Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has…
Tag: Security Affairs
New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR
A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in…
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing Triad, a group of Chinese cybercriminals targeting consumers across the globe.…
Kelly Benefits December data breach impacted over 400,000 individuals
Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed. Benefits and payroll solutions firm Kelly & Associates Insurance Group, aka Kelly Benefits, announced that the impact of a recently disclosed…
A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
A hacker stole data from TeleMessage, exposing messages from its modified Signal, WhatsApp, and other apps sold to the U.S. government. A hacker stole customer data from TeleMessage, an Israeli firm selling modified versions of popular messaging apps, such as…
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP…
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications.…
US authorities have indicted Black Kingdom ransomware admin
A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. for 1,500 attacks on Microsoft Exchange servers. U.S. authorities have indicted Rami Khaled Ahmed (aka “Black Kingdom,” of Sana’a, Yemen), a 36-year-old Yemeni national, suspected of being…
Malicious Go Modules designed to wipe Linux systems
Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. The malicious modules contain obfuscated code to fetch next-stage payloads that can wipe a Linux system’s primary…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised…