A critical Windows vulnerability that has been exploited since 2017 by state-sponsored threat actors has been uncovered recently by researchers. The vulnerability, tracked as ZDI-CAN-25373, allows attackers to execute hidden malicious commands on victims’ machines by leveraging specially crafted Windows…
Tag: Cyber Security News
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code
ClearFake, a malicious JavaScript framework first identified in July 2023, has evolved with sophisticated new social engineering tactics. Originally designed to display fake browser update pages, the framework has undergone significant developments, incorporating more advanced deception techniques to deliver malware…
Hackers Employ DLL Side-Loading To Deliver Malicious Python Code
A sophisticated cybersecurity threat has emerged as threat actors have begun leveraging DLL side-loading techniques to distribute malicious Python code. This attack vector allows hackers to bypass standard security controls by exploiting the way legitimate applications search for and load…
Bybit Hack – Sophisticated Multi-Stage Attack Details Revealed
Cryptocurrency exchange Bybit detected unauthorized activity involving its Ethereum cold wallets, leading to a major security breach. The incident occurred during an ETH multisig transaction facilitated through Safe{Wallet}, when attackers intervened and manipulated the transaction, ultimately siphoning over 400,000 ETH…
Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data
A sophisticated cyber espionage campaign has been uncovered where threat actors are masquerading as recruiters to target job seekers and employees of specific organizations. The attackers send phishing emails disguised as job opportunities from legitimate industrial organizations, attaching malicious files…
Cloudflare to Implement Post-Quantum Cryptography to Defend Attacks from Quantum Computers
Cloudflare has announced the first phase of end-to-end quantum readiness for its Zero Trust platform, enabling organizations to protect their corporate network traffic against future quantum computer threats. The initiative, which builds on Cloudflare’s research into post-quantum cryptography since 2017,…
New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users
A sophisticated new phishing campaign has been discovered that exploits Microsoft 365’s legitimate infrastructure to conduct highly convincing credential harvesting and account takeover attempts. Unlike traditional phishing attempts that rely on lookalike domains or email spoofing, this attack leverages Microsoft’s…
331 Malicious Apps with 60 Million Downloads on Google Play Bypass Android 13 Security
Security researchers from Bitdefender have uncovered a large-scale ad fraud campaign involving 331 malicious apps on the Google Play Store. These apps, which have accumulated over 60 million downloads, exploit vulnerabilities in Android 13 to bypass security restrictions and carry…
Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data
Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. The sophisticated malware has been observed in targeted attacks against financial institutions, government…
DocSwap Malware as Security Document Viewer Attacking Android Users Worldwide
A sophisticated malware campaign dubbed “DocSwap” has emerged targeting Android users globally by disguising itself as a legitimate document security and viewing application. The malware leverages social engineering tactics to trick users into installing what appears to be a productivity…