Chrome versions 137.0.7151.68/.69 for Windows and macOS, and version 137.0.7151.68 for Linux to address a high-severity out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine that it said has been exploited in the wild. Google credited Clement Lecigne and Benoît Sevens of Google T...

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech giant said it disrupted the activity earlier this month after it was detected in late September 2025. In addition to revoking the certificates, its security solutions have been updated to flag the signatures associated with the fake setup files, Oyster backdoor, and Rhysida ransomware. Vanilla Tempest (formerly Storm-0832) is the name given to a financially motivated threat actor also called Vice Society and Vice Spider that's assessed to be active since at least July 2022, delivering various ransomware strains such as BlackCat, Quantum Locker, Zeppelin, and Rhysida over the year...

More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an individual who goes by the handle ExploitWhispers , who claimed that they released the data because the group was targeting Russian banks. The identity of the leaker remains a mystery. Black Basta first came under the spotlight in April 2022, using the now-largely-defunct QakBot (aka QBot) as a delivery vehicle. According to an advisory published by the U.S. government in May 2024, the double extortion crew is estimated to have targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia. Per Elliptic and Corvus Insurance, the prolific r...

This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to know who’s hacking who, how they’re doing it, and what’s being done to fight back? Stick around—this recap has the scoop. ⚡ Threat of the Week Turla Hackers Hijack Pakistan Hackers' Infrastructure — Imagine one hacker group sneaking into another hacker group ’s secret hideout and using their stuff to carry out their own missions. That’s basically what the Russia-linked Turla group has been doing since December 2022. They broke into the servers of a Pakistani hacking team called Storm-0156 and used those servers to spy on government and military targets in Afghanistan and India. By doing th...

Welcome to this week’s Threatsday Bulletin —your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a global enterprise or your own personal data—need to keep moving just as fast. In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach. Firmware fights back SonicWall Releases SMA 100 Firmware Update to Remove Rootkit SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. "S...