Tag: MOBILE

CoffeeLoader: A Brew of Stealthy Techniques
Zscaler ThreatLabz has uncovered CoffeeLoader, a sophisticated malware family capable of bypassing detection mechanisms and deploying second-stage payloads. Originating in September 2024, CoffeeLoader employs advanced evasion techniques like GPU execution, call stack spoofing, and sleep obfuscation. It is primarily distributed through SmokeLoader and can utilize DGA for command-and-control communication.…
Read More
Unsecured Loans: How Hidden Flaws in Digital Lending Platforms Could Cripple Your Fintech Business
Digital lending platforms face significant security challenges, including unprotected endpoints, inadequate identity verification, and a lack of comprehensive encryption. These vulnerabilities pose risks not only to the platforms but also to customer trust and regulatory compliance. Financial institutions must take immediate action to fortify their security measures to avoid reputational damage and financial loss.…
Read More
New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players
A new phishing campaign targets Counter-Strike 2 players through complex browser-in-the-browser (BitB) phishing attacks using fake pop-up windows that impersonate legitimate sites. The campaign aims to steal Steam credentials, especially affecting fans of the esports team Navi, with potential resale of compromised accounts on various platforms.…
Read More
Defense Contractor Morse Corp Settles Cybersecurity Fraud Allegations for .6M
Summary: Morse Corp Inc., a Massachusetts defense contractor, will pay .6 million to settle allegations of cybersecurity fraud after misrepresenting compliance with federal cybersecurity standards. The lawsuit was initiated by whistleblower Kevin Berich, with the U.S. Department of Justice supporting the case, revealing that the company failed to implement essential cybersecurity controls.…
Read More
Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability
Summary: Google has released a critical security update for Chrome to address the high-severity vulnerability CVE-2025-2783 affecting the Windows version of the browser. The update, made available on March 25, 2025, fixes an issue within the Mojo component that could lead to potential system compromises. Users are advised to manually check for updates and exercise caution while browsing to avoid falling victim to exploits.…
Read More
Pentesting for Biotech: Simulating a Cyberattack on Your Genomic Data
Biotech firms, holding sensitive data such as patient genomes and drug formulas, are prime targets for cyberattacks due to their high value. Cybercriminals can exploit such data for financial gain, leading to risks that include compromised patient safety and legal penalties. Biotech penetration testing is crucial to safeguard against these threats, simulating attacks to identify and mitigate vulnerabilities in systems critical to research and patient data.…
Read More
Abracadabra Cyberattack: How Hackers Drained M from DeFi Platform
Summary: Abracadabra, a decentralized finance (DeFi) platform, suffered a cyberattack resulting in the theft of nearly million in cryptocurrency from its gmCauldrons. The incident has raised concerns across the cryptocurrency market, particularly affecting entities relying on liquidity tokens from decentralized exchanges. Abracadabra is actively working to mitigate the impact and has even offered a bug bounty to the hacker for the return of the stolen funds.…
Read More
Beyond the Scanner: How Phishers Outsmart Traditional Detection Mechanisms
The article discusses the evolving tactics used by phishers to evade detection by traditional URL scanning techniques. It highlights various methods, including geo-fenced filtering, user-agent filtering, and parameter-based filtering, that cybercriminals use to keep their phishing attacks active. The CloudSEK XVigil platform plays a crucial role in detecting these sophisticated phishing attempts.…
Read More
Malaysia Braces for Cyberattacks During Hari Raya: Cyber999 Issues Warning
Summary: A significant rise in cybersecurity incidents has been reported in Malaysia since early 2025, prompting Cyber999 to issue an advisory for heightened vigilance and preventive measures. The ongoing threats include ransomware, data breaches, and various scams, especially during the festive season. Key recommendations for system administrators, financial institutions, and home users are provided to mitigate these risks.…
Read More
Alleged Snowflake hacker consents to extradition from Canada after US charges
Summary: Connor Riley Moucka, allegedly involved in some of the biggest cybersecurity incidents of 2024, has consented to extradition from Canada to the U.S. to face multiple charges related to a significant cyberattack on Snowflake. Over 165 companies, including major organizations, were breached, resulting in the theft of sensitive login information and alarming data losses.…
Read More
Cyberattack Hits Ukrainian State Railway, Disrupting Online Ticket Sales
Summary: A large-scale cyberattack targeting Ukrzaliznytsia, Ukraine’s state railway operator, caused significant disruptions to online ticket purchasing, leading to long lines at Kyiv’s central railway station. Despite the cyberattack, train schedules remained unaffected, and the railway continues to operate, playing a crucial role in domestic and international travel amidst ongoing conflicts.…
Read More
AI Cyberattacks on the Rise: Are Australian Businesses Ready to Defend Themselves?
Summary: A recent survey reveals a significant disconnect between perceptions of cybersecurity preparedness among Australian security leaders and employees. While most security leaders feel confident about their employees’ cybersecurity knowledge, only half of the employees agree, highlighting a serious issue in readiness against rising AI-driven cyber threats.…
Read More
Ransomware Attack Hits Union County, Exposing Residents’ Personal Data
Summary: Union County, Pennsylvania, experienced a ransomware attack compromising personal information of over 40,000 residents. Discovered on March 13, 2025, the attack has prompted investigations by county officials and federal law enforcement to assess the extent of data theft. Residents are being urged to take proactive measures to protect their personal information amid ongoing cybersecurity enhancements.…
Read More
Browser-in-the-Browser attacks target CS2 players’ Steam accounts
Summary: A phishing campaign targeting Counter-Strike 2 players has emerged, utilizing Browser-in-the-Browser (BitB) attacks to create a fake Steam login interface. Attackers impersonate a well-known e-sports team to lend credibility to their scams, which aim to steal users’ Steam account credentials. The campaign promotes malicious sites that offer enticing in-game items in exchange for login information, potentially resulting in stolen accounts being sold on the grey market.…
Read More
New Android malware uses Microsoft’s .NET MAUI to evade detection
Summary: New Android malware campaigns leveraging Microsoft’s .NET MAUI framework have emerged, allowing attackers to disguise malicious apps as legitimate services to evade detection. These tactics, first reported by McAfee, pose a significant security risk, especially as targeting could expand beyond China and India. The use of multi-layered encryption and the unique storage of app logic in binary blob files complicates detection efforts further.…
Read More