Infoblox links Vane Viper to PropellerAds, exposing a global malvertising network posing as adtech while spreading malware and running online scams.

Cybersecurity firm Infoblox says it has discovered “Vane Viper,” a massive online ad network that posed as a legitimate business while running global scams and spreading malware.

Linked to **previously reported** PropellerAds and its parent company AdTech Holding, the operation has been active for nearly a decade and is now being called one of the largest malvertising scams seen to date.

Infoblox Threat Intel tracked Vane Viper for more than three years and found that domains linked to the operation appeared in about half of its customer networks. Some of those domains ranked among the world’s top 10,000 websites, with one tracking domain even breaking into the top 1,000.

According to Infoblox’s investigation shared with Hackread.com, PropellerAds was not simply a victim of abuse by bad actors but was actively delivering malware itself. During testing, Infoblox researchers followed links from Vane Viper’s traffic distribution system and received direct malware payloads from PropellerAds. That evidence, Infoblox argues, proves complicity rather than negligence.

> _“Although PropellerAds has been implicated in malvertising campaigns by others in the past, proving that they have crossed the line from abused service to complicit enabler has been challenging. We didn’t come to our conclusions lightly.”_
> 
> _“We found compelling evidence that not only has PropellerAds turned a “blind eye” to criminal abuse of their platform, but indicators described below suggest – with moderate-to-high confidence – that several ad-fraud campaigns originated from infrastructure attributed to PropellerAds.”_
> 
> Infoblox Threat Intel

Infoblox ALSO observed more than one trillion DNS queries linked to its infrastructure in the past year, spread across more than 60,000 domains. Many of these domains are short-lived, active for only days, while others remain live for years to support ongoing campaigns. The group uses bulk domain registrations, **push notification abuse and cloaking** to keep operations alive while evading takedowns.

The investigation also connects Vane Viper to Webzilla and XBT Holdings, companies previously cited in **Russia’s Methbot (aka Boaxxe and Miuref) ad fraud**, disinformation efforts, and piracy platforms.

Additionally, corporate records show layers of offshore registrations and opaque ownership, with links to Russian nationals, gambling enterprises, and adult content businesses. These overlapping connections, Infoblox says, create “plausible deniability” that shields the operation from accountability.

A look at the main companies and individuals connected to the Vane Viper network, and the roles they play in the operation (Image credit: Infoblox)

This isn’t the first large-scale adtech-linked threat group Infoblox has reported on. Last month, the company profiled **VexTrio**, another operation that surfaced in 2015 under similar circumstances. Like Vane Viper, it operates as a cluster of adtech companies run by Russian speakers and has built traffic distribution systems that double as malware delivery engines.

“Cybercriminals aren’t just exploiting adtech platforms,” said Dr. **Renée Burton**, VP of Threat Intel at Infoblox. “Sometimes, they are the adtech platforms.”

Advertisers and publishers should take Infoblox’s findings as a warning to carefully vet the ad networks they work with. For everyday users, the advice is simpler but just as important: be cautious about clicking links or ads on unfamiliar or untrusted sites.

Infoblox’s **full report**, including technical details and domain data, is available through its threat intel team.

Vane Viper Malvertising Network Posed as Legit Adtech in Global Scams

New research reveals Raven Stealer malware that targets browsers like Chrome and Edge to steal personal data. Learn how this threat uses simple tricks like process hollowing to evade antiviruses and why it's a growing risk for everyday users.

A new sneaky type of malware, known as Raven Stealer, has been identified by the Lat61 Threat Intelligence Team at Point Wild. The research team, led by Onkar R. Sonawane, have found that this simple-looking program is surprisingly good at staying hidden while it steals your personal information. The research, which was shared with Hackread.com, shows that the malware is primarily spread through underground forums and bundled with pirated software.

Built using the programming languages Delphi and C++, Raven Stealer is designed to be small and quick. It works by quietly getting into your computer, where its payload (the part of the malware that does the actual harm) goes to work.

The payload targets popular web browsers like Chrome and Edge to grab things like your passwords, cookies, payment details, and other information you’ve saved. What makes it particularly tricky is that it can send this stolen information directly to a cybercriminal using a Telegram messaging bot. This means the bad guys get your data in real-time.

