Tag: cyber
-
Mirax Android RAT Hijacks Infected Phones as Residential Proxies
A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
-
Mirax Android RAT Hijacks Infected Phones as Residential Proxies
A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
-
Keine Entwarnung trotz Rückgang der Cyber-Angriffe in Deutschland um zwölf Prozent
Check Point Research (CPR), die Sicherheitsforschung-sabteilung von Check Point Software Technologies, hat in seinem seinen Monthly-Cyber-Threat-Report für März 2026 erstmals seit langem einen großflächigen Rückgang der Cyberangriffe beobachtet. Global waren Unternehmen durchschnittlich 1995 Cyber-Angriffe pro Woche ausgesetzt, fünf Prozent weniger als im Vorjahreszeitraum. In der DACH-Region spiegelt sich dieser Trend verstärkt wider: In Deutschland sanken…
-
PlugX USB Worm Hits Multiple Continents via DLL Sideloading
A new PlugX USB worm variant is driving fresh infection waves across several continents, using DLL sideloading and stealthy USB-based propagation to evade detection. First observed in Papua New Guinea in August 2022, the same strain resurfaced months later not only in the Pacific Rim but also in Ghana, Mongolia, Zimbabwe, and Nigeria, underscoring a…
-
Botnet Exposed: Hackers Leave Worker Access and Root Passwords Wide Open
Hackers have left a live Twitter/X credential”‘stuffing botnet effectively unlocked, exposing its full command”‘and”‘control stack, worker fleet, and root passwords to anyone who knows where to look. The C2 runs on a Windows Server 2019 instance hosted by Hetzner in Falkenstein, Germany, with RDP, SMB, and WinRM all exposed alongside the Flask panel, indicating a…
-
Janela RAT Spreads via Fake MSI Installers, Malicious Extensions
Janela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers host MSI installation files disguised as legitimate software installers. Unsuspecting users in Chile, Colombia, and Mexico the campaign’s primary targets are lured into downloading these…
-
AI Codex Exploits Samsung TV Driver Flaw to Gain Root Access
A new experiment has shown how an AI coding assistant, Codex, can independently escalate privileges on a Samsung Smart TV by abusing dangerously exposed kernel drivers in Samsung’s KantS2 Tizen firmware. Working from an existing browser foothold, Codex chained together source-code auditing, physical memory access, and credential tampering to turn a sandboxed browser process into…
-
CISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security Flaws
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Microsoft Windows Common Log File System (CLFS) and Microsoft Exchange Server. Federal agencies and private organizations are strongly…
-
Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey
With global cyber threats escalating and budget cuts looming, CISA needs a Senate-confirmed director. It’s time to confirm Sean Plankey. First seen on cyberscoop.com Jump to article: cyberscoop.com/national-security-ntsc-op-ed-sean-plankey-cisa-confirmed-director/
-
Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware
Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross”‘platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging over LinkedIn and then moving conversations to Telegram group chats with multiple fake “partners” to…
-
How AI is transforming threat detection
Tags: ai, attack, automation, best-practice, business, ceo, cisa, cve, cyber, data, detection, email, endpoint, framework, google, governance, group, incident response, intelligence, international, jobs, kev, malware, network, nist, organized, phishing, risk, skills, soc, switch, technology, threat, toolReducing alert fatigue: In alert triage, AI agents are reducing alert fatigue by clustering alert patterns and enabling risk-based prioritization, adds Dipto Chakravarty, chief product and technology officer at Black Duck.For example, natural language processing agents can summarize threat alerts at scale and correlate them with threat intel feeds such as CVE.org and the CISA KEV Catalog,…
-
The AI inflection point: What security leaders must do now
The questions have matured: The AI discussion in security has evolved in phases.First came skepticism from security leaders, asking whether AI actually works in security operations. Given years of overpromised technology, the caution was warranted.Experimentation followed, with questions centering on what types of work AI should handle and where it introduces risk.Now, the dominant questions…
-
The AI inflection point: What security leaders must do now
The questions have matured: The AI discussion in security has evolved in phases.First came skepticism from security leaders, asking whether AI actually works in security operations. Given years of overpromised technology, the caution was warranted.Experimentation followed, with questions centering on what types of work AI should handle and where it introduces risk.Now, the dominant questions…
-
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
Tags: attack, cyber, cybersecurity, exploit, flaw, hacker, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. The vulnerability poses a significant risk to organizations relying on outdated versions of the software for internal collaboration, as it…
-
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
SAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service (DoS), and code injection flaws. SAP strongly advises all administrators to review these updates and…
-
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
Deutschland ist im Visier staatlicher Hacker.Hybride Attacken auf kritische Infrastruktur in Deutschland und Bundeswehr-Truppen im Ausland nehmen weiter zu. Spätestens seit 2022 sei ein spürbarer Zuwachs zu verzeichnen, sagte der Bundeswehr-Inspekteur Cyber- und Informationsraum, Vizeadmiral Thomas Daum, bei einem Pressetermin bei der Nato-Cyberabwehrübung «Locked Shields» im niederrheinischen Kalkar. Cyber-Angriffe gegen die Bundeswehr richteten sich gegen Rechenzentren in…
-
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
In an unusual development within the underground cyber world, a dark web article contest has been announced on a well-known dark web forum, TierOne forum. The initiative is backed by a $10,000 prize pool. The contest places a spotlight on technical writing centered around vulnerability exploitation, offering insight into how knowledge is shared and rewarded in these spaces. First…
-
Synology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive Files
Synology has recently released a crucial security update to fix two notable vulnerabilities in its SSL VPN Client utility. Tracked under the security advisory Synology-SA-26:05, these flaws could allow remote attackers to access sensitive system files and intercept secure network traffic. The Synology SSL VPN Client is a popular tool used to establish encrypted connections…
-
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a novel SMTP-based command-and-control (C2) mechanism. The discovery indicates a new phase in APT41’s Linux and cloud-targeted…
-
CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, kev, sql, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet software. On April 13, 2026, CISA added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat actors are actively exploiting this weakness in real-world cyberattacks. CISA maintains this authoritative database to help…
-
Rockstar’s GTA Game Hacked, 78.6 Million Records Published Online
Rockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers executed a supply-chain attack through a third-party analytics platform, highlighting the escalating risk of integrated…
-
Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware
Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi”‘stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search”‘engine poisoning, trojanized installers, and fileless techniques to stay under the radar while swapping victims’ wallet addresses with those controlled by attackers. The infection typically begins when users…
-
NSFOCUS Threat Intelligence Interviewed in The Top Trends Shaping Threat Intelligence in Asia Pacific Report by International Authority
Forrester, an international authoritative consulting firm, released “The Top Trends Shaping Threat Intelligence in Asia Pacific”. With its deep technical accumulation, product system and mature solutions in the field of threat intelligence, NSFOCUS was interviewed for the report. As enterprises cope with the rapidly changing cybersecurity and regulatory environment in the Asia-Pacific region, threat intelligence…The…
-
Top 10 Best Single Sign-On (SSO) Vendors For Enterprises in 2026
In the fast-evolving digital landscape of 2026, enterprises grapple with an ever-growing number of applications and services. Employees, partners, and customers interact with a multitude of platforms daily, often leading to >>password fatigue<< a phenomenon where users juggle countless credentials, resorting to weak, reused, or written-down passwords. This not only frustrates users but also creates…
-
Anthropic’s Mythos signals a structural cybersecurity shift
Tags: access, ai, attack, business, ciso, control, corporate, cyber, cybersecurity, defense, exploit, governance, network, offense, risk, supply-chain, technology, updateClaude Mythos Preview is a step up: A separate analysis from the UK’s AI Security Institute (AISI) evaluated Mythos Preview itself.The evaluations involved both capture-the-flag (CTF) challenges and more complex ranges designed to simulate multi-step attack scenarios, where the model outperformed other AI systems.Mythos Preview came out on top in a 32-step corporate network attack…
-
Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos
Two reports from former high-level U.S. cyber officials and the UK government’s top AI research institution reveal how top defenders think about the tool’s hacking capabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/claude-mythos-ai-cybersecurity-threat-report/
-
Cybersecurity in an Age of Geopolitical Fracture
Why Cyber Risk Is Now Shaped as Much by Nations as by Hackers Wars are becoming more frequent, and are no longer only kinetic. They are just as active in the cyber world, with impacts much larger than can be imagined. This also leads to state-sponsored hacktivists targeting the critical infrastructure of nations. First seen…
-
prompted 2026 Three Phases Of Al Adoption
Author, Creator & Presenter: Chase Hasbrouck, Chief of Forensics/Malware Analysis, United States Army Cyber Command Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-three-phases-of-al-adoption/