SPOOFING Archives - Cybersecurity News Everyday

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity

This article explores the infrastructure patterns of two state-linked cyber threat groups based in Russia and China, focusing on Gamaredon and RedFoxtrot. It highlights their use of fast flux DNS techniques for operational stealth and the reuse of TLS certificates among others. Furthermore, it discusses the implications of these patterns for cybersecurity defenses.…

Cyber Security News

WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files

April 9, 2025 Cyware

Summary: A security advisory from Facebook Security has revealed a spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows that could allow hackers to send disguised malicious attachments. This issue affects all versions prior to 2.2450.6 and poses significant risks, as seemingly harmless files could execute harmful code.…

Cyber Security News

Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

April 9, 2025 BleepingComputer

Summary: Microsoft’s April 2025 Patch Tuesday addresses 134 vulnerabilities, including one actively exploited zero-day and multiple critical flaws that enable remote code execution. The updates are currently available for Windows Server and Windows 11, with Windows 10 updates expected shortly. Affected organizations should prioritize these updates to protect their systems from potential exploits.…

Cyber Security News

WhatsApp flaw can let attackers run malicious code on Windows PCs

April 9, 2025 BleepingComputer

Summary: Meta has issued a warning for Windows users to update the WhatsApp messaging app due to a critical vulnerability (CVE-2025-30401) that could allow attackers to execute malicious code. The flaw, related to file handling based on filename extension, was found in all WhatsApp versions prior to 2.2450.6 and has since been patched.…

Cyber Security News

WhatsApp for Windows Spoofing Vulnerability Poses Code Execution Risk

April 8, 2025 Cyware

Summary: A security advisory from Facebook reveals a spoofing vulnerability in WhatsApp for Windows (CVE-2025-30401) that could allow attackers to execute arbitrary code by manipulating file attachments. This issue arises from a discrepancy between how the application displays MIME types and handles file extension openings. Users of vulnerable versions are urged to update their application to version 2.2450.6 or later to mitigate this risk.…

Cyber Security News

Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services

April 8, 2025 CybersecurityNews

Summary: A cybercriminal group known as the Smishing Triad is intensifying smishing activities targeting consumers in the US and UK with fraudulent texts related to toll payment services. This campaign involves the use of deceptive messages that impersonate legitimate toll agencies, demanding payments for fictitious unpaid tolls and soliciting sensitive personal information.…

Cyber Security News

EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

April 8, 2025 BleepingComputer

Summary: The threat actor EncryptHub has been connected to SkorikARI after self-infection led to exposure of credentials, allowing researchers to track both cybercriminal and security research activities. The exposed credentials revealed links to Windows zero-day vulnerabilities that EncryptHub reportedly disclosed to Microsoft. This duality of identity reflects a complex individual straddling the line between malware development and ethical research.…

Cyber Security News

Social Media Flooded with Ghibli AI Images—But What Are We Really Feeding the Algorithms?

April 7, 2025 CybersecurityNews

Summary: The viral trend of AI-generated art, particularly Ghibli-style portraits, raises significant privacy concerns as users unknowingly share sensitive biometric data. While the transformation of selfies into whimsical anime characters captivates audiences, it also poses risks of data misuse, identity theft, and exploitation by AI algorithms.…

Cyber Security News

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

April 5, 2025 CybersecurityNews

Summary: A lone wolf actor, known as EncryptHub, has been identified by Microsoft as the discoverer of two Windows security flaws while simultaneously engaging in cybercrime. The individual, originating from Ukraine and now in Romania, has compromised over 618 high-value targets and utilized advanced techniques in malware development, including reliance on OpenAI’s ChatGPT.…

Threat Research

Unmasking EncryptHub: Help from ChatGPT & OPSEC Blunders

April 4, 2025April 4, 2025 iocOne

This article provides an in-depth exploration of EncryptHub, a rising cybercriminal, detailing his background, mistakes in operational security (OPSEC), and reliance on AI tools like ChatGPT in his malicious activities. The story reflects the duality of EncryptHub’s aspirations as a legitimate security researcher and his descent into cybercrime.…