Attack flow, the UI of the file and the generated payload (Image Credit: Point Wild)

****How It Works****

Point Wild’s report explains that Raven Stealer uses a clever trick called process hollowing to avoid being caught by traditional antivirus programs. This means, instead of leaving a file on your computer’s hard drive, it works entirely within your computer’s memory, pretending to be a regular browser program. It’s like a car thief hollowing out a car and putting a different engine in it, so it looks normal from the outside but is used for something else entirely. This technique makes it tough for security software to spot it.

The malware’s creator used a simple builder program to create the attack file, which hides an encrypted “payload” inside and gives it a unique name to avoid detection. Once on an infected computer, it gathers a screenshot and stolen data into a ZIP file, then tries to send it to the attacker via Telegram. Although this transmission failed in testing due to a Telegram bot token problem, the threat of data theft remains.

****Protecting Yourself****

To keep your personal information safe from threats like this, always use up-to-date antivirus software with real-time protection and avoid downloading pirated programs. It’s also wise to be careful about clicking on suspicious links or attachments.

As Dr. Zulfikar Ramzan, CTO of Point Wild and Head of the Lat61 Threat Intelligence Team, explains, “Raven Stealer shows how commodity malware is evolving – stealing credentials, cookies, and payment data while hiding its tracks through in-memory execution and Telegram exfiltration. It’s a reminder that attackers are packaging advanced techniques into tools that even low-skilled actors can use.”

New Raven Stealer Malware Hits Browsers for Passwords and Payment Data

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations.

Codeless testing tools have become increasingly popular in recent years thanks to advances in automation technology. The reason for that is the numerous benefits it offers to the software development teams. Team members from a non-technical background, like business analysts, product owners, and project managers, can also participate in the testing process, as these tools do not require them to possess coding skills.

Test scripts need not be created using programming languages when using such tools. Just simple clicks or drag and drop features are enough for them to be created. This feature has considerably enhanced collaboration between team members and reduced the overall time and cost associated with the testing stage.

While looking at the security aspect of the software, it is quite clear that fraudulent cases and scams are rising too, with the advancements in technology. Cybersecurity is an ever-growing field, as it needs to keep itself up to date with the latest security protocols to fight cyber attacks. A company can not release its software product without testing for all the security features and patches that have been integrated into it.

So, the main question that arises is how effective codeless testing tools are in detecting security vulnerabilities. The article centers around this theme, along with diving deep into its elements.

In simplest terms, codeless testing tools are the platforms that allow testers to generate and run test cases without writing code in any programming language. These tools are intelligent enough to accept user inputs in the form of natural language commands, drag and drop features, or clicks on intuitive interfaces. testRigor, as a codeless test automation tool, is one such widely used product that has those benefits along with the following ones.

****Primary Benefits of Codeless Testing Tools****

The most common benefits of these tools are:

*   **Speed:** These tools considerably reduce the time required for creating and running test cases, as most parts of these steps can be executed based on simple inputs rather than complex coding and automated workflows.

*   **Greater Accessibility:** The technical barrier can be eliminated by using such tools because of their capability to accept simple inputs instead of code. That means testing can be done not just by testers but also by business analysts, project managers, and others from non-technical backgrounds.

*   **Better Test Coverage:** Repetitive tasks can be delegated to such tools so that testers get a bandwidth for creating edge cases as well. That improves the overall coverage of the test cases.

While the above benefits are of immense value to the testing process, whether they extend to the security testing also or not is what we will examine in the further sections.

****Common Security Vulnerabilities in Software****

Before we examine the role of codeless testing tools in security testing, let’s first have a brief look at the most common security vulnerabilities. Most of these risks are already documented in the OWASP Top 10, which is a widely followed standard for software security.

*   **SQL Injection (SQLi):** This is a kind of security breach when a malicious query is injected into an input field that can manipulate the backend database of a web application.

*   **Authentication Breaches:** Weak login mechanisms implemented in the software that may allow attackers to impersonate as an authentic user to hack the system.

*   **Misconfigured Security Settings:** This type of breach can happen due to exposed endpoints, unpatched servers, or misconfigured default settings that can be exploited by attackers.

*   **Cross-Site Scripting (XSS):** A webpage can be altered by using harmful scripts that may put its security at risk.

*   **Weak API security:** This kind of vulnerability arises from poorly validated inputs on APIs without adequate authentication that can expose sensitive information.

These vulnerabilities require rigorous testing by using specialised tools, programming skills, and penetration testing techniques. Whether a codeless testing tool can handle all that or not, let’s examine in the next section.

