Executive Summary Cyble Research and Intelligence Labs (CRIL) observed a notable rise in Android malware campaigns masquerading as the Indian RTO (Regional Transport Office) applications and target Indian users to steal sensitive information. The malware spreads mainly through WhatsApp messages and SMS containing shortened URLs that appear as the RTO app, mParivahan, which redirect to GitHub-hosted APKs, and via compromised websites. Once installed, the malware uses phishing pages to capture ...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
A critical security flaw in Microsoft's WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to deliver malware or do other damage. Microsoft is urging organizations to apply a patch to their systems. The post Critical Microsoft WSUS Security Flaw is Being Actively Exploited appeared first on Security Boulevard.| Security Boulevard
Do you love cracked software or game hacks? You might have fallen for malicious videos in the YouTube Ghost Network scam.| Make Tech Easier
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.| Securelist
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.| Securelist
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.| Securelist
Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale. The post The Smishing Deluge: China-Based Campaign Flooding Global Text Messages appeared first on Unit 42.| Unit 42
Un experto del equipo GReAT de Kaspersky analiza en profundidad la nueva campaña del grupo RevengeHotels, que utiliza scripts generados con inteligencia artificial, correos de phishing personalizados y el troyano de acceso remoto VenomRAT.| securelist.lat
Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek.| SecurityWeek
Verticals Targeted: None specified Regions Targeted: Russia Related Families: None Executive Summary ClayRAT, a sophisticated Android spyware campaign targeting Russian users, leverages Telegram channels and phishing sites to distribute malicious APKs disguised as popular apps. Its rapid evolution, extensive surveillance capabilities, and self-propagation via SMS make it a significant threat to mobile security.| PolySwarm Main Blog
A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds. The post Inside a Crypto Scam Nexus appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
A group has been targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate payment and government identity applications. The operators exhibit distinct domain registration patterns, often reusing TLS certificates and grouping domains to resolve to the same IP addresses, with a strong operational focus during Eastern Asia's daytime hours. The post Banker Trojan Targeting Indonesian and Vietnamese Android Users appeared first on DomainTools Investigations | ...| DomainTools Investigations | DTI
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of October, 2025”| ASEC
XiebroC2 Identified in MS-SQL Server Attack Cases ASEC| ASEC
PhantomVAI is a new loader used to deploy multiple infostealers. We discuss its overall evolution and use of steganography and obfuscated scripts.| Unit 42
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
I am looking for guidance on how to effectively isolate the Tor process through hardware isolation to enhance security against sophisticated attacks, including those at the hardware and firmware levels. As we know, the Tor Browser has vulnerabilities inherited from Firefox, which can be exploited by hackers to reveal a user's real IP address. While Whonix provides a solution by isolating the Tor process using virtual machine technology, advanced attackers can still exploit vulnerabilities in ...| Recent Questions - Tor Stack Exchange
Indirect prompt injection can poison long-term AI agent memory, allowing injected instructions to persist and potentially exfiltrate conversation history. The post When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory appeared first on Unit 42.| Unit 42
Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group's distinctive toolset lead to uncovering their existence. The post Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite appeared first on Unit 42.| Unit 42
We connect Bookworm malware to Chinese APT Stately Taurus using our attribution framework, enhancing our understanding of threat group tradecraft. The post Bookworm to Stately Taurus Using the Unit 42 Attribution Framework appeared first on Unit 42.| Unit 42
Un viejo consejo de seguridad vuelve a estar de moda: no copies ni pegues comandos que te diga una web. […]| OpenSecurity
Kivarsは2010年頃から観測されている、攻撃グループBlackTechが使用するマルウェアです。BlackTech...| IIJ Security Diary
﷽| cocomelonc
SMS Stealer malware targeting Android users: Over 105,000 samples identified| Help Net Security
