Scientific Reports volume 15, Article number: 13,051 (2025) Cite this article.
Get the latest international news and world events from around the world.
Chrome and Yandex zero-days exploited to deploy Trinper backdoor via phishing; Russian entities targeted.
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals.
The new feature takes the form of a “Call Lawyer” feature on the affiliate panel, per Israeli cybersecurity company Cybereason.
The development represents a newfound resurgence of the e-crime group as once-popular ransomware groups like LockBit, Black Cat, RansomHub, Everest, and BlackLock have suffered abrupt cessations, operational failures, and defacements. The group, also tracked as Gold Feather and Water Galura, has been active since October 2022.
Cybersecurity firm Radware said nearly 40% of all hacktivist DDoS activity has been directed against Israel since the onset of the latest flare-up. On June 17, the hacktivist group DieNet warned it would launch cyber-attacks at the United States should it join the conflict against Iran.
The message has since been amplified by other groups like Arabian Ghosts, Sylhet Gang, and Team Fearless, suggesting that these entities are forming a potential collaboration in cyberspace as battle rages on the ground.
“Companies are urged to take maximum vigilance. The warning signs are clear. Critical infrastructure, supply chains, and even global businesses could become collateral targets if the cyber crossfire intensifies,” said Pascal Geenens, director of threat intelligence at Radware.
“Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Cloudflare’s Omer Yoachimik said. “The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds.”
Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024.
Then in April 2025, Cloudflare revealed it defended against a massive 6.5 Tbps flood that likely emanated from Eleven11bot, a botnet comprising roughly 30,000 webcams and video recorders. The hyper-volumetric attack lasted about 49 seconds.
A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious Python tools.
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.
“Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT said in a report shared with The Hacker News.
AntiDot is advertised as a “three-in-one” solution with capabilities to record the device screen by abusing Android’s accessibility services, intercept SMS messages, and extract sensitive data from third-party applications.
Linux systems face critical local privilege escalation threats via CVE-2025–6018/6019 flaws—users must patch now.
Meta is bringing passkey support to Facebook, Messenger, and Meta Pay, aiming to boost mobile login security
The campaign is suspected to be the work of a Russian-speaking threat actor owing to the presence of several artifacts written in the Russian language and the timezone of the attacker’s commits (UTC+03:00). It’s estimated that more than 1,500 devices may have fallen prey to the scheme.
“This case highlights how popular gaming communities can be exploited as effective vectors for malware distribution, emphasizing the importance of caution when downloading third-party content,” the researchers said.
“The Stargazers Ghost Network has been actively distributing this malware, targeting Minecraft players seeking mods to enhance their gameplay. What appeared to be harmless downloads were, in fact, Java-based loaders that deployed two additional stealers, capable of exfiltrating credentials and other sensitive data.”