Ravie LakshmananJan 16, 2026Malware / Cyber Espionage Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a…
Dec 19, 2025Ravie LakshmananCybercrime / Law Enforcement Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in…
Dec 17, 2025Ravie LakshmananVulnerability / Malware The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown. “While the spring…
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” Blackfog researcher Brenda Robb said in a Thursday report….
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in a report shared with The Hacker News, said it observed…
