Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 2

NordVPN denies breach claims, says attackers have “dummy data”

NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained “dummy data” from a trial account on a third-party automated testing platform.

The company’s statement comes after a threat actor (using the 1,011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing sensitive information like Salesforce API keys and Jira tokens, following a brute-force attack against a NordVPN development server.

“Today i am leaking +10 DB’s source codes from a nordvpn development server. This information was acquired by bruteforcing a misconfigured server of Nordypn, which has salesforce and jira information stored. Compromissed information: SalesForce api keys, jira tokens and more,” the threat actor said.

ClickFix attack uses fake Windows BSOD screens to push malware

A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.

A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to halt.

In a new campaign first spotted in December and tracked by researchers at Securonix as “PHALT#BLYX,” phishing emails impersonating Booking.com led to a ClickFix social engineering attack that deployed malware.

Palo Alto Networks’ top exec calls AI Agents 2026’s biggest insider threat that an ‘impressed’ Salesforce CEO said may rename the company after

The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.

“The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document and embedded with full PDF content to evade user suspicion,” CYFIRMA said in a technical report.

Transparent Tribe, also called APT36, is a hacking group that’s known for mounting cyber espionage campaigns against Indian organizations. Assessed to be of Indian origin, the state-sponsored adversary has been active since at least 2013.

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

In response to the findings, Google has blocked the phishing efforts that abuse the email notification feature within Google Cloud Application Integration, adding that it’s taking more steps to prevent further misuse.

Check Point’s analysis has revealed that the campaign has primarily targeted manufacturing, technology, financial, professional services, and retail sectors, although other industry verticals, including media, education, healthcare, energy, government, travel, and transportation, have been singled out.

“These sectors commonly rely on automated notifications, shared documents, and permission-based workflows, making Google-branded alerts especially convincing,” it added. “This campaign highlights how attackers can misuse legitimate cloud automation and workflow features to distribute phishing at scale without traditional spoofing.”

The biggest cybersecurity and cyberattack stories of 2025

2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents.

Some stories, though, were more impactful or popular with our readers than others.

Below are fifteen of what BleepingComputer believes are the most impactful cybersecurity topics of 2025, with a summary of each. These stories are in no particular order.

New GlassWorm malware wave targets Macs with trojanized crypto wallets

A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications.

Extensions in the OpenVSX registry and the Microsoft Visual Studio Marketplace expand the capabilities of a VS Code-compatible editor by adding features and productivity enhancements in the form of development tools, language support, or themes.

The Microsoft marketplace is the official extension store for Visual Studio Code, whereas OpenVSX serves as an open, vendor-neutral alternative, primarily used by editors that do not support or choose not to rely on Microsoft’s proprietary marketplace.

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.

The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years.

ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster.

/* */