North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts.

On Thursday, December 18, 2025, cybersecurity firm Darktrace released new research regarding a dangerous new variant of BeaverTail malware, a JavaScript-based information stealer.

Linked to North Korea’s notorious Lazarus Group, the software is part of an increasingly aggressive campaign targeting the financial and cryptocurrency sectors. The research, which was shared with Hackread.com, is part of Darktrace’s latest report, The State of Cybersecurity.

According to researchers, the software often spreads through fake job offers. Hackers pose as recruiters and lure developers or crypto traders into “technical interviews” that require downloading tools like MiroTalk or FreeConference. In reality, these are traps designed to compromise the victim’s system.

****A History of Evolution****

It is worth noting that BeaverTail isn’t new; it has been active since 2022, but it has undergone a massive transformation. Hackread.com previously noted in October 2025 that BeaverTail was beginning to merge with another malware strain called OtterCookie.

This evolution has been steady. Darktrace researchers noted that while 2024 versions were mostly interested in browser profiles, by early 2025, the hackers added tools to steal anything copied to a user’s clipboard.

The most recent V5 version is even more invasive, recording every keystroke and snapping a screenshot of the victim’s desktop every four seconds. “Once installed, BeaverTail exfiltrated browser credentials, credit card data, and cryptocurrency wallet keys,” the report reads.

****Modern Tactics and Blockchain Tricks****

Researchers noted that catching this latest version is harder than ever because the hackers are now hiding the malware inside VS Code extensions and npm packages (the standard building blocks used to create apps). It has become a “modular, cross-platform” threat, meaning it can jump between Windows, Mac, and Linux without missing a beat.

Further investigation revealed that this new version uses “over 128 layers” of concealment to hide its code. This deep protection is far beyond anything seen in earlier versions. The campaigns, which target everyone from marketing professionals to retail employees, are attributed to North Korean clusters like Famous Chollima, Gwisin Gang, and Tenacious Pungsan, all linked to the larger Lazarus Group.

Interestingly, these groups are now using EtherHiding, a technique that stores commands inside blockchain smart contracts. This makes the attacks almost impossible to shut down. To stay safe, experts recommend verifying any job offer through a company’s official HR department before running any “technical assessments.”

_“_Darktrace’s identification of a hyper-obfuscated BeaverTail variant marks a significant escalation in tradecraft, transforming a lightweight stealer into a signature-evasive framework shielded by over 128 layers of concealment,_“_ said Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM).

_“_By weaponising the software supply chain through trojanized npm packages and VS Code extensions, Lazarus Group is exploiting developer trust while ensuring infrastructure resilience via “EtherHiding,” storing command-and-control payloads on blockchain smart contracts to effectively immunise operations against takedowns,_“_ explained Soroko.

_“_This technical maturation culminates in the strategic convergence of BeaverTail with the OtterCookie strain, yielding a unified, cross-platform instrument designed for persistent financial theft and surveillance across Windows, macOS, and Linux environments,_“_ he warned.

Lazarus Group Embed New BeaverTail Variant in Developer Tools

SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada.

The elusive Iranian hacking group known as Prince of Persia (also called Infy) is far from retired. Despite appearing to go dark for nearly three years, newly published research from SafeBreach Labs shows the group is not only active but has significantly expanded its reach.

For your information, this group is an Advanced Persistent Threat (APT), a category of state-sponsored hackers that’s linked to the Iranian government and has been quietly targeting diplomats, activists, and critical systems since 2007.

SafeBreach, a breach simulation leader, discovered these hidden activities and shared its investigation with Hackread.com. Their team has tracked the group since 2019, noting they are now “operating at a broader scale, with more advanced tooling than previously understood.”

****From Operation Mermaid to Telegram****

First discovered in 2016, the group gained notoriety for Operation Mermaid, which targeted Danish diplomats. Historically, they have focused on political targets, such as the 2013 Iranian elections and media outlets like BBC Persia, rather than stealing money. After a major shutdown, the group evolved, introducing the Foudre and Tonnerre malware families to regain control of their operations.

A news article in which the hackers had embedded the Foudre v34 (Screenshot: SafeBreach)

One of the most surprising shifts is their move to use Telegram to control malicious software. Further probing revealed they have turned to a private Telegram group named “سرافراز” (meaning Proudly).

Investigating further, SafeBreach researchers identified a specific user profile behind this operation named @ehsan8999100, who was active as recently as December 13, 2025. This operator likely manages a Telegram bot (tga.adr) used to send commands and steal data.

****The Thunder and Lightning Attack****

The group continues to use its signature malware pair, Foudre (lightning) and Tonnerre (thunder), which work in stages. Foudre acts as a “scout,” infecting computers via fake Excel files, like one titled Notable Martyrs.zip, to identify the victim. Tonnerre, on the other hand, is a more powerful tool deployed once a high-value target is found. The latest version, Tonnerre v50, was detected in late 2025.

