Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
Summary: The North Korea-linked APT group Lazarus is employing the ClickFix technique to deliver malware through fake job interviews targeting cryptocurrency developers. This campaign, identified as ClickFake Interview, continues Lazarus’s focus on exploiting the cryptocurrency sector to steal valuable assets. With a history of targeting software developers through various campaigns, they have successfully amassed significant amounts of cryptocurrency through deception and social engineering tactics.…
Read More
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Summary: This week’s cybersecurity insights highlight vulnerabilities in widely used systems like Chrome and Kubernetes, as well as emerging threats from phishing-as-a-service operations. The coverage includes data leaks, ransomware trends, and the importance of vigilance against common oversights that can lead to security breaches. Additionally, the impact of recent legal cases and developments in AI-driven cyber threats are discussed.…
Read More
Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)
A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patched in Firefox, a ransomware fine was issued to a UK company, and numerous vulnerabilities were identified in solar inverters.…
Read More
Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging
APT28 has been observed conducting cyber espionage activities focusing on Central Asia and Kazakhstan. This analysis explores a heavily obfuscated malware sample, assessing its capabilities, particularly its use of VBScript and interaction with a command-and-control server. Affected: APT28, Central Asia, Kazakhstan

Keypoints :

APT28 is engaged in cyber espionage targeting Central Asia and Kazakhstan.…
Read More
Investigative Journalists in Serbia Hit by Advanced Spyware Attack
Summary: Two Serbian journalists from the Balkan Investigative Reporting Network (BIRN) were targeted with Pegasus spyware, confirming a disturbing trend of digital surveillance against civil society in Serbia. This incident marks the third use of Pegasus spyware against Serbian activists in recent years, highlighting the ongoing repression and intimidation faced by journalists.…
Read More
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
Summary: Russian security researchers have uncovered a sophisticated malware targeting media and educational institutions in Russia, exploiting a zero-day vulnerability in Google Chrome known as CVE-2025-2783. Dubbed “Operation ForumTroll,” the attack involved phishing emails that led victims to malicious links, allowing for immediate infection. Kaspersky suggests that state-sponsored hackers are likely responsible for this intricate operation, which has since seen the malicious links disabled but cautions against future risks of exploitation.…
Read More
Summary: ADGUARD’s recent report reveals that advertising companies are using deceptive applications and browser extensions to steal private information from users, impacting over 11 million individuals. These malicious programs masquerade as legitimate ad-blocking or optimization tools, collecting sensitive data while misleading users about their privacy practices.…
Read More

Summary: The video discusses episode 839 of the Simply Cyber Daily Cyber Threat Brief, where the host shares insights from a mobile studio while preparing for a speaking engagement at Dakota Con. The episode covers a range of cybersecurity news topics, including a data breach at SpyX, a vulnerability in backup software, the use of spyware by law enforcement, and an ongoing Microsoft Windows zero-day vulnerability.…
Read More
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Summary: This week’s cybersecurity news roundup highlights key developments, including significant legal rulings, vulnerability disclosures, and actions against malicious activities. Notably, a former Uber security chief’s conviction was upheld, and critical security vulnerabilities were identified in popular software. The roundup aims to provide a broader understanding of the evolving cybersecurity landscape.…
Read More
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
Summary: A report by The Citizen Lab reveals that several governments, including Australia and Canada, are suspected customers of Israeli spyware company Paragon Solutions. Their tool, Graphite, targets sensitive data from messaging apps and has been linked to sophisticated attacks on individuals worldwide, leading to a significant response from both WhatsApp and Apple regarding security measures.…
Read More
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
Summary: WhatsApp has patched a zero-click vulnerability exploited by Paragon’s Graphite spyware, which targeted journalists and civil society members. The company notified 90 affected Android users globally and emphasized the importance of holding spyware companies accountable. This incident highlights the ongoing challenges in ensuring digital privacy amidst advanced surveillance technologies.…
Read More
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
Summary: A North Korean threat actor, ScarCruft, has developed an Android surveillance tool called KoSpy that targets Korean and English-speaking users through deceptive apps on the Google Play Store. Additionally, a series of npm packages linked to another North Korean campaign are designed to deploy malware and steal sensitive information.…
Read More
Zero-Day Exploits: How They Work and Why They Are So Dangerous
This article explores zero-day vulnerabilities, which are unknown software flaws that can be exploited by cybercriminals before any patch is available, leading to significant security risks. The piece highlights recent cases of zero-day attacks such as WannaCry and recent patches from Apple, emphasizing the need for robust defenses and responsible disclosure practices to protect against such threats.…
Read More
North Korean Hackers Distributed Android Spyware via Google Play
Summary: A North Korean APT group, ScarCruft, has been distributing a surveillance tool known as KoSpy via Google Play, targeting primarily Korean and English-speaking users. The spyware, disguised as utility applications, enables extensive data collection from infected devices, including SMS, call logs, and location data. Lookout, a cybersecurity firm, has identified multiple instances of this malware and noted its active use since March 2022.…
Read More
Android Apps Laced With North Korean Spyware Found in Google Play
Summary: Researchers have identified multiple Android apps that, despite passing Google Play’s security checks, are secretly uploading sensitive user data to North Korean intelligence. These apps, which appear as utility tools, collect various personal information including SMS messages, call logs, and location data. The detected malware, named KoSpy, highlights the risk of installing seemingly legitimate applications from app marketplaces.…
Read More