Npav Lab

A new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems.

The latest variant of DarkCloud Stealer uses AutoIt scripting and advanced evasion techniques to target financial, healthcare, and e-commerce sectors. With over 120,000 accounts compromised since March 2025, this malware showcases a dangerous blend of legacy scripting abuse and stealthy credential theft.

Cybercriminals have devised an alarming new tactic by hiding malware in Google Calendar invites using invisible Unicode characters. This stealthy technique enables the delivery of malicious payloads through trusted platforms—bypassing traditional security mechanisms with a single deceptive character.

Marks & Spencer (M&S), one of the UK’s most trusted retail brands, has confirmed a significant cybersecurity breach following a ransomware attack that has disrupted its operations since Easter weekend. The attack, attributed to the DragonForce ransomware group, resulted in the theft of personal information belonging to millions of customers and has caused widespread outages across its digital infrastructure.

Cybercriminals are now leveraging steganography to hide ransomware in ordinary JPG image files, deploying Fully Undetectable (FUD) malware that bypasses traditional security solutions. These advanced tactics exploit metadata and pixel data to deliver multi-stage attacks — silently and effectively.

Ascension, one of the largest private healthcare providers in the U.S., has confirmed a significant data breach affecting 437,329 patients, linked to a former business partner’s software vulnerability. This marks yet another serious blow to the healthcare sector’s cybersecurity posture, coming less than a year after Ascension's systems were crippled by ransomware.

As tensions escalate in the wake of the Pahalgam attack, India’s digital frontline is now under coordinated cyber assault. The government’s Computer Emergency Response Team (CERT-In) has issued urgent advisories, calling for heightened vigilance across banks, strategic sectors, and private enterprises. The increased threat environment has prompted a nationwide effort—public and private—to fortify cyber defenses under Operation Sindoor.

A deeply embedded backdoor in Magento extensions has surfaced after six years, affecting 500 to 1,000 e-commerce websites—including a $40 billion multinational. The long-dormant malware has now been activated, compromising sensitive customer data in a widespread supply chain attack.

In a chilling example of cyber exploitation, threat actors are leveraging the tragic Pahalgam attack to deceive Indian government personnel into opening malicious documents. These phishing campaigns aim to install Remote Access Trojans (RATs) and extract sensitive intelligence data from highly sensitive departments.

A new wave of subscription-based scams is flooding the internet, using fake online stores, deceptive pricing, and social media ads to steal users’ credit card details and charge them repeatedly — all under the guise of “exclusive memberships.”