Researchers noted that the group runs multiple variants in parallel, using specialised code called a Domain Generation Algorithm (DGA) to constantly change their web addresses to avoid being blocked. Other variants, like Amaq News Finder, Deep Freeze, and MaxPinner v8, were also found spying on victims’ Telegram accounts.

An overview of the timeline of the malware development process since 2016 (Credit: SafeBreach Labs)  
 

****Cracking the Attacker’s Code****

It is worth noting that despite the hackers’ efforts to hide, SafeBreach found a way to download the attackers’ own files. By identifying a ‘fixed time gap’ in the server’s file-naming convention, the team was able to access stolen data dating back to 2021.

While the group focuses on Iranian dissidents, victims were found globally in Europe, Iraq, Turkey, India, and Canada. As Tomer Bar, SafeBreach’s VP of Security Research, explained in the blog post, the findings prove that this group remains ‘active, relevant, and dangerous.

Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every part of their workflow. Technology moves quickly, and security teams now focus on strategies that adapt with equal speed.

A modern approach supports the protection of data, smooth daily operations, and reliable communication between departments. Many leaders recognise that cybersecurity is not merely a technical requirement but a core part of how the organisation functions.

A proactive mindset helps companies stay prepared for emerging risks. Regular updates, clear documentation, preventive measures, and thoughtful tool selection guide the process. Each structural choice influences how well the organisation responds to unusual activity or new vulnerabilities.

A forward-focused strategy creates an environment where teams feel informed, protected, and ready to adjust as technology advances. Let’s discuss below how modifying cybersecurity strategies will do organisations good in 2026:

****Preparing Systems for Evolving Software Demands****

Software environments continue to grow, and organisations use a growing list of applications, plug-ins, and integrations. Each system introduces unique requirements that influence how security teams manage updates. Regular maintenance helps reduce vulnerabilities created by outdated versions or overlooked patches. An effective update plan keeps systems aligned with current security expectations and supports smooth performance, especially those that rely on MSPs.

Managed Service Providers, or MSPs, are outside teams that take care of a company’s IT responsibilities from a remote location. Their role focuses on ongoing oversight of systems, networks, and user support so businesses can stay organised without building a full in-house IT department.

Many companies use an enterprise patch management solution for MSPs to organise this process. A structured system helps teams deploy updates across devices, track version changes, and maintain consistency throughout the network. This approach reduces manual workload and creates a routine rhythm for keeping software environments healthy.

****Cloud Approaches****

Cloud services support flexibility, remote access, and data storage across diverse teams. A thoughtful cloud security plan becomes essential as organisations expand their digital footprint. Clear guidelines for access, storage, and transfers help reduce risk. Many companies review their cloud map regularly to confirm that permissions, backup plans, and retention policies remain aligned with their needs.

Teams often create frameworks for monitoring cloud activity, reviewing user behaviour, and organising data into secure segments. This way, the organisation maintains clarity around who has access to what information and how that information flows throughout the system.

****Identity Controls****

Identity management helps organisations protect accounts, devices, and stored information. A structured approach to permissions ensures that individuals only access the tools and data relevant to their roles. As such, this reduces unnecessary exposure and creates a cleaner internal environment. Identity controls become especially important as staff roles evolve or as new team members join.

Many organisations use layered methods to confirm identity. Role-based access, periodic reviews, and authentication methods help keep accounts secure. Clear processes also help teams remove outdated access quickly, especially during staffing transitions.

****Network Segmentation****

Network segmentation separates systems into organised sections that limit unnecessary access across the entire environment. Segmenting a network helps contain potential threats and prevents widespread disruption if an issue appears. Organisations often group systems based on sensitivity, function, or department to create a clear structure.

Segmentation also improves visibility. Security teams can monitor traffic within each section and identify unusual behaviour more easily. This structure supports faster response times and creates a cleaner map of how information moves across the organisation.

****Vendor Risk****

Vendor relationships introduce an additional component of consideration for cybersecurity planning. Outside partners often interact with internal systems, supply tools, or manage data. Organisations review vendor practices to ensure they meet internal security expectations. Regular evaluations help teams understand how third-party access influences the broader environment.

Clear agreements, documentation, and communication channels help maintain accountability. A strong vendor review process checks whether the external partnerships support the organisation’s security goals instead of introducing avoidable vulnerabilities.

****Data Protection Standards****

Data protection is essential to any cybersecurity strategy. Organisations create guidelines for how information is collected, stored, and shared across internal systems. Clear standards help teams handle sensitive records with care and avoid practices that introduce unnecessary exposure. Many companies also categorise data based on sensitivity, so the right level of protection applies to each type.

Staff training plays a crucial role in keeping these standards active. Teams learn how to handle client information, prepare secure documents, and follow safe communication practices. The consistency of these habits helps maintain a reliable environment where information remains protected throughout daily operations.

****Remote and Hybrid Structures****

Remote and hybrid setups require thoughtful planning because work now happens across varied locations and devices. Organisations outline expectations for home networks, device use, and communication methods to keep information secure. A structured framework helps employees understand how to protect data outside the office.

