Tag: malicious

Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps

Dec 17, 2025 9:19 AM

Tags: access, android, attack, control, cyber, google, malicious, malware, mobile, spyware, threat, tool

A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The malware address a significant escalation in Android-targeted threats, combining complete device control, real-time surveillance, and…
CASB buyer’s guide: What to know about cloud access security brokers before you buy

Dec 17, 2025 9:19 AM

Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trust

cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
ClickFix Spoof of “Word Online” Used to Spread DarkGate Malware

Dec 17, 2025 9:19 AM

Tags: attack, cyber, defense, malicious, malware, social-engineering, threat

A sophisticated social engineering campaign leveraging a fake >>Word Online>ClickFix
Parked Domains Emerge as a Primary Channel for Malware and Phishing

Dec 17, 2025 9:19 AM

Tags: attack, cyber, malicious, malware, phishing, scam, strategy

The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for cybercrime. New research into the modern parking ecosystem reveals a startling reality: over 90% of visitors to parked domains encounter malicious content, scams, or phishing attacks a stark reversal from conditions…
FortiGate firewall credentials being stolen after vulnerabilities discovered

Dec 17, 2025 5:19 AM

Tags: access, advisory, ai, attack, authentication, best-practice, breach, ceo, cisa, credentials, cve, cyberattack, cybersecurity, data, data-breach, exploit, firewall, flaw, fortinet, hacker, infrastructure, Internet, kev, least-privilege, login, malicious, network, password, software, theft, threat, update, vulnerability

CSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against…
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw

Dec 17, 2025 12:19 AM

Tags: backdoor, china, exploit, flaw, google, group, intelligence, malicious, threat

Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw

Dec 17, 2025 12:19 AM

Tags: backdoor, china, exploit, flaw, google, group, intelligence, malicious, threat

Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
Cellik Android malware builds malicious versions from Google Play apps

Dec 17, 2025 12:19 AM

Tags: android, cybercrime, google, malicious, malware, service

A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/
GhostPoster attacks hide malicious JavaScript in Firefox addon logos

Dec 17, 2025 12:19 AM

Tags: attack, browser, malicious

A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/
Microsoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server Components

Dec 16, 2025 9:19 PM

Tags: authentication, cve, cvss, cyber, malicious, microsoft, mitigation, rce, remote-code-execution, risk, vulnerability

Microsoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerability enables attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request, representing an unprecedented risk to modern React-based web…
Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Dec 16, 2025 5:19 PM

Tags: crypto, cybersecurity, data, malicious

Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer.The malicious package, named “Tracer.Fody.NLog,” remained on the repository for nearly six years. It was published by a user named “csnemess” on February 26, 2020. It masquerades as…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
When Love Becomes a Shadow: The Inner Journey After Parental Alienation

Dec 16, 2025 8:19 AM

Tags: awareness, data, identity, malicious

There’s a strange thing that happens when a person you once knew as your child seems, over years, to forget the sound of your voice, the feel of your laugh, or the way your presence once grounded them. It isnt just loss – it’s an internal inversion: your love becomes a shadow. Something haunting, familiar,…
Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps

Dec 15, 2025 9:19 PM

Tags: android, credentials, cyber, finance, github, government, india, malicious, malware, phishing, risk, service

A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that…
ClickFix Attack Abuses finger.exe to Execute Malicious Code

Dec 15, 2025 9:19 PM

Tags: attack, cyber, cybersecurity, malicious, malware, social-engineering, threat, windows

Cybersecurity researchers have identified a resurgence in the abuse of legacy Windows protocols, specifically the finger.exe command, to facilitate social engineering attacks. Since November 2025, threat actors have integrated this decades-old utility into the >>ClickFix
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed

Dec 15, 2025 7:19 PM

Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerability

Your employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed

Dec 15, 2025 7:19 PM

Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerability

Your employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
Phantom Stealer Uses ISO Files to Breach Windows Systems

Dec 15, 2025 4:19 PM

Tags: breach, malicious, windows

Operation MoneyMount-ISO uses malicious ISO files to deliver Phantom Stealer to Windows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phantom-stealer-uses-iso-files-to-breach-windows-systems/
Phantom Stealer Uses ISO Files to Breach Windows Systems

Dec 15, 2025 4:19 PM

Tags: breach, malicious, windows

Operation MoneyMount-ISO uses malicious ISO files to deliver Phantom Stealer to Windows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phantom-stealer-uses-iso-files-to-breach-windows-systems/
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Dec 15, 2025 11:19 AM

Tags: cybersecurity, email, finance, malicious, phishing, russia

Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images.The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll First…
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity

Dec 15, 2025 9:19 AM

Tags: access, cyber, defense, detection, edr, endpoint, group, malicious, phishing, risk, threat

Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This represents a significant escalation in the group’s capabilities and poses a critical risk to organizations relying on traditional defense…
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks

Dec 15, 2025 9:19 AM

Tags: attack, cyber, data, dos, flaw, framework, linux, malicious, nvidia, service, vulnerability

NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA…
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity

Dec 15, 2025 9:19 AM

Tags: access, cyber, defense, detection, edr, endpoint, group, malicious, phishing, risk, threat

Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This represents a significant escalation in the group’s capabilities and poses a critical risk to organizations relying on traditional defense…
Critical Plesk Vulnerability Allows Users to Gain Root-Level Access

Dec 15, 2025 9:19 AM

Tags: access, control, cyber, flaw, malicious, threat, vulnerability

A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and gain root-level access to affected systems. This flaw poses a significant threat to web hosting providers and organisations that rely on Plesk for server management. Vulnerability Overview The vulnerability allows malicious…
Cybersecurity leaders’ top seven takeaways from 2025

Dec 15, 2025 8:19 AM

Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability

2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
Cybersecurity leaders’ top seven takeaways from 2025

Dec 15, 2025 8:19 AM

Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability

2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
The Great Masquerade: How AI Agents Are Spoofing Their Way In

Dec 11, 2025 7:32 PM

Tags: ai, detection, malicious

AI agents like Grok now spoof human identities to bypass bot detection, blurring the line between legitimate crawlers and malicious scrapers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/the-great-masquerade-how-ai-agents-are-spoofing-their-way-in/
The Great Masquerade: How AI Agents Are Spoofing Their Way In

Dec 11, 2025 7:32 PM

Tags: ai, detection, malicious

AI agents like Grok now spoof human identities to bypass bot detection, blurring the line between legitimate crawlers and malicious scrapers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/the-great-masquerade-how-ai-agents-are-spoofing-their-way-in/