To understand the efficacy of codeless tools in security testing, let’s unpack their strengths and weaknesses.

****Strengths of Codeless Tools in Security Testing****

Several kinds of vulnerabilities exist in a web application, but a codeless testing tool is especially adept at detecting security flaws at the application behavioural level. They include:

*   **Input Validation Errors:** The tool can simulate different kinds of input for testing an application from all aspects, whether for valid inputs or invalid ones. Unexpected inputs may expose a weak validation mechanism.

*   **UI level vulnerability:** This includes whether the application can mask password fields properly or not, or whether the rule enforces strong password creation rules or not.

*   **Regression testing:** The tool can run regression tests for already incorporated security patches any number of times when further updates are introduced to the software.

These are mostly the simple ones that can be easily caught by a codeless testing tool.

****Limitations of Codeless Tools in Security Testing****

Security testing is an altogether separate module in the overall testing process. It needs specialised tools that are specifically designed to catch certain security flaws. And hence, a codeless testing tool may not suffice for such cases. They include:

*   **Deep Code Analysis:** If there are any insecure patterns in an application, a codeless tool cannot analyse its source code to highlight them. Simply because it lacks the capability of a deep code analysis tool. This may cause breaches like SQL Injection or insecure deserialization.

*   **Limited Simulation Capability:** Although a codeless tool can simulate a large set of scenarios, it may still fall short in simulating complex cases to test vulnerabilities like XSS or privilege escalation.

*   **Over-dependent on Patterns:** Most of the tools rely on pre-defined patterns that may not consider nuanced or the latest security risks that have emerged after the tool was trained.

So, in a nutshell, a codeless testing tool may complement security testing by running repetitive and simple test cases to catch common vulnerabilities. But it cannot be used to replace a dedicated security testing tool that is capable enough to catch deeply embedded security flaws.

****Final Thoughts****

Codeless testing tools can still be considered in their infancy. There are several advanced features, like AI and machine learning, that are on their way to being integrated into these platforms. That will considerably enhance their capabilities from simple record and playback features to an intelligent system that can easily detect deeply embedded vulnerabilities.

While in the current phase, they are effective enough to catch the most common security issues, they still fall short in rigorous security testing.

So, to answer the question, can codeless testing tools detect common security flaws? It is, yes, but only up to a certain extent. These tools can definitely elevate your security testing process, but cannot be wholly dependable due to their few limitations discussed in the previous section.

Nevertheless, they can still play an important role in improving the testing process by making it more efficient and thereby delivering a more powerful product.

Can Codeless Testing Tools Detect Common Security Vulnerabilities?

Conor Brian Fitzpatrick, the founder of the hacking forum BreachForums, has been resentenced to three years in prison…

Conor Brian Fitzpatrick, the founder of the hacking forum BreachForums, has been resentenced to three years in prison after a federal appeals court vacated his initial 17-day sentence. Learn how his site facilitated the sale of over 14 billion stolen records.

A New York man who ran one of the world’s biggest cybercrime and hacker forums, BreachForums, has been resentenced to three years in prison, according to the US Department of Justice (DoJ).

Conor Brian Fitzpatrick, aka Pompompurin, 22, was the founder and administrator of BreachForums, where criminals bought and sold stolen login credentials, databases, network access, malware and other illegal items.

In July 2023, Fitzpatrick pleaded guilty to charges, including conspiracy to traffic stolen information and possessing CSAM. Despite the serious crimes, he was initially sentenced to only 17 days in prison, which he had already served, and 20 years of supervised release. This light sentence was given due to his youth and an autism diagnosis.

Fitzpatrick’s BreachForums profile (Source: Hackread.com)

However, prosecutors immediately appealed, and in January 2025, a US appeals court overturned the sentence. The court noted Fitzpatrick’s “lack of remorse” and how he had violated his bail by using a VPN to access online chatrooms. Hackread.com had previously reported on these concerns, which led to the appeals court’s decision.

Fitzpatrick launched BreachForums in March 2022 after law enforcement took down a similar site called RaidForums. His site quickly grew to over 330,000 members, hosting more than 14 billion stolen records, including sensitive personal data like social security numbers and banking details.

According to the DOJ’s press release, in a key part of the investigation, undercover FBI agents infiltrated the site in July 2022, purchasing records for 15 million Americans, which ultimately led to Fitzpatrick’s arrest in March 2023 at his home in Peekskill, New York. Shortly after his arrest, the FBI seized BreachForums, taking the site offline.