Security teams often use tools that support device monitoring, safe file sharing, and encrypted communication. Guidelines for remote access help create a consistent experience for employees regardless of where they work. A well-prepared structure supports productivity without weakening security.

****Security Documentation****

Clear documentation keeps everyone aligned. Written guidelines outline procedures, response steps, and expectations for handling different scenarios. Documentation becomes a reference point during onboarding, training, and annual reviews. A well-organised manual helps staff understand how their actions support the overall security plan.

Security documentation grows as the organisation evolves. Teams update protocols whenever a new tool is introduced or a workflow changes. This keeps the strategy relevant and easy to follow. A strong written framework helps reduce confusion and supports faster response during unexpected events.

****Authentication Methods****

Authentication methods help confirm that the right individuals access the right systems. Organisations often use layered methods such as codes, tokens, or biometric tools to support secure entry. Clear rules for password creation and renewal also play an important role. As such, they reduce unauthorised access and protect sensitive environments.

Periodic reviews help authentication stay aligned with organisational needs. As teams grow or tools change, security staff confirm that access methods remain appropriate. A calm, organised process keeps accounts protected across all departments.

Cybersecurity strategies continue to evolve as organisations utilise broader networks, new tools, and expanding digital environments. A thoughtful plan supports the protection of data, the stability of daily operations, and the confidence of teams who depend on secure systems. Each structural choice, from cloud management to authentication, contributes to a safer digital landscape. A proactive strategy helps organisations navigate modern risks with clarity and resilience.

(Photo by Philipp Katzenberger on Unsplash)

Why Organizations Need to Modify Their Cybersecurity Strategy for 2026

The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation.

The FBI just dealt a $70 million blow to the world of cybercrime. Working with police in Germany and Finland, they finally shut down a major online business that helped hackers hide their stolen cash for years. This network, known as E-Note, was like a secret bank for international cybercrime gangs.

As we know it, hackers use cryptocurrency to stay hidden, but E-Note made it much easier for them to move that money across borders. Since 2017, investigators have tracked over $70 million in illegal funds flowing through the service.

These weren’t victimless crimes. These hackers targeted essential services, including American hospitals and power plants, through ransomware attacks, a method where they lock up important files and demand a fee/ransom to release them.

Official seizure notice (Source: DoJ)

“E-Note provided money laundering services to cyber criminals who used ransomware and other cyber attacks against multiple victims,” the FBI Cyber Division wrote in its post. on LinkedIn.

****A Decade of Growth****

The man allegedly behind the curtain is Mykhalio Petrovich Chudnovets, a 39-year-old Russian national. FBI’s investigation revealed that his business didn’t just appear overnight; he began offering money laundering services as far back as 2010.

What started as a small setup grew into a massive operation. Chudnovets used a money mule network, which means using real people to move illegal money, to help hackers swap their digital coins for regular cash. While a warrant is out for his arrest, officials haven’t confirmed if he is actually in custody yet.

****How the Takedown Happened****

United States Attorney Jerome F. Gorgon, Jr. and Jennifer Runyan, the Special Agent in Charge of the FBI’s Detroit Division, officially announced the takedown. According to officials, the FBI also got hold of earlier copies of the servers. This means they now have databases and records showing years of transactions and customer details.

In addition to the server records, police have seized the main websites, including e-note.com, e-note.ws, and jabb.mn, as well as the mobile apps used to run the business. This shows the massive scale of the global crackdown.

Chudnovets now faces a charge of money laundering conspiracy, which could lead to 20 years in prison. Currently, the Michigan State Police and international teams are going through the records to find others who used the service. If you think your funds were moved through this network, the FBI wants you to email them at [email protected].

In its official press release, the US Department of Justice recognised the critical help of several partners, including the German Federal Criminal Police Office, the Finnish National Bureau of Investigation, and the Michigan State Police Michigan Cyber Command Center (MC3).

FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin

France confirms a cyberattack on its Interior Ministry as a 22-year-old is arrested. Hacker claims access to police, tax, and criminal record systems.

France is now dealing with one of its most serious public sector cybersecurity incidents in recent years, after the Interior Ministry confirmed that attackers breached internal email systems and accessed internal files.

However, what initially looked like a contained incident took on a very different tone once the newly relaunched BreachForums administrator, using the alias Indra, stepped forward, claimed responsibility, and publicly accused the government of downplaying how deep the intrusion really went.

****First Details and Official Response****

Originally, the breach was detected overnight between December 11 and 12, according to Interior Minister Laurent Nuñez, who said attackers accessed several internal documents but stopped short of confirming any data theft.

Speaking publicly, he acknowledged unauthorised access to ministry email servers while stressing that no evidence showed files were seriously compromised. Security procedures were tightened across government systems while a judicial investigation was launched.

****BreachForums Claims Retaliation and Wider Access****

Behind the scenes, however, a very different version of events surfaced on BreachForums, a well-known cybercrime platform that recently reappeared after months offline on a new domain.

