Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-15 02:00 PST
- Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
The Hacker News • 2025-12-15 01:24 • thehackernews.com
Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images.
The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll
https://thehackernews.com/2025/12/phantom-stealer-spread-by-iso-phishing.html - Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations
Sophos Threat Research • 2025-12-15 01:12 • news.sophos.com
Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations
https://news.sophos.com/en-us/2025/12/15/game-of-clones-sophos-and-the-mitre-attck-enterprise-2025-evaluations/ - Microsoft: December security updates cause Message Queuing failures
BleepingComputer • 2025-12-15 01:04 • www.bleepingcomputer.com
Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-security-updates-cause-message-queuing-failures/ - Frogblight threatens you with a court case: a new Android banker targets Turkish users
Securelist • 2025-12-14 23:00 • securelist.com
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
https://securelist.com/frogblight-banker/118440/ - VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
The Hacker News • 2025-12-14 21:33 • thehackernews.com
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee.
According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows
https://thehackernews.com/2025/12/volklocker-ransomware-exposed-by-hard.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