Court documents show that Fitzpatrick personally profited from the site, earning approximately $698,000. The platform also served as a hub for hackers to buy and sell stolen data, with Fitzpatrick himself often acting as a middleman.

US Attorney Erik S. Siebert of the Eastern District of Virginia stated that the damage from these crimes is hard to measure, and the human impact of the child abuse material is impossible to calculate.

In addition to his prison time, Fitzpatrick must also give up over 100 domain names, electronic devices, and any cryptocurrency he earned from his illegal operation. This case was part of the DoJ’s nationwide Project Safe Childhood initiative, which was launched in May 2006 to combat the sexual exploitation and abuse of children.

BreachForums Founder Conor Fitzpatrick Resentenced to 3 Years in Prison

Waltham, United States, 17th September 2025, CyberNewsWire

**Waltham, United States, September 17th, 2025, CyberNewsWire**

Syteca, a global cybersecurity provider, introduced the latest release of its platform, continuing the mission to help organizations reduce insider risks and ensure sensitive data protection. Syteca 7.21 is a major update designed to enhance user privacy, simplify access management, provide seamless oversight, and improve the user experience.

With release 7.21, Syteca delivers a set of new capabilities, from masking sensitive information in real time to simplifying remote access. These new features help address the most pressing challenges faced by security teams worldwide.

**Sensitive Data Masking**

Syteca has become the first cybersecurity vendor to deliver real-time sensitive data masking. With this feature, the platform automatically detects and obscures confidential information (e.g., passwords, credit card numbers, or personal IDs) during live sessions and in recordings. By blurring this data, Syteca helps prevent exposure of private information and supports compliance with data privacy regulations like the GDPR, HIPAA, and PCI DSS.

**Web Connection Manager**

Users can now launch remote sessions (RDP for Windows or SSH for Linux/Unix) directly in web browsers (Chrome, Safari, and Edge). This means that IT teams don’t bother with installing agents, pushing updates, or troubleshooting installation issues. They just provide fast and secure access for both employees and vendors.

**Full-Motion Capture of On-Screen Activity**

The Syteca platform can now record continuous videos of user sessions, capturing every click and cursor movement. Full-motion session recordings give security teams complete visibility into user activity, which can provide more detailed audit trails and speed up incident investigations. Every session is encrypted for security. 

**Intuitive UI**

Beyond new capabilities, Syteca 7.21 introduces a redesigned user interface. The updated UI has a cleaner design while keeping familiar navigation in place. The lighter interface and reduced on-screen clutter help users find key information faster, thus streamlining daily security tasks.

> “Release 7.21 gives organizations better visibility and control over their internal security,” says Oleg Shomonko, CEO of Syteca. “Features like live data masking, full-motion session recordings, and browser-based access mean our clients can enhance the security of their assets and streamline compliance while reducing IT overhead. This update reflects our focus on solving real IT security challenges without adding complexity.”

Users interested in trying Syteca’s brand new capabilities can access the demo portal at syteca.com. 

**About Syteca**

Syteca is a comprehensive cybersecurity platform that helps organizations worldwide protect their inside perimeter. The Syteca platform combines advanced user activity monitoring (UAM) and robust privileged access management (PAM) solutions that empower organizations to govern access, mitigate insider threats, prevent data breaches, and streamline IT compliance. Syteca serves over 1,500 customers across different industries. 

**Contact**

**Chief Marketing Officer**  
**Helen Gamasenko**  
**Syteca**  
**\[email protected\]**

New in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session Playback

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer secrets, exposes private code, and spreads through popular packages like ngx-bootstrap and @ctrl/tinycolor.

A new and dangerous self-replicating computer worm, named Shai-hulud, has been discovered on the Node Package Manager (npm) open-source registry (a huge library where developers share and use pieces of JavaScript code).

Security firm ReversingLabs (RL), which shared its findings with Hackread.com, identified the worm on September 15, claiming that this is the first time a worm of this kind has been found on the platform. The name Shai-hulud comes from the malicious code’s own repository and is a nod to the giant sandworms from the popular sci-fi series “Dune.”

Shai-hulud spreads by taking over a developer’s npm account and secretly adding harmful code to their public and private code packages that the developer manages. Once a package is infected, it can then spread the worm to anyone who downloads and uses it.