Its administrator, Indra, published a lengthy post claiming direct responsibility for the attack and accusing French authorities of withholding the truth. The post framed the attack as retaliation for the arrests of members, especially ShinyHunters, linked to earlier BreachForums operations.

****Claims of Access to TAJ, FPR, and More****

According to Indra, the breach went further than just email servers. The forum post alleged access to multiple sensitive law enforcement and government databases, including TAJ, the French criminal records processing system, FPR, the national wanted persons database, and systems linked to Interpol.

Additional claims referenced access to tax, pensions, and vehicle registration platforms. Indra asserted that more than 16 million individual records were accessible, a figure far exceeding standard query limits.

****Screenshots and an Ultimatum****

To support these claims, the post included screenshots said to show internal search results and interfaces tied to French police systems. One image displayed a results counter exceeding 16 million entries, while others appeared to show identity records and internal tools. French authorities have not publicly confirmed the authenticity of these screenshots or the extent of any data exposure.

The forum post also issued an explicit ultimatum. Indra gave the French government one week to initiate contact via XMPP to negotiate the fate of the alleged data. The message laid out two options: deletion of the data following payment or sale of the information to the BreachForums community. No ransom amount was publicly specified.

Indra on BreachForums (Image credit: Hackread.com)

****Arrest Made, Identity Still Unconfirmed****

French prosecutors moved quickly. On December 17, authorities arrested a 22-year-old suspect as part of the investigation led by the cybercrime unit of the Paris public prosecutor’s office.

According to a press release (PDF) from the Paris Public Prosecutor’s Office, the individual, born in 2003, was taken into custody on charges related to unauthorised access to a state-operated automated data processing system carried out by an organised group. Prosecutors confirmed the suspect had prior convictions for similar offences earlier in 2025.

Investigators from OFAC, France’s central office for combating cybercrime, continue to analyse the breach. Officials said further communication will follow once the custody period concludes. At this stage, authorities have not confirmed whether the arrested individual is Indra or whether additional suspects are involved.

France Arrests 22 Year Old After Hack of Interior Ministry Systems

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists,…

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists, but they are unsure of how to initiate it or whether it’s safe to use. Here, we look at the most effective ways traders can use AI to generate a better ROI safely.

****AI in Crypto Trading****

Artificial intelligence (AI) refers to computer systems that can think and learn in ways similar to humans. Since they are machines, these systems can process information much faster than people can, which opens up numerous possibilities for AI applications.

The cryptocurrency market is highly volatile, and price changes occur swiftly; therefore, technology that can keep up with it is necessary to trade profitably. Traders can use AI in different ways to profit from the crypto market, including:

1.  **Automate Trading**

According to OANDA, a crypto trading platform and fintech provider of crypto market data, one of the main advantages of using AI is the ability to make trades with almost no stress. AI bots operate independently once you set them up with strategies to trade assets based on market conditions. This saves the time that you would have spent watching multiple assets and tracking news events for each one. 

For example, 3Commas is a popular trading bot that connects to major exchanges. Users can set up automated strategies such as grid trading or dollar-cost averaging. The bot watches the market 24/7 and executes trades based on the rules you create

2.  **Manage Crypto Portfolio**

Beyond trading cryptocurrencies directly, artificial intelligence can also help track prices and manage investors’ portfolios. You gain a comprehensive view of your assets through real-time data, which displays portfolio value, asset distribution, and past performance across various exchanges and wallets. These data let traders make smart investment choices without having to manually track everything themselves.

AI-powered trackers can also spot and alert you to inconsistencies between your recorded transactions and the actual blockchain data. This includes differences in fees, token amounts, or transaction timing. This feature helps keep your portfolio records accurate.

Another useful feature is automated labelling, which goes beyond basic summaries. The system automatically sorts transactions into categories like staking rewards, airdrops, or trades. Some tools even function as tax calculators, offering relevant data and downloadable reports. This becomes especially helpful during tax season when you need to follow local regulations.

Keep in mind that using AI for crypto trading through these applications may have costs. Basic features are often free, but advanced options like tax-harvesting tools and premium services such as priority customer support usually require a subscription. You should compare the costs with the benefits to decide if paying for these tools makes sense for your situation.

To use a crypto portfolio management application, you typically create an account and enter your exchange API keys. This gives the tool access to your portfolio data so it can track your holdings and performance across multiple platforms.

3.  **Forecast with Predictive Analytics**

Predictive analytics is a powerful application of AI in cryptocurrency trading because it examines past price patterns and market sentiment data to forecast where prices might head next.

Machine learning (ML) is one of the core technologies here, and the way it helps generate profits in crypto trading is straightforward. ML models, such as Neural networks and Decision trees, can analyse complex data relationships and detect hidden patterns without requiring specific statistical assumptions.

Building effective ML models for crypto trading requires considering several factors: input data, model selection, and output type. 

