The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.

Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.

The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek.

The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.

The post 400,000 Linux Servers Hit by Ebury Botnet  appeared first on SecurityWeek.

Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention.

The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek.

Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.

The post Adobe Patches Critical Flaws in Reader, Acrobat appeared first on SecurityWeek.

Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.

The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.

Apple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS.

The post Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS appeared first on SecurityWeek.

The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.

The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek.

A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.

The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek.

Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.

The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.

Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.

The post Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data  appeared first on SecurityWeek.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.

Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.

The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.

The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek.

In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.

The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.

US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.

The post Kaiser Permanente Data Breach Impacts 13.4 Million Patients appeared first on SecurityWeek.

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.

A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.

The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.

A threat actor tracked as CoralRaider has been using multiple infostealers to harvest credentials from users worldwide.

The post Threat Actor Uses Multiple Infostealers in Global Campaign appeared first on SecurityWeek.

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.

The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations  appeared first on SecurityWeek.

Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.

The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability  appeared first on SecurityWeek.

VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services.

The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7.

The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first on SecurityWeek.

Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.

The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining   appeared first on SecurityWeek.

Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy.

The post Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression appeared first on SecurityWeek.

Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.

The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek.

Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. 

The post Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release appeared first on SecurityWeek.