This makes it especially dangerous because many software projects rely on packages from the npm network. A single compromised package can quickly infect a wide network of other projects.

****A Widespread Attack****

The first compromised package, rxnt-authentication, was infected on September 14, and therefore, its maintainer, techsupportrxnt, is considered Patient Zero for this campaign. This is a term used to describe the first person/system identified as being the source of an infection.

As the RL research team continues to track the issue, hundreds of npm packages have already been compromised, some of which are very popular, boasting millions of weekly downloads. For example, the worm has infected ngx-bootstrap, which has 300,000 weekly downloads, and @ctrl/tinycolor, with 2.2 million weekly downloads, making this a high-impact security breach.

****What the Worm Does****

The Shai-hulud worm steals important information such as cloud service tokens and private code. It specifically targets keys for services like npm, GitHub, AWS, and GCP (Google Cloud Platform). The research also reveals the worm installs a tool called TruffleHog, which can detect more than 800 different types of secrets.

Moreover, it can make a user’s private code libraries on GitHub public. A recent search for these “migrated” repositories yielded close to 700 results, exposing a large amount of proprietary code.

GitHub search showing the compromised user repositories (Credit: ReversingLabs)

While the exact initial cause of the attack isn’t known, ReversingLabs notes its methods are similar to a previous campaign in August, suggesting the attackers may have used social engineering or exploited vulnerabilities in developer tools.

ReversingLabs has been reaching out to as many affected developers as possible, but because the worm is spreading so fast, it’s impossible to warn everyone. The company advises developers to check their public GitHub accounts for any suspicious activity, such as new repositories they didn’t create or private repositories that have suddenly been made public.

New Shai-hulud Worm Infecting npm Packages With Millions of Downloads

Microsoft's Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.

Microsoft’s Digital Crimes Unit (DCU) has taken down a cybercrime service called RaccoonO365. The company announced on September 16 that, through a court order granted by the Southern District of New York, it seized 338 websites linked to the RaccoonO365 operation, which was a popular tool for criminals looking to steal user information.

RaccoonO365, which Microsoft tracks as Storm-2246, offered a subscription service that let anyone, even those without technical skills, steal Microsoft 365 usernames and passwords, known as credentials.  The service provided phishing kits, which are ready-to-use tools that mimic official Microsoft communications to trick people into giving up their information. 

Since July 2024, the service has been used to steal at least 5,000 Microsoft credentials from victims in 94 countries, including a wide tax-themed campaign that targeted over 2,300 organisations in the United States. While not every theft leads to a full system break-in, the large number of attacks shows the size of the problem.

****A Threat to Public Health****

The effects of RaccoonO365 have reached beyond simple data theft. One of the most worrying uses of the service was a large-scale phishing campaign that targeted at least 20 US healthcare organisations.

Since phishing emails often lead to more serious attacks like ransomware, these incidents put public safety at risk by delaying patient services and exposing sensitive data. This is why the DCU partnered with Health-ISAC, a non-profit focused on cybersecurity for the health sector, to file the lawsuit.

RaccoonO365 Login Page and Subscription Plans (Credit: Microsoft)

****The Man Behind the Crime****

During the investigation, the DCU identified the operation’s leader as Joshua Ogundipe, an individual from Nigeria. He and his partners worked together to create, sell, and support the service. They sold their services on the messaging app Telegram, where they had more than 850 members and received at least $100,000 in cryptocurrency payments.

The group also recently began advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to make their attacks even more effective. Microsoft believes that Ogundipe wrote most of the computer code for RaccoonO365.

Promotion of RaccoonO365 AI-MailCheck (Credit: Microsoft)

The group was careful to hide their identities, but a mistake revealed a secret cryptocurrency wallet, which helped the DCU connect Ogundipe to the operation. The information about Ogundipe has now been sent to international law enforcement for further action.

****Working Together to Fight a Global Problem****

The operation shows how cybercrime is now accessible and scalable to virtually anyone. As Microsoft notes, “Cybercriminals don’t need to be sophisticated to cause widespread harm,” however, this action sends “a clear signal that Microsoft and its partners will remain persistent in going after those who target our systems.”

To confront this, Microsoft is using new methods like blockchain analysis tool Chainalysis Reactor that traces cryptocurrency payments and identifies criminals. The company also frequently collaborates with security firms like Cloudflare to quickly take down malicious websites.