Many trading platforms now include predictive analytics features built directly into their systems. Services like TradingView allow traders to apply advanced techniques through customizable indicators without needing to write any code. For traders with technical skills, libraries such as TensorFlow and PyTorch enable building custom predictive models, though these tools require programming knowledge.

More sophisticated platforms, such as Glassnode and Santiment, aggregate on-chain data and social sentiment to produce insightful deductions.

4.  **Understand Market Sentiment**

Sentiment analysis utilises AI to analyse opinions, emotions, and attitudes expressed in text data, such as news articles, social media posts, and online forums. This information helps you gauge the overall market mood, indicating whether it is bullish or bearish.

Because the crypto market is speculative and driven by sentiment, this analysis type proves particularly valuable for finding short-term opportunities. Natural Language Processing (NLP) is a common AI-powered feature people frequently use. It helps interpret textual data by:

*   Understanding forum discussions.
*   Processing news articles related to cryptocurrencies
*   Examining social media and community posts to determine the overall sentiment about a specific cryptocurrency

NLP identifies keywords, sentiment scores, and trends from all this data so traders can decide if they should buy, sell, or hold their funds.

A sudden increase in positive sentiment around a cryptocurrency may signal a potential price rise, and the opposite is true as well. For example, positive news like a major company adopting Bitcoin can trigger a rapid price increase.

Similarly, rumours or regulatory announcements can cause panic selling. Traders using sentiment analysis can anticipate these changes and position themselves accordingly. Platforms like LunarCrush and Santiment specialise in providing such features.

5.  **Risk Detection**

AI tools work well for finding risky trading situations because they can process large amounts of information and notice small changes. You can teach trading bots like Cryptohopper to recognise patterns in candlestick charts. These bots will notify you when they see specific chart formations that could signal upcoming market movements.

The best bot for your needs depends on how you trade. All AI bots can check for possible risk warnings as they happen and suggest actions based on the information they find.

****How to Safely Trade Crypto with AI****

AI offers many benefits in various situations, but traders must still use these tools carefully. This is because once the parameters have been defined, there is limited control over what happens next.

Therefore, participants should always apply risk management strategies, such as stop-loss and diversifying investments across multiple assets. It is also crucial to stay informed about market trends and news that may impact cryptocurrency prices.

(Photo by Eftakher Alam on Unsplash)

The Cybersecurity Side of AI Crypto Bots: What Users Need to Know

ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data.

As digital currency continues to grow, so do the methods used by cybercriminals to steal it. Recently, a major cybersecurity threat was found on NuGet, a popular platform where software developers find building blocks for their apps. The discovery was made by software security firm ReversingLabs (RL) and publicly disclosed on Monday.

****Sneaky Tactics to Build Trust****

RL researchers found that since July 2025, a group of hackers has been uploading “poisoned” code packages designed to look like trusted tools. However, they didn’t just upload malicious code; they used psychological tricks.

For instance, they used homoglyphs, which is a method involving using letters that look identical to the naked eye but are different to a computer. A key example is the package Netherеum.All, which used a special “е” to impersonate a famous Ethereum library.

Source: ReversingLabs

To make the scam even more convincing, the hackers used version bumping (releasing dozens of updates in a short time to mimic a busy, reliable project). Some packages even featured fake download counts in the millions to trick developers into thinking the community already trusted the code.

“RL researchers have discovered a malicious #NuGet package that is impersonating “#Netherum,” a popular #Ethereum library. It has over 10M downloads, but these are most definitely artificially inflated,” ReversingLabs’ posted on X (formerly Twitter).

****Who Was Behind the Attacks?****

Regarding who was behind this wave of attacks, researchers observed that a package called SolnetAll was deleted before it could be fully studied. However, further probing revealed it was linked to an author named DamienMcdougal.

This is a significant name because the same author was responsible for other theft-related packages, like NBitcoin.Unified. It appears these attackers are persistent, often moving to a new fake name once they are caught, researchers wrote in the blog post shared exclusively with Hackread.com.

****Three Ways the Money Disappears****

The 14 packages found by ReversingLabs were split into three groups:

9 packages were built to snatch seed phrases and private keys (the master passwords for a crypto wallet). “Malicious code has been subtly injected” into these tools, researchers noted, so it only activates when a user is most vulnerable.

A second group, including Coinbase.Net.Api, used a different trick. If a user tried to send crypto, the malware would quietly swap the destination address with the hacker’s wallet for any transaction over $100.

The package GoogleAds.API focused on stealing OAuth tokens. These tokens allow a hacker to log into a Google Ads account without a password, potentially spending the victim’s money on fraudulent ads.

The impact isn’t limited to the person who downloads the tool. Because these packages are used to build other apps, a developer might accidentally include the stolen code in a product they sell, passing the infection “downstream” to thousands of innocent users. This campaign proves that trust is often the weakest link in digital security.

14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data

Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.

It’s​‍​‌‍​‍‌​‍​‌‍​‍‌ definitely one of the most frustrating things that we all can relate to when we try to watch recorded videos and find them blurred, dull, or noisy. Any phone, a webcam, or an old camera can be your filming device, but the outcome of the new videos won’t necessarily be a perfect ​‍​‌‍​‍‌​‍​‌‍​‍‌shot. 

These​‍​‌‍​‍‌​‍​‌‍​‍‌ days, when consumers demand high-resolution 4K videos, any inferior-quality content can kill the engagement and the length of the ​‍​‌‍​‍‌​‍​‌‍​‍‌audience.

For​‍​‌‍​‍‌​‍​‌‍​‍‌ this reason, a great number of creators in 2025 opt for AI video enhancers. Such tools automatically sharpen the video, increase the resolution, reduce grain, recover lost detail, and even out the color without the need for a skilled user.  

Let’s learn about the best AI video enhancers that you must try. 

**Table of Contents Hide**

1.  Part 1: What Is an AI Video Enhancer and How Does It Work? 
2.  Part 2: Key Features to Look For in an AI Video Enhancer 
3.  Part 3: 10 Best AI Video Enhancers in 2025 
4.  Part 4: How to Choose the Right AI Video Enhancer for You 
    1.  Final Thoughts

****Part 1: What Is an AI Video Enhancer and How Does It Work?** **

An​‍​‌‍​‍‌​‍​‌‍​‍‌ AI video enhancer is a clever instrument that increases the quality of videos automatically by the use of machine learning. Without the need for a human to adjust the exposure, sharpness, or noise, the program looks at each frame and makes the changes that fit best according to what it ​‍​‌‍​‍‌​‍​‌‍​‍‌finds.

AI enhancer

**Most AI enhancers focus on:**

*   **Noise and grain reduction**
*   **Sharpening details and textures**
*   **Upscaling resolution (HD, 4K or higher)**
*   **Color correction and lighting balance**
*   **Frame interpolation for smoother motion**

Put​‍​‌‍​‍‌​‍​‌‍​‍‌ simply, it is like a digital restoration assistant that goes about fixing quality issues without making the footage look fake. Whatever the case is, be it old video, low-light clips, or shaky smartphone recordings, AI can help your footage become quite clear in a matter of a few ​‍​‌‍​‍‌​‍​‌‍​‍‌clicks.

****Part 2: Key Features to Look For in an AI Video Enhancer** **

It​‍​‌‍​‍‌​‍​‌‍​‍‌ is good to understand what differentiates one AI video enhancer from another before you decide which one to get. Having the correct features can be a great time saver and can really make a significant difference in the quality of the final video, particularly in the case of old footage or recordings made in low ​‍​‌‍​‍‌​‍​‌‍​‍‌light.

**Here are a few features worth paying attention to:**

*   **AI upscaling (HD → 4K):** Useful when your original footage isn’t high resolution.
*   **Noise and grain reduction**: Used to make a low-lit or heavily compressed video look cleaner.
*   **Color correction and detail recovery**: Works for color fading and bringing back the lost sharpness.
*   **Batch or cloud-based processing:** Great if you have multiple videos to edit and you want to save time.
*   **Device compatibility:** Desktop, mobile, or web. Choose what fits your workflow.

Having these in mind makes it much easier to find a tool that suits both your content style and editing pace.

AI​‍​‌‍​‍‌​‍​‌‍​‍‌ video enhancement has been evolving rapidly, currently providing a wide range of solutions, from quick social media touch-ups to cinematic restoration and 4K upscaling. In 2025, these are the best AI video enhancers, along with the insights that help you align with your workflow, budget, and creative ​‍​‌‍​‍‌​‍​‌‍​‍‌goals.

1.  **Wondershare Filmora**

Filmora

For creators seeking fast, polished results without a steep learning curve, Filmora delivers versatility. Its AI engine automatically enhances clarity, exposure, and sharpness, while real-time previews and adjustable sliders make fine-tuning effortless. Perfect for educators, social content publishers, or beginners.

**Quick Filmora Workflow:**

*   **Step 1 – Import Your Footage**

Open Filmora, start a new project, and import your video from **File** → **Import Media**.

Import

*   **Step 2 – Apply AI Enhancement**

Drag your clip onto the timeline, click to select it, and the property panel will automatically open on the right side. Go to **Video > Basic > AI Video Enhancer**. 

Apply

*   **Step 3 –  Automatic Optimization**

Turn on the **Auto Enhancement** feature. Drag the slider to adjust the intensity, then click **Generate**.  Filmora automatically selects the best enhancement method for your hardware. If supported (like RTX 30-series GPUs), it runs locally with no limits. Otherwise, it switches to cloud processing.

Optimization

*   **Step 4 – Preview and Export**

Review the enhanced footage in the preview window, make any adjustments, then export your video in high quality up to 4K.                                                 

That’s how easy it is to use Filmora AI Video Enhancer. It brings quality results without much effort. Best for beginners and professional editors. This feature has been improved in Filmora V15 to provide better accuracy and faster processing. Filmora’s “What’s New” page lists all optimization updates, while the guide provides a more detailed overview. 

