Tag: malicious

AI-Driven Obfuscated Malicious Apps Bypassing Antivirus Detection to Deliver Malicious Payloads

Nov 21, 2025 7:49 PM

Tags: ai, antivirus, control, cyber, cybersecurity, detection, intelligence, malicious, malware, service, threat

Cybersecurity researchers have identified a sophisticated malware campaign leveraging artificial intelligence to enhance obfuscation techniques, enabling malicious applications to circumvent traditional antivirus detection systems. The threat actors behind the campaign are distributing trojanized applications impersonating a prominent Korean delivery service, employing a multi-layered approach to evade security controls and maintain persistent command-and-control (C2) infrastructure. The…
Cybercriminals Exploit Browser Push Notifications to Deliver Malware

Nov 21, 2025 7:49 PM

Tags: control, cybercrime, exploit, malicious, malware

Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/browser-push-notifications-deliver/
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
CVE-2025-50165: Critical Flaw in Windows Graphics Component

Nov 20, 2025 10:49 PM

Tags: access, attack, control, cve, cvss, data, exploit, flaw, malicious, microsoft, office, programming, rce, remote-code-execution, risk, threat, update, vulnerability, windows

IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

Nov 20, 2025 8:49 PM

Tags: attack, cisa, cve, cyber, exploit, fortinet, government, malicious, risk, update, vulnerability, waf, zero-day

Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

Nov 20, 2025 8:49 PM

Tags: attack, cisa, cve, cyber, exploit, fortinet, government, malicious, risk, update, vulnerability, waf, zero-day

Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
GlobalProtect VPN portals probed with 2.3 million scan sessions

Nov 20, 2025 6:49 PM

Tags: malicious, network, vpn

A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/globalprotect-vpn-portals-probed-with-23-million-scan-sessions/
Critical 7-Zip Vulnerability CVE-2025-11001 Prompts NHS Cyber Alert

Nov 20, 2025 2:49 PM

Tags: cve, cyber, flaw, malicious, vulnerability

A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action. First seen on thecyberexpress.com…
Critical 7-Zip Vulnerability CVE-2025-11001 Prompts NHS Cyber Alert

Nov 20, 2025 2:49 PM

Tags: cve, cyber, flaw, malicious, vulnerability

A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action. First seen on thecyberexpress.com…
New Eternidade Stealer Uses WhatsApp to Steal Banking Data

Nov 20, 2025 2:49 PM

Tags: banking, data, finance, login, malicious, software

Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets. First seen on hackread.com Jump to article: hackread.com/eternidade-stealer-whatsapp-steal-banking-data/
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

Nov 20, 2025 1:49 PM

Tags: authentication, hacking, malicious, network, social-engineering, tactics

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts.Investigators identified thousands of malicious URLs First seen on thehackernews.com Jump to article:…
Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood

Nov 20, 2025 12:49 PM

Tags: endpoint, login, malicious

GlobalProtect login endpoints targeted, sparking concern that something bigger may be brewing First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/palo_alto_traffic_flood/
Ollama Flaws Let Hackers Run Any Code Using Malicious Model Files

Nov 20, 2025 9:49 AM

Tags: ai, cyber, flaw, github, hacker, malicious, open-source, vulnerability

Critical security vulnerabilities discovered in Ollama, one of GitHub’s most popular open-source projects with over 155,000 stars, could allow attackers to execute arbitrary code on vulnerable systems. The flaws affect Ollama versions before 0.7.0, putting countless AI enthusiasts and developers who use the platform to run large language models locally at risk. Understanding the Vulnerability…
NSA Issues New Guidance to Help ISPs and Defenders Stop Malicious Activity

Nov 20, 2025 9:49 AM

Tags: cisa, cyber, cybercrime, cybersecurity, data, extortion, finance, framework, infrastructure, international, Internet, malicious, network, ransomware, service

The National Security Agency (NSA), CISA, FBI, and international cybersecurity partners have released groundbreaking guidance to help internet service providers and network defenders combat bulletproof hosting providers. This new framework, published November 19, 2025, represents a coordinated effort to mitigate cybercriminal infrastructure that actively supports ransomware, data extortion, and other malicious activities targeting critical infrastructure and financial…
7-Zip RCE Vulnerability Actively Exploited by Hackers

Nov 20, 2025 9:49 AM

Tags: cve, cvss, cyber, cybersecurity, exploit, flaw, hacker, malicious, rce, remote-code-execution, risk, software, vulnerability