Cyber Security News

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

April 4, 2025 CybersecurityNews

Summary: Microsoft has issued warnings about multiple phishing campaigns utilizing tax-related themes to distribute malware and steal credentials. These campaigns employ sophisticated methods like URL shorteners and QR codes to mask malicious intent while targeting thousands of organizations, especially in the U.S. The attacks often involve a phishing-as-a-service platform, RaccoonO365, and various malware types, including remote access trojans and information stealers.…

Cyber Security News

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities

April 2, 2025 CybersecurityNews

Summary: Google and Mozilla have released Chrome 135 and Firefox 137, addressing nearly two dozen security vulnerabilities, including high-severity memory safety bugs. Chrome 135 includes 14 security fixes, while Firefox 137 resolves eight security defects, some of which could lead to code execution. Users are encouraged to update their applications promptly, as no active exploitation of these vulnerabilities has been reported.…

Cyber Security News

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

April 2, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified enhanced malware loaders, including Hijack Loader and SHELBY, that use advanced evasion tactics and innovative command-and-control methods. Hijack Loader introduces call stack spoofing and anti-VM checks, while SHELBY operates through GitHub for remote control and data exfiltration. Meanwhile, Emmenhtal loader has been distributing SmokeLoader via phishing emails using .NET…

Threat Research

Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon

April 2, 2025 Unit42

Researchers from Unit 42 have identified a rise in sophisticated phishing tactics that leverage QR codes and URL redirection to compromise user credentials. These methods obscure the true destination of phishing links, making it easier for attackers to deceive victims, particularly in sectors such as medical, automotive, education, energy, and finance.…

Threat Research

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

April 1, 2025 Sophos

In late January 2025, an MSP administrator fell victim to a sophisticated phishing email that mimicked an authentication alert for a remote management tool, leading to a ransomware attack by Qilin actors. This incident emphasizes the vulnerabilities faced by MSPs and their clients to phishing campaigns.…

Cyber Security News

Morphing Meerkat’s Phishing Tactics: Abusing DNS MX Records

April 1, 2025 CybersecurityNews

Summary: A recent report by Infoblox Threat Intelligence details a sophisticated phishing operation named Morphing Meerkat, which utilizes DNS techniques to create tailored phishing content for victims. The operation dynamically serves fake login pages mimicking over 100 brands, employing advanced methods to evade detection and enhance effectiveness.…

Threat Research

Analyzing New HijackLoader Evasion Tactics

April 1, 2025 ZScaler

HijackLoader is a modular malware loader discovered in 2023, capable of delivering payloads and employing various evasion techniques. Recently uncovered modules feature advanced tactics such as call stack spoofing, virtual machine detection, and persistence through scheduled tasks. Affected: malware, cybersecurity sector, antivirus software

Keypoints :

HijackLoader is a malware downloader first identified in 2023, continually receiving updates.…

Threat Research

Major Cyber Attacks Targeting Transportation & Logistics Industry

March 29, 2025 SocRadar

The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…

Cyber Security News

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

March 28, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified a new malware named CoffeeLoader, which is designed to download and execute secondary malware payloads while evading detection. This sophisticated loader exhibits behavioral similarities to the previously known SmokeLoader and employs various techniques to bypass security measures. CoffeeLoader primarily targets users through phishing campaigns and exploits vulnerabilities in systems for persistence and execution.…

Cyber Security News

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

March 27, 2025 CybersecurityNews

Summary: CISA has added two critical vulnerabilities affecting Sitecore CMS to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. These flaws allow attackers to execute arbitrary code through deserialization vulnerabilities. Additionally, there are ongoing exploit attempts against DrayTek devices and a new vulnerability in the Next.js…

Tag: SPOOFING