Vulnerabilities
-
Fake DeepSeek Ads Spread Malware Through Google Search Results
Fake ads impersonating the AI company DeepSeek are spreading malware via Google search results, with the campaign identified by Malwarebytes researchers. The ads lead users to malicious sites that deploy a Trojan targeting cryptocurrency wallets.
-
FamousSparrow Hackers Enhance Cyber Attacks with Modular Backdoor
A China-linked cyberespionage group known as FamousSparrow has intensified its operations by deploying an upgraded version of its backdoor malware, SparrowDoor, against several organizations, including a US-based trade group. ESET researchers have identified significant improvements in the malware’s structure and capabilities, raising concerns about the group’s access to advanced cyber tools.
-
Malaysian PM Declines $10 Million Ransom Following Cyber Attack on Kuala Lumpur Airport
Malaysian Prime Minister Anwar Ibrahim has firmly rejected a $10 million ransom demand from hackers following a cyber attack that disrupted operations at Kuala Lumpur International Airport, emphasizing the importance of national cybersecurity.
-
New Phishing Kit Targets Users by Impersonating 114 Brands Using DNS
Cybersecurity researchers have identified a new phishing-as-a-service platform dubbed Morphing Meerkat, which utilizes DNS records to execute targeted phishing attacks against 114 brands, employing sophisticated techniques to manage and disseminate stolen credentials.
-
RansomHub Affiliates Exploit EDR Tools in Ransomware Attacks
ESET’s recent analysis highlights the alarming tactics employed by RansomHub affiliates, who utilize a custom tool to disable security measures in a coordinated effort with other ransomware groups.
-
Cybersecurity Breach: 150,000 Websites Compromised by Malicious JavaScript
A cybersecurity campaign has compromised approximately 150,000 legitimate websites through malicious JavaScript injections to promote illegal gambling platforms. Analysts highlight the evolving tactics of threat actors, raising concerns over the integrity and security of online spaces.
-
New Variants of SparrowDoor Malware Linked to Chinese Threat Actor FamousSparrow
The Chinese hacking group FamousSparrow has been linked to recent cyber attacks involving new variants of the SparrowDoor malware and the ShadowPad backdoor, targeting a U.S. trade group and a Mexican research institute.
-
RedCurl Cyberspies Adopt Ransomware Tactics Targeting Hyper-V Servers
RedCurl, a cyber-espionage group known for corporate intrusions, has shifted tactics by deploying ransomware designed to encrypt Hyper-V virtual machines. This significant evolution in their operational strategy raises concerns about their intentions and operational objectives.
-
New Atlantis AIO Platform Automates Credential Stuffing Attacks Against 140 Online Services
The newly discovered Atlantis AIO platform automates credential stuffing attacks against 140 online services, including major email and e-commerce platforms, posing significant risks if adequate security measures are not adopted.
-
Google Patches Critical Zero-Day Flaw in Chrome Amid Ongoing Cyber Threats
Google has issued a security patch for Chrome to address a severe zero-day vulnerability exploited in phishing attacks, urging users to update their browser as cyber threats continue to evolve.