2.  **Topaz Video Enhance AI**

Topaz

Topaz​‍​‌‍​‍‌​‍​‌‍​‍‌ is the one that really makes a difference when high-resolution upscaling and restoration are needed. It goes deep with learning models that are trained on cinematic data to bring back the finest details, clean up the image from any compression files, and make fabulous 4K or 8K pictures. Although it requires powerful hardware and a bit of waiting, the outcome is really impressive for archival and professional ​‍​‌‍​‍‌​‍​‌‍​‍‌projects.

3.  **HitPaw Video Enhancer**

Hitpaw

For those prioritizing simplicity and speed, HitPaw offers preset AI modes like Face, General, Anime, and Low-Light. Minimal setup is needed, letting creators improve their videos instantly without learning complex editing workflows.

4.  **Runway ML**

Runway

Experimental filmmakers and creative studios will appreciate Runway’s toolbox approach. Beyond enhancing lighting and clarity, it offers object removal, generative fill, and motion editing, unlocking more creative possibilities than typical AI enhancers.

5.  **AVCLabs Video Enhancer AI**

Avclabs

Shaky​‍​‌‍​‍‌​‍​‌‍​‍‌ or dimly lit videos are a challenge, but AVCLabs is a winner in this department. The software enhances the videos by stabilizing, reducing noise, and detailing, especially if the videos are from a handheld camera or an action camera; however, the processing time is a bit ​‍​‌‍​‍‌​‍​‌‍​‍‌longer.

6.  **Pixop**

Pixop

‍​‌‍​‍‌​‍​‌‍​‍‌Being a cloud-based and professional-grade tool, Pixop fits the needs of broadcasters, archivists, and documentary teams perfectly. The user does not have to worry about heavy local hardware, as features such as motion-aware deinterlacing and advanced denoising are processed remotely; thus, large-scale workflows are simply facilitated. ​‍​‌‍​‍‌​‍​‌‍​‍‌

7.  **VEED.io AI Enhancer**

Veed.io

For those needing quick browser-based solutions, VEED provides accessible AI enhancement with integrated templates. While it may not match Topaz or Pixop in advanced restoration, it’s ideal for marketing content, online courses, or fast-turnaround projects.

8.  **Neural.love Video Upscaler**

Neural.love

Neural.love​‍​‌‍​‍‌​‍​‌‍​‍‌ makes the process of bringing back to life old or historical footage quite easy. Its AI is great for the improvement of VHS transfers, personal videos, and even vintage digital files by brightening the color, quieting the noise, and fetching the faded details, all done in an effortless ​‍​‌‍​‍‌​‍​‌‍​‍‌way.

9.  **Filmora Mobile AI Enhancer**

Filmora

Mobile​‍​‌‍​‍‌​‍​‌‍​‍‌ creators take advantage of Filmora’s AI wherever they go. With just a few clicks, it can brighten up the video, bring out the details, and smooth the skin, plus it has ready-to-go export settings for TikTok, Reels, and YouTube Shorts, just what you need for quick, stylish social content right from your ​‍​‌‍​‍‌​‍​‌‍​‍‌phone.

10.  **DVDFab Video Enhancer AI**

DVDfab

Upgrading legacy footage is DVDFab’s speciality. Its AI targets compression files and low-resolution textures in DVDs or older digital files, producing sharper, cleaner videos suitable for archiving or modern viewing experiences.

Choosing the right enhancer depends on your work process, the type of content, and the end goals. If you’re just looking to improve your daily recordings, fix up archival footage, or prepare social media clips, the tools are excellent choices for anyone of any skill level. 

****Part 4: How to Choose the Right AI Video Enhancer for You** **

Choosing the right AI video enhancer is about finding a tool that fits your workflow, content type, and creative goals.

**Here are the key factors to consider**:

*   **Content Type**: Are you working on social media clips, training videos, documentaries, or restoring archival footage? Different tools perform better for different types of content.  
    
*   **Speed vs. Control**: Do you need quick, automated results or detailed control over enhancement settings?  
    
*   **Platform Compatibility**: Will you edit on desktop, mobile, or in a browser? Choose a tool optimized for your preferred platform.  
    
*   **Frequency and Scale**: Are you editing occasionally or managing large volumes of footage? Some tools handle high-volume workflows better.

The ideal enhancer should integrate seamlessly with your process, making video enhancement efficient, reliable, and intuitive.

****Final Thoughts****

AI video enhancement has evolved from a niche feature to one of the most essential tools in modern editing. In any case, AI makes the process faster and more accessible than ever; the technology is there if you are restoring old footage, making some clips shot in a dark environment better, or polishing some content for professional use. All the programs are a great way to get started if you want to find a good enough spot between ease and clever enhancement features. Just give it a shot and see for yourself how far a few tweaks can take your video ​‍​‌‍​‍‌​‍​‌‍​‍‌quality.

(Photo by Alan Alves on Unsplash)

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe.

