Tag: malicious
-
Malicious Scanning Waves Slam Remote Desktop Services
Researchers say the huge spike of coordinated scanning for Microsoft RDP services could indicate the existence of a new, as-yet-undisclosed vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/malicious-scanning-remote-desktop-services
-
77 Malicious Android Apps With 19M Downloads Targeted 831 Banks Worldwide
Zscaler reports 77 Android apps on Google Play with 19 million installs spread malware, hitting 831 banks and… First seen on hackread.com Jump to article: hackread.com/77-malicious-android-apps-19-million-install-banks/
-
Weaponized PuTTY Delivered via Malicious Bing Ads Targets Kerberos and Active Directory Services
Tags: cyber, cybersecurity, detection, exploit, malicious, malware, microsoft, service, vulnerabilityCybersecurity incidents increasingly exploit human vulnerabilities, including those of privileged users, as demonstrated in recent compromises involving trojanized versions of the PuTTY SSH client distributed through malvertising on Microsoft’s Bing search engine. LevelBlue’s Managed Detection and Response (MDR) Security Operations Center (SOC) recently investigated multiple cases where attackers masqueraded malicious PuTTY executables as legitimate downloads,…
-
Weaponized PuTTY Delivered via Malicious Bing Ads Targets Kerberos and Active Directory Services
Tags: cyber, cybersecurity, detection, exploit, malicious, malware, microsoft, service, vulnerabilityCybersecurity incidents increasingly exploit human vulnerabilities, including those of privileged users, as demonstrated in recent compromises involving trojanized versions of the PuTTY SSH client distributed through malvertising on Microsoft’s Bing search engine. LevelBlue’s Managed Detection and Response (MDR) Security Operations Center (SOC) recently investigated multiple cases where attackers masqueraded malicious PuTTY executables as legitimate downloads,…
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
PhpSpreadsheet Library Vulnerability Lets Attackers Inject Malicious HTML Input
A criticalServer-Side Request Forgery (SSRF)vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assignedCVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries ahigh severity ratingwith CVSS v3.1 score of7.5and CVSS v4.0 score of8.7. Vulnerability Details The security flaw was discovered by Aleksey…
-
Behind the Coinbase breach: Bribery emerges as enterprise threat
Coinbase’s widely praised incident response: Coinbase’s transparency, firm stance against the ransom, quick remediation, and willingness to compensate its customers earned wide praise from cybersecurity professionals.According to Coinbase’s Martin, the hackers resorted to paying help desk workers in India precisely because the company had built such a robust security program. Bribery, according to Martin, was…
-
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.”Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said. “This creates crucial…
-
New AI attack hides data-theft prompts in downscaled images
Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-ai-attack-hides-data-theft-prompts-in-downscaled-images/
-
ThreatActors Leverage Google Classroom to Target 13,500 Organizations
Google Classroom, a popular educational platform, has been exploited by threat actors to launch a major phishing campaign in a complex operation discovered by Check Point researchers. Over a single week from August 6 to August 12, 2025, attackers disseminated more than 115,000 malicious emails across five coordinated waves, targeting approximately 13,500 organizations globally. These…
-
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.”A malicious…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
This ‘Lethal Trifecta’ Can Trick AI Browsers Into Stealing Your Data
AI browsers have a critical flaw: They can’t tell safe commands from malicious text. Patches help, but guardrails are essential to keeping your data safe. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-browsers-security-flaw-perplexity-comet/
-
This ‘Lethal Trifecta’ Can Trick AI Browsers Into Stealing Your Data
AI browsers have a critical flaw: They can’t tell safe commands from malicious text. Patches help, but guardrails are essential to keeping your data safe. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-browsers-security-flaw-perplexity-comet/
-
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter.The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin said. “These pages are designed to entice recipients into downloading JavaScript First seen…
-
Proxyware Malware Poses as YouTube Video Download Site, Delivering Malicious JavaScript
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages. This operation, which mimics legitimate video downloading services, tricks users into installing malicious executables disguised as benign tools like WinMemoryCleaner. The attackers leverage GitHub for malware hosting, a tactic consistent with…
-
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/
-
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking users into downloading malicious APK files. The campaign, linked to the same threat actor previously…
-
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
-
Chinese Developer Jailed for Deploying Malicious Code at US Company
A Chinese developer has been sentenced to four years in prison after being found to deploy malicious code in his employer’s network, including a “kill switch” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-developer-malicious-code-us/
-
Developer Sentenced to Four Years for Sabotaging Employer’s Systems
Davis Lu was convicted in March of deploying malicious code in the systems of his employer, Eaton, when his job responsibilities change and then deployed a kill switch that denied employees access to the systems when he was fired in 2019. He was sentenced this month to four years in prison. First seen on securityboulevard.com…
-
New Android Spyware Masquerading as Antivirus Targets Business Executives
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution. Attackers disseminate the malicious APK file via private messages in popular messengers, disguising it as…
-
Unmasking KorPlug Malware: TTPs, Control Flow, and Exposed IOCs
As part of the ongoing analysis of the KorPlug malware family, this second installment focuses on the complex second-stage payload, expanding on earlier discoveries of DLL side-loading methods that use legitimate programs to execute code initially. The payload, a malicious DLL with SHA-256 hash b6b239fe0974cf09fe8ee9bc5d0502174836a79c53adccdbb1adeb1f15c6845c, measures 638,976 bytes (624 KB) and is structured as an…
-
Hackers Abuse Python eval/exec Calls to Run Malicious Code
Threat actors are increasingly abusing native evaluation and execution functions to conceal and execute malicious payloads within innocent-looking packages on PyPI. Security researchers warn that while static analysis libraries such as hexora can detect many obfuscation techniques, attackers continue innovating ways to slip harmful code past simple scanners. Supply chain attacks targeting Python packages have surged, with…
-
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities.”Initial access is achieved through spear-phishing emails,” CYFIRMA said. “Linux BOSS environments are targeted via weaponized .desktop First seen on thehackernews.com…
-
Critical Tableau Server Flaws Allows Malicious File Uploads
Salesforce has addressed multiple critical security vulnerabilities in Tableau Server and Desktop that could enable attackers to upload malicious files and execute arbitrary code. The vulnerabilities, disclosed on August 22, 2025, were proactively identified during a security assessment and patched in the July 22, 2025 maintenance release. Critical Type Confusion Vulnerability The most severe flaw, CVE-2025-26496,…