While digging into the ReadDirectoryChanges API, I noticed it supports an asynchronous callback via LPOVERLAPPED_COMPLETION_ROUTINE. Most people use this API to monitor file system changes, but wha…| 🔐Blog of Osanda
Citizen Lab validates Amnesty International investigation showing targeting of staff member and Saudi activist with NSO Group's technology.| The Citizen Lab
Mexican journalists, lawyers and a child were targeted with infection attempts using NSO Group's government-exclusive Pegasus spyware and Trident exploits.| The Citizen Lab
Research note uncovering use of NSO Group's Pegasus spyware and exploit framework to target Mexican senators and senior politicians in June and July 2016| The Citizen Lab
Nowadays, businesses face multiple cybersecurity challenges that can cripple operations if not properly managed. From malware that damages systems to phishing scams that steal sensitive data, this guide highlights the most common cyberthreats and offers practical steps for safeguarding your business. Implementing strong protection measures, such as training your team and leveraging external IT experts, […]| VTech Support
Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed. After investigation, we discovered the infection originated from a malicious modification in the active theme’s functions.php file. This injected PHP code silently fetched external JavaScript from attacker-controlled domains and inserted it into the site’s front-end. Behind the Breach We found a suspicious ...| Sucuri Blog
Find out how a WordPress backdoor can stealthily maintain unauthorized access to your website and what to do about it.| Sucuri Blog
Spear phishing is an email scam targeted towards a specific individual, organization or business. Cybercriminals are targeting these businesses and high earning individuals because it can be much more lucrative for them. We don’t want anyone to get phished, so in this article, we The post How to Prevent Malware: Top Strategies for Effective Defense appeared first on Inspired eLearning.| Inspired eLearning
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of September, 2025”| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of September, 2025”| ASEC
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, […]| ASEC
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had been active in secret for […]| ASEC
This report provides the statistics and major ransomware-related issues in Korea and worldwide, as well as the number of affected systems and ransomware cases based on Dedicated Leak Sites (DLS) over the course of August 2025. Below is a summary of the report. Disclaimer: The number of ransomware samples and damaged systems is based […]| ASEC
﷽| cocomelonc
﷽| cocomelonc
Short investigation into a stealth crypto miner running in a qbittorrent container| apogliaghi.com
StilachiRAT is a recently discovered malware strain that infects PCs under the guise of browser extensions, and steals cryptocurrency.| Gridinsoft Blogs
Aiocpa package in PyPI repository appeared as an impostor, with malicious functionality added after it was considered credible by users| Gridinsoft Blogs
APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.| Sekoia.io Blog
Depuis quelques semaines, une entreprise française, Data Access, se livre à un petit business particulièrement peu scrupuleux : elle achète de nombreux noms de domaines évoquant des logiciels libres populaires (par exemple, keepass.fr) et les fait pointer vers un site proposant le téléchargement du logiciel en question. Mais au lieu de pointer vers un build … Continuer la lecture de Méfiez-vous des sources de téléchargement de vos logiciels libres→Articles similaires : Encore de...| Infobidouille
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of September, 2025”| ASEC
This report comprehensively covers actual cyber threats and security issues related to financial companies in South Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and the industry statistics of leaked Korean accounts on Telegram. A detailed […]| ASEC
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will provide insights for defending against […]| ASEC
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post provides a technical analysis of […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of September, 2025”| ASEC
DireWolf Ransomware Group The DireWolf ransomware group made their first appearance in May 2025. On May 26 of the same month, they disclosed their first 6 victims on a darknet leak site, marking the beginning of their full-fledged activities. The group stated that their only goal is money and contacts their victims through the Tox […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of August, 2025”| ASEC
Warning About NightSpire Ransomware Following Cases of Damage in South Korea ASEC| ASEC