Adding to the technical solutions, experts highlight the crucial role of human defences in this fight. Erich Kron, a security awareness advocate at KnowBe4, commented that “email phishing continues to be a major threat that organisations face on a daily basis.” He explained that phishing services make it far easier for criminals who aren’t tech-savvy to get into the “cybercrime game.”

Kron pointed out that credential theft can be especially dangerous because “people tend to reuse passwords across different accounts and services,” meaning an attacker who steals one password might gain access to many more accounts.

To counter this, he said, organisations need a “well-established human risk management (HRM) program in place” to educate users on how to spot fake login pages and understand the dangers of reusing passwords. Ultimately, he advises, “MFA should be deployed wherever possible to make things even tougher for attackers in the event they do steal someone’s credentials.”

Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites

Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust,…

Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust, but the full process goes deeper.

Digital documents hold contracts, medical records, and important ideas that must stay safe. If they are exposed, the harm is often permanent, leading to stolen data and financial loss. Secure editing is now essential. The challenge is keeping teamwork smooth while making sure encryption and access controls stay strong at every step.

The urgency of secure editing became clear during a professional workshop where an executive shared how an internal policy draft was intercepted. The breach highlighted the value of adopting tools that allow you to edit PDFs online while ensuring encryption remains intact.

****The Growing Threat of Data Exposure****

Every document exchanged between colleagues or external partners has potential vulnerabilities. Cloud storage and email make sharing faster, but they also increase exposure. Sensitive details, from financial forecasts to medical test results, are prime targets for attackers. A single weak link in an editing chain can compromise years of work and lead to compliance violations.

In recent years, businesses have had to accept that data breaches are not rare anymore. Hackers take advantage of weak editing tools, and risks also come from inside when access isn’t managed properly. The truth is, security has to be built into the editing process from the start, not added as an afterthought.

****Why Encryption and Authentication Matter****

Strong encryption and authentication form the base of secure editing. Encryption makes files unreadable if they get intercepted. Authentication ensures only approved people can open or edit them. Without both, documents are left open to misuse.

A recent report by IBM Security revealed that the global average cost of a data breach in 2023 reached 4.45 million USD, a record high. The cost includes not only financial penalties but also reputational damage, making secure editing an essential investment. Organisations that fail to enforce encryption and access control in document workflows face risks that extend far beyond technical inconvenience.

****The Role of Secure Editing in Compliance****

Healthcare, finance, and law all have strict rules to follow. Laws like HIPAA, GDPR, and SOX require personal and financial records to stay protected. Secure editing helps meet these rules without slowing teamwork. Features like audit trails, version history, and watermarks add extra compliance and accountability.

A consultant described a case where a financial report was mistakenly shared without redacting client details. The penalties were tough, leading to months of fixing mistakes. It was a clear reminder that compliance problems often come from ignoring secure editing, not from intentional wrongdoing.

****Customer Experience and Trust****

Outside compliance, secure editing strengthens trust. Clients want assurance that their data is treated with care. A customer testimonial shared by a legal professional at a networking event reinforced this point. They explained how adopting secure document tools not only prevented accidental leaks but also reassured clients, who began referring others because of the firm’s demonstrated commitment to confidentiality.

Trust once lost is almost impossible to rebuild. For professionals handling contracts, identity records, or research, the ability to edit and share files securely is an extension of their reputation. Secure editing is not only a technical safeguard but also a business advantage.

****Integrating Secure Editing into Daily Workflows****

Secure editing tools are most effective when seamlessly integrated into existing workflows. The best solutions combine usability with proper protection, ensuring employees do not bypass them out of frustration. Features like real-time collaboration, digital signatures, and role-based access controls keep projects moving without sacrificing safety.

Organisations can also gain from centralised storage. As experts on safe file practices explain, monitored systems keep version control in place and prevent files from being lost or overwritten. When secure editing becomes part of daily habits instead of an afterthought, the risks drop sharply.

****Preparing for Evolving Threats****

Technology keeps moving forward, and so do attackers. With sharper documents, smarter phishing tricks, and new malware, editing systems need constant updates. Smart organisations review their document security often. As experts on cybersecurity risks point out, attackers adjust fast, so letting your guard down is risky.

The right approach combines proactive monitoring, frequent audits, and staff training. Employees who understand the importance of secure editing are less likely to make costly errors. Secure editing is not only about the tool but also about the culture built around its use.

