04 Apr, 2025

New VanHelsing ransomware targets Windows, ARM, ESXi systems

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. VanHelsing was first promoted on underground cybercrime platforms on March 7, offering experienced affiliates a free pass to join while mandating a deposit of $5,000 from less experienced threat actors. The new ransomware operation was first documented […]

3 mins read

Cyberattack takes down Ukrainian state railway’s online services

Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. The incident forced people to booths to buy physical tickets, causing overcrowding, delays, long waiting times, and frustration. With trains being the only reliable and relatively safe means for people […]

2 mins read

DrayTek routers worldwide go into reboot loops over weekend

Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. Those affected by this incident reported seeing routers across multiple series models intermittently losing connectivity and entering boot loops. Impacted ISPs (including Gamma, Zen Internet, ICUK, and A&A in the United Kingdom and elsewhere) confirmed these reports and […]

3 mins read

Chinese Weaver Ant hackers spied on telco network for 4 years

A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  Researchers investigating the intrusion found multiple variants of the China Chopper backdoor and a previously undocumented custom web-shell called ‘INMemory’ that executes payloads […]

4 mins read

Police arrests 300 suspects linked to African cybercrime rings

African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. Between November 2024 and February 2025, authorities seized 1,842 devices allegedly used in mobile banking, investment, and messaging app scams linked to over 5,000 victims. “Ahead of the operation, countries exchanged criminal intelligence on key targets. This […]

2 mins read

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025-29927, enables attackers to send requests that reach destination paths without going through critical security checks. Next.js is a popular React framework with more than 9 million weekly downloads on npm. It is used for […]

2 mins read

Google Gemini’s Astra (screen sharing) rolls out on Android for some users

At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed “Project Astra”. At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. According to a video shared by a Reddit user who owns a Xiaomi phone with a […]

1 min read

FBI warnings are true—fake file converters do push malware

The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims’ devices. The warning came last week from the FBI Denver field office, after receiving an increasing number of reports about these types of tools. “The FBI Denver Field Office is […]

4 mins read

Cloudflare now blocks all unencrypted traffic to its API endpoints

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. The move prevents unencrypted API requests from being sent, even accidentally, to eliminate the risk of sensitive information being exposed in cleartext traffic before the server closes the HTTP conection and redirects to a secure communication channel. […]

2 mins read

Microsoft Trust Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned […]

5 mins read