Cybersecurity researchers have reported active exploitation of a critical vulnerability in 7-Zip, the popular file compression software used by millions worldwide. The flaw, tracked as CVE-2025-11001, poses serious risks as attackers are leveraging it to execute malicious code remotely on vulnerable systems. Vulnerability Details CVE ID Vulnerability Type CVSS Score Affected Product CVE-2025-11001 File Parsing…
API Security Essentials: A Comprehensive Checklist for Securing your API FireTail Blog

Nov 20, 2025 1:46 AM

Tags: access, api, attack, authentication, breach, control, cyber, data, data-breach, defense, encryption, exploit, hacker, injection, malicious, network, open-source, penetration-testing, risk, risk-assessment, service, sql, threat, tool, unauthorized, vulnerability

Nov 19, 2025 – Alan Fagan – 1. Validating User Input One of the cornerstones of API security is to validate user input. Failing to do so accurately can lead to a security issues such as injection attacks and Cross-Site Scripting. When users send data to your API, no matter the type, it should be…
NDSS 2025 Understanding Miniapp Malware: Identification, Dissection, And Characterization

Nov 19, 2025 11:49 PM

Tags: computing, detection, finance, Internet, malicious, malware, mobile, network, privacy, risk, service, threat, unauthorized

———– SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University) ———– PAPER Understanding Miniapp Malware: Identification, Dissection, and Characterization Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing…
Chinese PlushDaemon Hackers Exploit EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers

Nov 19, 2025 9:49 PM

Tags: attack, china, cyber, dns, exploit, group, hacker, malicious, network, software, threat, tool, update

ESET researchers have uncovered a sophisticated attack chain orchestrated by the China-aligned threat actor PlushDaemon, revealing how the group leverages a previously undocumented network implant, EdgeStepper, to conduct adversary-in-the-middle attacks. By compromising network devices and redirecting DNS queries to malicious servers, PlushDaemon intercepts legitimate software updates and replaces them with trojanized versions containing the SlowStepper…
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website

Nov 19, 2025 9:49 PM

Tags: attack, captcha, cyber, data, group, infrastructure, malicious, ransomware, threat, tool

A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a website CAPTCHA. The compromise underscores a harsh reality: deploying advanced security tools does not guarantee security coverage or effective threat…
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website

Nov 19, 2025 9:49 PM

Tags: attack, captcha, cyber, data, group, infrastructure, malicious, ransomware, threat, tool

A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a website CAPTCHA. The compromise underscores a harsh reality: deploying advanced security tools does not guarantee security coverage or effective threat…
Nova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto Wallets

Nov 19, 2025 9:49 PM

Tags: crypto, cyber, macOS, malicious, malware, threat, update

A sophisticated new macOS malware campaign dubbed >>Nova Stealer
Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

Nov 19, 2025 8:49 PM

Tags: botnet, malicious, router, russia

Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, pulling them into a large malicious network. SecurityScorecard…
Operation WrtHug hijacks 50,000+ ASUS routers to BÃ¬build global botnet

Nov 19, 2025 7:49 PM

Tags: botnet, malicious, router, russia

Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, pulling them into a large malicious network. SecurityScorecard…
W3 Total Cache WordPress plugin vulnerable to PHP command injection

Nov 19, 2025 6:49 PM

Tags: exploit, flaw, injection, malicious, vulnerability, wordpress

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/w3-total-cache-wordpress-plugin-vulnerable-to-php-command-injection/
NDSS 2025 The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps

Nov 19, 2025 6:49 PM

Tags: access, authentication, credentials, cve, Internet, leak, malicious, mobile, network, service, threat, tool, vulnerability

———– SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Yizhe Shi (Fudan University), Zhemin Yang (Fudan University), Kangwei Zhong (Fudan University), Guangliang Yang (Fudan University), Yifan Yang (Fudan University), Xiaohan Zhang (Fudan University), Min Yang (Fudan University) PAPER The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps In recent…
RCE Vulnerability in glob CLI Poses Major CI/CD Security Risk

Nov 19, 2025 4:49 PM

Tags: flaw, malicious, rce, remote-code-execution, risk, vulnerability

A glob CLI flaw lets attackers run commands via malicious filenames, putting CI/CD pipelines at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rce-vulnerability-in-glob-cli-poses-major-ci-cd-security-risk/
RCE Vulnerability in glob CLI Poses Major CI/CD Security Risk

Nov 19, 2025 4:49 PM

Tags: flaw, malicious, rce, remote-code-execution, risk, vulnerability

A glob CLI flaw lets attackers run commands via malicious filenames, putting CI/CD pipelines at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rce-vulnerability-in-glob-cli-poses-major-ci-cd-security-risk/