VulnHub

Real-time Cybersecurity News

Phorpiex malware delivers global group ransomware via phishing

SCM feed for Latest
Actively Exploited
RansomwarePhishingMalware

Overview

A new phishing campaign linked to the Phorpiex malware is targeting users globally, delivering ransomware through emails with malicious attachments. These emails often use deceptive double extensions, such as Document.doc.lnk, to trick recipients into opening them. Once activated, the malware can spread across networks, potentially locking files and demanding ransom payments from affected organizations. This ongoing threat, active throughout 2024 and 2025, poses significant risks to businesses and individuals alike, as it can lead to the loss of sensitive data and financial resources. Users need to remain vigilant about email attachments and ensure robust security measures are in place to defend against such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Users should avoid opening unexpected email attachments, implement email filtering solutions, and maintain updated antivirus software to help mitigate the risk.
  • Timeline: Ongoing since 2024

Original Article Summary

The campaign, active throughout 2024 and 2025, begins with emails containing attachments disguised as documents, often using double extensions like Document.doc.lnk.

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2024

Remediation

Users should avoid opening unexpected email attachments, implement email filtering solutions, and maintain updated antivirus software to help mitigate the risk.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Phishing, Malware.

Read Original Article

Related Coverage

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

Security Affairs

Bluesky, a decentralized microblogging platform, was hit by a 24-hour Distributed Denial of Service (DDoS) attack that began on April 15. The attack led to significant service disruptions, impacting users who rely on the platform for communication and information sharing. A pro-Iran hacker group has claimed responsibility for this attack, indicating a possible politically motivated cyber incident. DDoS attacks can overwhelm a service with traffic, rendering it unavailable to legitimate users, which raises concerns about the platform's security and its ability to handle such threats in the future. This incident serves as a reminder of the ongoing risks facing online platforms, especially those involved in social discourse.

Apr 21, 2026

Researchers build an encrypted routing layer for private AI inference

Help Net Security

Researchers have developed a new encrypted routing layer that enhances privacy for organizations using large AI models, particularly in sensitive sectors like healthcare and finance. The method employs Secure Multi-Party Computation (MPC), which breaks down data into encrypted fragments and spreads them across multiple servers. This approach allows the servers to process AI queries without ever accessing the original data, ensuring that sensitive information remains confidential. This advancement is significant as it addresses growing concerns over data privacy when utilizing cloud-based AI services. Companies looking to implement AI while safeguarding private information may find this technology particularly beneficial.

Apr 21, 2026

Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned

SCM feed for Latest

The hacking group ShinyHunters claims to have breached nine well-known companies, including Zara, 7-Eleven, and Carnival Corporation. They are threatening to release over 9 million records that contain personal information and internal data unless a ransom is paid by April 21. This situation raises significant concerns for the affected brands as it puts customer data at risk and could lead to identity theft or other malicious activities. The release of such a large volume of sensitive information could also damage the reputation of these companies and erode consumer trust. As the deadline approaches, it remains crucial for these organizations to enhance their security measures and communicate transparently with their customers about the potential breach.

Apr 20, 2026

Tycoon 2FA relinquishes crown to similar PhaaS platforms

SCM feed for Latest

The recent dismantling of the Tycoon 2FA phishing-as-a-service platform has left a significant gap in the cybercrime ecosystem. In a crackdown that took down over 300 active domains associated with Tycoon 2FA, security researchers noted that cybercriminals are now shifting their focus to other similar platforms, namely Mamba 2FA, Sneaky 2FA, and EvilProxy. These alternative services have quickly integrated the tools and techniques that made Tycoon 2FA popular among attackers. This transition underscores the persistent nature of phishing threats, as criminals adapt and find new ways to exploit users. The ongoing evolution of these platforms poses a continuous risk to individuals and organizations, highlighting the need for enhanced security measures against phishing attempts.

Apr 20, 2026

Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved

Hackread – Cybersecurity News, Data Breaches, AI and More

Vercel has confirmed a data breach that is linked to Context.ai, where a hacker is reportedly attempting to sell the stolen data for $2 million. In response to the situation, the hacking group ShinyHunters has publicly denied any involvement and warned that imposters may be falsely claiming to be associated with them. This incident raises concerns about the security of user data at Vercel and highlights the ongoing risks posed by data breaches in the tech industry. Companies like Vercel must take immediate action to investigate the breach and protect their users from potential data exploitation. As the situation develops, it remains crucial for affected users to stay informed about any updates regarding their data security.

Apr 20, 2026

Vercel Employee's AI Tool Access Led to Data Breach

darkreading

A data breach at Vercel was linked to an employee's AI tool that inadvertently exposed sensitive OAuth tokens. These tokens are key for securely accessing APIs and services, and their theft represents a new avenue for cyber attackers, allowing them to move laterally within networks. The incident raises concerns for organizations that rely on OAuth for authentication, as these tokens are crucial for maintaining security. As a result, companies need to reassess their security measures surrounding OAuth token management to prevent similar breaches in the future. This situation serves as a reminder of the vulnerabilities that can arise from integrating AI tools without stringent security protocols.

Apr 20, 2026