****Conclusion****

Secure document editing is no longer a niche concern. It is a professional responsibility and a vital part of protecting people, businesses, and reputations. As breaches grow more costly and regulations tighten, adopting secure editing practices becomes a necessity, not a choice. Every organisation that values trust, compliance, and efficiency must make secure editing an integral part of its workflow.

(Image by Esa Riutta from Pixabay)

Why Secure Document Editing is More Important than Ever

Researchers spot FileFix phishing sites that deliver StealC Infostealer through fake Facebook warnings and hidden payloads in images.

Cybersecurity researchers at Acronis have spotted a phishing campaign that takes a new approach to an already familiar attack technique. The method, called FileFix, is being used to install the StealC infostealer malware through convincing Facebook Security lookalike pages.

It all starts with victims receiving a warning that their Facebook account could be suspended for policy violations. To appeal, they are directed to a phishing site that imitates an official Meta support page. Instead of a form or CAPTCHA test, the site asks them to paste a path into the address bar of a file upload window. That single step executes code on their machine, starting the infection.

Once the command executes, the attack unfolds in stages, beginning with images hosted on Bitbucket that contain hidden scripts and executables embedded through steganography. The technique allows attackers to hide code in plain sight and makes the files appear harmless until they are executed on the victim’s computer.

ClickFix attack, FileFix attack and malicious images used in the attack (Credit: Acronis)

The final payload, as per Acronis’ blog post, is StealC, a malware strain designed to take credentials, browser data, cryptocurrency wallets, and account tokens from chat or cloud applications. Researchers say it can also bring in additional malware, giving attackers flexibility once they have access.

Compared to earlier examples of FileFix or its relative ClickFix, this campaign shows a higher level of effort. The phishing pages include multilingual support, obfuscation, and junk code to thwart analysis.

Analysis of phishing sites linked to the campaign suggests the targeting is not limited to one region. Submissions connected to these attacks have been found in the US, Germany, Bangladesh, the Philippines, and several other countries. The use of multiple languages in the phishing pages supports the idea that the campaign is designed for a broad set of victims.

Security experts emphasise that incidents like this highlight the importance of planning for breaches rather than assuming they can all be stopped. Louis Eichenbaum, Federal CTO at ColorTokens, notes that Zero Trust approaches help limit what an attacker can do if they get inside a network. “Assume the adversary will breach your network,” he said. “From there, the question becomes what happens next.”

FileFix may still be a newer technique, but the campaign spreading StealC infostealer, and researchers believe that the campaign is active and evolving. Therefore, businesses and everyday users should be cautious with emails from unknown senders and avoid clicking links or following instructions to run scripts on their devices.

Ongoing FileFix Attack Installs StealC Infostealer Via Fake Facebook Pages

Newark, New Jersey, United States, 16th September 2025, CyberNewsWire

**Newark, New Jersey, United States, September 16th, 2025, CyberNewsWire**

The **OpenSSL Conference 2025** will take place on October 7 – 9 in Prague. The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global context.

*   Opportunities to meet **the people behind the** **OpenSSL Library****,** **Bouncy Castle****, and** **cryptlib** projects.
*   Sessions with **compliance leaders, policymakers,** and **certification experts**.
*   Networking forums to connect with **partners, mentors, contributors,** or **co-founders**.
*   Discussions with **project maintainers**: challenge decisions, ask questions, and shape the future.
*   Exchanges where **technical, commercial, and ethical perspectives** collide.
*   Presentations on **regulatory obligations to post-quantum cryptography**.
*   Talks addressing **past, present, and future security challenges**.
*   Networking activities with fellow participants.

**Conference starts in 3 weeks.**

**Conference Contact Details**

The OpenSSL Conference team can be reached at \[email protected\]

**About The OpenSSL Corporation**

The OpenSSL Corporation is a global leader in cryptographic solutions, specializing in developing and maintaining the OpenSSL Library – an essential tool for secure digital communications. The OpenSSL Corporation provides a range of services tailored to assist businesses of all sizes to ensure the secure and efficient implementation of OpenSSL solutions. The OpenSSL Corporation also supports projects aligned with its Mission and Values by providing infrastructure, resources, expert advice, and engagement through advisory committees, particularly in the commercial sector. Collaboration among these projects fosters innovation, enhances security standards, and effectively addresses common challenges, benefiting all our communities.

**Contact**

**MarCom Manager**  
**Hana Andersen**  
**OpenSSL Software Services**  
**\[email protected\]**

Source

HackRead