2025年6月、TINYSHELLをベースに開発された新しいLinux用マルウェアのドロッパーが発見されました。このマル...| IIJ Security Diary
UnicornはBlack Hat USA 2015で発表および公開された、QEMUをベースとしたCPUエミュレータフレ...| IIJ Security Diary
2025年5月頃、これまで観測されていない新種のローダーを含む複数のファイルが圧縮されたZIPファイルがVirusTot...| IIJ Security Diary
﷽| cocomelonc
﷽| cocomelonc
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...| HACKMAGEDDON
Rorschach is a new ransomware sample discovered in the wild. It boasts extraordinarily fast encryption and advanced detection evasion methods.| Gridinsoft Blogs
Experten beobachten neue komplexe Angriffe in Osteuropa der ATP-Gruppe Gruppe Curly COMrades die mit ihren Angriffen russische Interessen unterstützen. Dabei w| B2B Cyber Security
Ransomfree and Malwarebytes are considered two of the best ransomware protection tools available. Ransomfree is known for its ability to detect and block| Internet Safety Statistics
Explore data privacy and data security and how they work together to create a secure and empowering digital presence for Individuals and Organisations.| Internet Safety Statistics
Keeping your site safe from cyber attacks is crucial but is it easy? Learn how to remove malware from WordPress in easy steps.| Internet Safety Statistics
| mrT4ntr4's Blog
| mrT4ntr4's Blog
The emergence of new AI technology and large language models have made it easier for cybercriminals to generate phishing campaigns.| Help Net Security
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 ASEC| ASEC
July 2025 Threat Trend Report on Ransomware ASEC| ASEC
July 2025 Trend Report on Phishing Emails ASEC| ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project ASEC| ASEC
July 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site ASEC| ASEC
﷽| cocomelonc
﷽| cocomelonc
﷽| cocomelonc
﷽| cocomelonc
﷽| cocomelonc
Used by two of XProtect’s malware detection features, Yara rules are valuable way to check whether files satisfy a logical condition, and more.| The Eclectic Light Company
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.| securelist.com
ERMAC 3.0 Android banking trojan's code has been leaked online, exposing the malware's infrastructure and its ability to target 700+ apps.| Android Headlines
Software ist eines der größeren Einfallstore für Schadsoftware auf einem Mac. Grund genug für Apple, nur die Installation geprüfter Software zuzulassen. Was aber, wenn ihr eine ganz spezifische Anforderung habt von einem kleinen Entwickler und macOS diese verweigert? Es gibt eine Lösung! Kann eine Prüfung schützen? Auf den ersten Blick…| Jörg Schieb | Digital und KI
The vulnerability, a directory traversal bug, was addressed in WinRAR version 7.13.| CySecurity News - Latest Information Security and Hacking Incidents
Find out how malicious JavaScript injects suspicious content and affects website safety, revealing critical security concerns.| Sucuri Blog
Al estudiar un caso de respuesta a incidentes, los expertos de Kaspersky descubrieron un nuevo malware que abusa los procesos del driver TrhottleStop para cerrar los procesos antivirus. Las soluciones de Kaspersky contrarrestan y detectan esta amenaza.| securelist.lat
A sophisticated social engineering campaign by the EncryptHub threat group that combines impersonation tactics with technical exploitation to compromise corporate networks.| Cyber Security News
Virus and malware threats are spreading daily; who knows where that will lead in 2023? Without protection, every user risks becoming a victim.| Gridinsoft Blogs
Im ersten Quartal 2025 gab es einen Rückgang bei den Ransomware-Angriffen, so die Ergebnisse eines aktuellen Internet Security Reports. Die Gesamtzahl einzigar| B2B Cyber Security
Im Juni 2025 war Formbook für mehr als 15 Prozent aller Malware-Angriffe in Deutschland verantwortlich, so die Ergebnisse eines aktuellen Reports. Gleichzeitig| B2B Cyber Security
Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth.| Unit 42
Wenn Infostealer oder Ransomware zuschlagen, landen Daten in fremden Händen oder sind professionell hochgradig verschlüsselt. Diese Szenarien sollte eine gute| B2B Cyber Security
Sicherheitsforscher von Trend Micro berichten, dass die Schadsoftware Lumma Stealer in einer neuen, verbesserten Version zurück ist. Die Malware ist schwerer z| B2B Cyber Security
Adware is definitely one of the most annoying types of unwanted programs. What is adware? In this article we'll be answering this question.| Gridinsoft Blogs
Red Canary’s Detection Engineering team has discovered a new worm-like Windows malware being distributed via removable USB drives. The malware was| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Bluesky, Twitter (X) and Facebook at @Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
research shared with TechCrunch ahead of publication on Tuesday| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto