Cybercrime/malcode – Lifeboat News: The Blog

Dec 16
2025

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Researchers report phishing emails in Russia using ISO attachments to deploy Phantom Stealer against finance and related sectors.

Dec 16
2025

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Cybersecurity, ransomware, malware, encryption, cybercrime, linux, windows, telegram, data recovery

Dec 16
2025

Kali Linux 2025.4 released with 3 new tools, desktop updates

Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support.

Kali Linux is a distribution designed for cybersecurity professionals and ethical hackers to perform red-teaming, penetration testing, security assessments, and network research.

The distribution is available as an installable operating system or a live environment and supports a wide range of hardware, including Raspberry Pi devices and compatible Android phones through Kali NetHunter.

Dec 13
2025

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular RAT.

Dec 13
2025

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Researchers detail new AI and phishing kits that steal credentials, bypass MFA, and scale attacks across major services.

Dec 12
2025

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Researchers detail NANOREMOTE, a Windows backdoor using Google Drive API for covert control and data theft.

Dec 11
2025

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

WIRTE expands AshTag espionage operations, using phishing & DLL sideloading to target Middle East govts with persistent intelligence-gathering attacks

Dec 11
2025

Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far.

“Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution,” security researcher Bryan Masters said.

The use of hard-coded cryptographic keys could allow threat actors to decrypt or forge access tickets, enabling them to access sensitive files like web.config that can be exploited to achieve ViewState deserialization and remote code execution, the cybersecurity company added.

Dec 10
2025

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

North Korea-linked attackers exploit CVE-2025–55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage persistence.

Dec 10
2025

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

GrayBravo drives four CastleLoader threat clusters using phishing, malvertising, and Booking-themed lures across multiple sectors.