We are used to clicking through human verification tests and browser updates without second thoughts, but a new threat is using these habits against us.

Cybersecurity researchers at Point Wild’s Lat61 Threat Intelligence Team have discovered a malware campaign that relies on a social engineering trick known as ClickFix. This method involves deceiving people into manually running damaging commands that, in this case, lead to the installation of DarkGate remote-access malware.

****How the Trap Works****

The trouble starts when a user sees a fake message claiming the “Word Online” extension is missing. To view the document, the site tells you to click the “How to fix” button. As we know it, it is easy to fall for this when you are in a hurry. However, this button doesn’t fix anything; instead, it uses JavaScript to stealthily put a PowerShell command onto your clipboard.

The misleading “How to fix” button (Source: Point Wild)

The attackers then guide the user through a series of steps to finalise the infection. They ask you to press Windows+R to open the Run box and then CTRL+V to paste the copied text. Because the user starts this process, the computer’s security might not flag it as a threat.

Point Wild’s threat analyst, Onkar Sonawane, noted in the blog post, shared exclusively with Hackread.com, that this sequence is “designed to prompt the execution of a PowerShell script previously copied to the clipboard without the user realising its malicious intent.”

****Behind the Scenes: DarkGate Infection****

Once the script runs, it reaches out to linktoxic34.com to download and execute a remote HTA file (an HTML application) named nC.hta. This file is saved locally at c:\users\public\nC.hta. Researchers identified that hackers use multiple layers of base64-encoded scripts and “reverse functions” to avoid being caught.

Upon execution of the PowerShell script, a directory is automatically created on your C drive. Into this folder, an AutoIt executable and script (such as script.a3x) are deployed. These components then launch “without user interaction,” continuing the attack chain silently.

Embedded AutoIt script (Source: Point Wild)

Once DarkGate is operational, it performs several malicious actions:

*   It establishes persistence to stay on your computer even after a reboot.
*   It gathers and exfiltrates sensitive user information to the hackers.
*   It uses DES encryption to hide additional files that it drops into new secondary folders.

****Signs of Infection and How to Stay Safe****

An infected system might start freezing, crashing, or showing unauthorised toolbars. You might also notice a high volume of pop-up ads. Researchers suspect that “traditional antivirus software may not immediately detect the initial action” because the system thinks the user is performing a legitimate task. Therefore, to stay safe, never copy and paste code provided by a website to “fix” a browser issue.

As Dr. Zulfikar Ramzan, CTO of Point Wild, and Head of the Lat61 Threat Intelligence Team, explains, “ClickFix turns the victim into the installer. A single ‘How to fix’ click seeds the clipboard and, within seconds, DarkGate is running under the guise of a helpful fix.”

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting reports on the breach.

A major privacy breach has surfaced involving the personal viewing histories of millions of people who once held Pornhub Premium accounts. The cybercriminal gang ShinyHunters claims to have stolen a 94GB database containing over 200 million records (201,211,943 to be precise) of user searches, downloads, and video activity. They’ve already launched an extortion campaign, reportedly demanding ransom in Bitcoin.

According to researchers at digital risks and vulnerabilities management firm Rescana, the trouble began with a security lapse at Mixpanel, a third-party company that tracks website analytics. This is the same company whose breach impacted OpenAI and exposed its API user data last month.

As per Rescana’s blog post and Mixpanel’s official security notice, the breach began on November 8, 2025, when hackers used a smishing attack (sending deceptive text messages to employees to steal their login details) to gain unauthorised access to Mixpanel’s systems.

****Sensitive Data and Extortion****

The stolen files contain deeply private records. According to BleepingComputer, which reviewed samples of the data, the records include:

*   Email addresses and approximate locations (city and country).
*   Activity details like video names, URLs, and search keywords.
*   Timestamps showing when each video was watched or downloaded.

The hackers are already sending extortion emails to affected companies, threatening to leak everything unless they’re paid. It’s worth noting, though, that Pornhub’s own internal systems weren’t directly hacked. The platform has confirmed that sensitive stuff like passwords and credit card details are still secure.

****Verifying the Stolen Data****

To prove the data is real, ShinyHunters shared records from 14 users of Pornhub’s Premium tier. Reuters confirmed the info was authentic after matching details for six of those people against previous leaks held by the firm District 4 Labs. Three of those individuals confirmed they were, in fact, former subscribers. While the hackers won’t say exactly how they got the files, these findings prove real user info is out there.

****Conflicting Reports on Data Access****

It is worth noting that, according to Pornhub’s statement, it officially stopped using Mixpanel in 2021, so these records are at least four years old. But here’s where the story gets messy: the two companies now disagree on what actually happened.

While Pornhub initially blamed the Mixpanel breach, as of December 16, 2025, it has removed those mentions from its official advisory. On that same day, Mixpanel claimed the data was actually last accessed in 2023 by a “legitimate employee account” belonging to Pornhub’s parent company, Aylo. This suggests a separate account compromise rather than a direct hit on the analytics provider’s servers.

Source

HackRead