A private-sector offensive actor (PSOA) was discovered by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) using a number…
github
Ukraine-Targeting Malware Indicators Revealed By US Cyber Command
In an effort to stop hackers and emphasize America’s tight ties with Kyiv, the U.S. military publicly disclosed a number of malware indications in…
Remote Code Execution is Caused via Prototype Pollution in Blitz.js.
A critical prototype pollution vulnerability in Blitz.js, a JavaScript online application framework, has been patched to prevent remote code execution (RCE) on Node.js servers.…
Android virus called “Revive” poses as the 2FA app for BBVA bank.
The 2FA application necessary to access BBVA bank accounts in Spain is impersonated by a new Android banking malware called Revive. Instead of aiming…
Chinese hackers are disseminating an SMS bomber tool that contains malware
As part of a recently revealed effort, a threat cluster connected to the hacking organisation Tropic Trooper has been seen employing previously unknown malware…
Google’s OAuth client library for Java had a major flaw
Last month Google patched a severe flaw in its OAuth client library for Java; the actors can exploit the flaw by using a compromised…
Eternity Project: A Threat Actor’s Swiss Army Knife
Threat actors have unveiled a new all-in-one cybercrime solution that is said to benefit both sophisticated and low-level attackers. The new malware-as-a-service, dubbed ‘Eternity…
Malware being sold on Telegram as part of the “Eternity project”
An unknown threat actor has been identified as the developer of a malware toolkit called the “Eternity Project”. The malware allows professional and amateur…
A fresh perspective on “fileless” malware: Event logs carrying harmful code
Security researchers have discovered a malicious campaign that stores malware in Windows event logs, a technique that has never been publicly described for attacks…
Java encryption implementation error made it trivial to forge credentials
A critical flaw in the Java JDK’s handling of some encryption procedures makes it simple for attackers to create fake credentials. Oracle resolved the…