Cybersecurity
New gentlemen's raas advertised on underground forums
Lisa Kern Image generated by AI
Threat actor zeta88 is promoting a new ransomware-as-a-service operation called The Gentlemen's RaaS on hacking forums, targeting Windows, Linux, and ESXi systems. The platform offers affiliates 90 percent of ransom payments and features cross-platform encryption tools developed in Go and C. This development highlights the ongoing commercialization of sophisticated ransomware targeting enterprise environments.
Malicious packages overwhelm NPM with over 86,000 downloads
Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.
Gunra ransomware exploits Windows and Linux with encryption vulnerabilities
The Gunra ransomware group, active since April 2025, targets both Windows and Linux systems worldwide through platform-specific malware variants. While the Windows version employs secure encryption, the Linux variant suffers from critical weaknesses that allow brute-force decryption. Organizations in regions like South Korea have reported infections, highlighting the group's expanding operations.
Over 120 million Reputation.com records may have leaked online
October 29, 2025 04:54Surfshark launches email scam checker to fight phishing
October 28, 2025 16:15Report claims fewer firms paying ransomware demands
October 28, 2025 00:38Qilin ransomware uses WSL to run Linux encryptors on Windows
October 27, 2025 09:05Experts warn of OAuth token theft in Microsoft Copilot Studio
October 27, 2025 08:30Millions of attacks exploit old WordPress vulnerabilities
October 25, 2025 21:42Cuba among first signatories of cybercrime convention
October 25, 2025 07:53Millions of UK people reuse one password across accounts
Malicious npm packages steal developer credentials on multiple platforms
Lisa Kern Image generated by AI
Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.
Malicious npm packages deliver infostealer malware to developers
Security firm Socket has uncovered ten malicious packages in the npm repository that target developers on Windows, macOS, and Linux systems. These packages, available since July, use typosquatting and sophisticated obfuscation to install infostealer malware. The malware steals credentials from browsers, SSH keys, and configuration files before exfiltrating data to attackers.
Kali Linux 2025.3 release introduces new tools and updates
The latest version of Kali Linux, 2025.3, has been released with enhancements in wireless capabilities and an infrastructure refresh. It includes ten new tools to support security professionals.
Qilin ransomware deploys Linux binaries against Windows systems
Lisa Kern Image generated by AI
The Qilin ransomware group, also known as Agenda, has developed a hybrid attack using Linux payloads on Windows hosts to evade detection. By abusing legitimate remote management tools and exploiting vulnerable drivers, attackers disable defenses and target backups. This cross-platform tactic highlights evolving ransomware sophistication.
SquareX exposes spoofing vulnerability in AI browsers
Security firm SquareX has revealed a spoofing technique that uses fake AI sidebars to steal passwords without altering browser code. This method bypasses traditional antivirus defenses and threatens browsers like OpenAI's new Atlas. The attack deceives users into thinking they are interacting with legitimate AI assistants.
Qilin ransomware uses WSL to run Linux encryptors on Windows
Cybersecurity researchers have uncovered a tactic by the Qilin ransomware group that exploits Microsoft's Windows Subsystem for Linux (WSL) to execute Linux-based encryption tools on Windows machines. This method allows attackers to bypass many endpoint detection and response (EDR) systems by operating in a Linux sandbox environment that traditional tools often overlook. The technique highlights the growing sophistication of ransomware operations blending operating systems.