Cyber Attack

A dangerous phishing campaign is targeting job seekers in the Web3 and cryptocurrency industry. Attackers are using fake job listings and fraudulent interview invites to trick victims into downloading a malicious video meeting app called GrassCall. Once installed, the malware steals login credentials, authentication data, and cryptocurrency wallets.

A new phishing attack is targeting Amazon Prime users, tricking them with fake renewal notifications to steal login credentials, personal details, and payment information. Discovered by the Cofense Phishing Defense Center on February 18, 2025, this attack uses advanced social engineering techniques and multiple layers of deception.

A new cyberattack campaign is tricking users into downloading malware through fake browser update alerts. Hackers from the SmartApeSG group are targeting compromised websites to distribute NetSupport RAT and StealC malware, which can steal sensitive data and give attackers remote access to your system.

The Kaveri 2.0 portal, used for property registrations in Karnataka, faced a major DDoS cyberattack in December 2024 and January 2025. The attack overwhelmed the system with fake user requests, slowing it down and stopping many property registrations. Authorities later confirmed that the attack was deliberate and registered a case under the IT Act, 2000.

A new ransomware campaign called XELERA is tricking job seekers with fake job offers from the Food Corporation of India (FCI). Victims receive malicious Word documents via email, which install ransomware and steal personal data. The attack also uses Discord bots to control infected computers remotely.

Cybercriminals are creating fake Valentine’s Day-themed websites using words like “love,” “gift,” and “Valentine” to steal personal and financial information. These scams include phishing emails, fake online stores, and romance frauds, tricking people into revealing sensitive data or downloading malware.

Hackers are using fake virus warnings to scare mobile users into downloading malicious antivirus apps. These scareware attacks create a false sense of urgency, tricking people into installing apps that can steal data, encrypt files, or cause system damage.

North Korean hacking group Kimsuky is using a custom RDP Wrapper and proxy tools to gain persistent, stealthy access to infected computers. This marks a shift in their tactics, moving away from noisy malware to more covert remote access techniques.

The New York Blood Center Enterprises suffered a ransomware attack on January 26, 2025, forcing it to cancel blood donation drives despite an ongoing blood shortage. The organization is working with cybersecurity experts and law enforcement to restore its systems, but processing times are delayed, and the timeline for full recovery is unknown.

The WantToCry ransomware group is targeting unsecured SMB services, encrypting shared files, and demanding ransom payments. Weak passwords and misconfigured networks allow these attacks to succeed. Organizations must secure their SMB settings to prevent data loss and ransomware infections.