PHISHING Archives - Cybersecurity News Everyday

SVG Phishing Malware Being Distributed with Analysis Obstruction Feature

A recent investigation by AhnLab Security Intelligence Center (ASEC) has uncovered a phishing malware distributed in Scalable Vector Graphics (SVG) format. This malware embeds malicious scripts encoded in Base64, effectively using SVG’s capabilities to evade detection. It exploits users by redirecting them to counterfeit CAPTCHA pages which are designed to hinder analysis and capture sensitive information.…

Cyber Security News

Russian Intelligence Impersonates CIA in Phishing Attacks

March 31, 2025 CybersecurityNews

Summary: Silent Push Threat Analysts uncovered a large-scale phishing operation allegedly operated by Russian Intelligence Services targeting citizens sympathetic to Ukraine. The campaign uses fraudulent websites impersonating trusted entities such as the CIA and various military groups to harvest personal information from victims. This cyber-espionage operation highlights a sophisticated tactic to suppress dissent among Russian civilians and military personnel.…

Cyber Security News

Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading

March 31, 2025 CybersecurityNews

Summary: A targeted malware campaign by the Russian state-aligned group Gamaredon is exploiting Windows shortcut files to disseminate the Remcos backdoor, primarily targeting users in Ukraine. By masquerading as sensitive military documents, this operation takes advantage of the ongoing geopolitical strife, using sophisticated techniques for stealth and access retention.…

Threat Research

Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump

March 31, 2025 admin

This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…

Cyber Security News

Lucid: The Rising Threat of Phishing-as-a-Service

March 30, 2025 CybersecurityNews

Summary: The report by Prodaft reveals the emergence of Phishing-as-a-Service (PhAAS) platforms, particularly focusing on the Lucid platform operated by Chinese-speaking threat actors. This platform facilitates large-scale phishing attacks targeting individuals and organizations worldwide through sophisticated mechanisms that exploit messaging technologies. The rise of such platforms underscores a growing threat landscape, intensifying the risks associated with financial cybercrime and the need for enhanced security measures.…

Cyber Security News

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

March 29, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified a new Android banking malware named Crocodilus that specifically targets users in Spain and Turkey. This sophisticated malware employs advanced techniques for device takeover and credential theft, masquerading as a legitimate application. It showcases the growing complexity and danger of modern mobile threats, especially within the banking sector.…

Threat Research

Major Cyber Attacks Targeting Transportation & Logistics Industry

March 29, 2025 SocRadar

The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…

Threat Research

MAR-25993211-r1.v1 Ivanti Connect Secure (RESURGE)

March 29, 2025 CISA

CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…

Cyber Attack

Retail giant Sam’s Club investigates Clop ransomware breach claims

March 29, 2025 BleepingComputer

Summary: Sam’s Club is currently investigating potential claims of a ransomware breach involving the Clop ransomware gang, which has added the retailer to its dark web leak site. Although no proof of the breach has been published, the investigation focuses on member information security and privacy.…

Threat Research

Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques

March 29, 2025 Cyfirma

The report details Konni RAT, a sophisticated remote access Trojan that targets Windows systems for espionage and data exfiltration. It utilizes a multi-stage attack process leveraging batch files, PowerShell scripts, and VBScript to covertly collect sensitive data and maintain persistence, all while avoiding detection through complex evasion tactics.…

Threat Research

Lotus Blossom: New Sagerunex Backdoor Variants Are Targeting APAC Governments

March 28, 2025 Picussecurity

The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…

Cyber Security News

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

March 28, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified a new malware named CoffeeLoader, which is designed to download and execute secondary malware payloads while evading detection. This sophisticated loader exhibits behavioral similarities to the previously known SmokeLoader and employs various techniques to bypass security measures. CoffeeLoader primarily targets users through phishing campaigns and exploits vulnerabilities in systems for persistence and execution.…

Cyber Attack

Hackers target Taiwan with malware delivered via fake messaging apps

March 28, 2025 LeakNews

Summary: Hackers have targeted users in Taiwan with PJobRAT malware delivered through fake messaging apps, SangaalLite and CChat, replicated to resemble legitimate platforms. This campaign, which lasted nearly two years, impacted a limited number of specific individuals while enhancing the control hackers had over infected devices.…

Threat Research

TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications

March 28, 2025 Cyble

The TsarBot Android Banking Trojan targets over 750 applications, employing phishing sites and overlay attacks to steal sensitive information. It can manipulate the device’s screen, perform fraudulent transactions, and capture user credentials via a fake lock screen. This threat emphasizes the persistent dangers posed by banking malware.…

Cyber Attack

In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked

March 28, 2025 LeakNews

Summary: This week’s cybersecurity news roundup highlights significant developments, including advancements in quantum computing, a phishing incident involving a prominent expert, and a high-profile hack of NYU’s website. The roundup also covers emerging ransomware threats and updates on security measures from Google, along with notable data breaches affecting users.…

Cyber Security News

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

March 28, 2025 CybersecurityNews

Summary: Mozilla has released updates to fix a critical security flaw in its Firefox browser, identified as CVE-2025-2857, which could lead to a sandbox escape. This vulnerability mirrors a recent issue in Google Chrome, which has already been exploited in the wild. Users are urged to update their browsers to protect against potential risks.…

Cyber Security News

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

March 28, 2025 CybersecurityNews

Summary: Security researchers have identified several hijacked cryptocurrency packages on the npm registry that have been modified to harvest sensitive information from compromised systems. These packages, some of which have been in existence for over 9 years, contain obfuscated scripts that exfiltrate data to a remote server.…

Cyber Security News

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

March 28, 2025 CybersecurityNews

Summary: A new campaign utilizing the PJobRAT Android malware has been detected, targeting users in Taiwan under the guise of chat applications. This malware, previously aimed at Indian military personnel, has evolved to harvest sensitive information while masquerading as messaging apps. Security researchers indicate its operation spanned nearly two years before pausing in October 2024.…

Interesting Stuff

Detecting Obfuscated PowerShell Attacks Using Sysmon and the ELK Stack

March 28, 2025March 28, 2025 iocOne

This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defenders with hands-on experience in threat detection. The lab teaches students to recognize malicious activities, log telemetry, and utilize practical tools for cybersecurity defenses.…

Tag: PHISHING