350/68 Thursday, September 18, 2025 Google has removed 224 malicious Android applications from the Play Store after researchers from HUMAN Satori Threat Intelligence discovered that they were being used in a massive ad fraud operation known as “SlopAds”, which generated over 2.3 billion fake ad requests per day. These apps had already been downloaded more […]
349/68 Thursday, September 18, 2025 Google has confirmed that malicious actors created a fake account to access its Law Enforcement Request System (LERS), an online portal used by government agencies and law enforcement officials to submit and track user data requests. The company stated that the fraudulent account was immediately disabled and emphasized that no […]
348/68 Thursday, September 18, 2025 Cybersecurity researchers from ReversingLabs have disclosed a newly discovered worm called “Shai-hulud”, which is rapidly spreading across open-source software, particularly through NPM packages. The malware leverages self-replication mechanisms, enabling it to spread quickly across hundreds of projects while stealing sensitive information such as secrets, tokens, and login credentials-all with minimal […]
347/68 Wednesday, September 17, 2025 Kering, the parent company of luxury brands Gucci, Balenciaga, and Alexander McQueen, has confirmed a major data breach that exposed the personal information of millions of customers worldwide. The leaked data includes names, email addresses, phone numbers, home addresses, and luxury store purchase details. However, the company stated that no […]
346/68 Wednesday, September 17, 2025 Cybersecurity researchers from IBM X-Force have revealed that Mustang Panda, a China-linked state-sponsored threat group, is leveraging several new malware variants in its campaigns. Most notably, the group has introduced a new USB worm called SnakeDisk, designed to propagate infections and deliver the Yokai backdoor, enabling remote control of compromised […]
345/68 Tuesday, September 16, 2025 The UK Information Commissioner’s Office (ICO) has revealed in a new report that students were responsible for more than half of all school-related data breaches in the country, accounting for 57% of incidents. Strikingly, over 97% of cases involving stolen user account data originated from students themselves. Many incidents stemmed […]
344/68 Tuesday, September 16, 2025 Okta Threat Intelligence has uncovered a new phishing platform called VoidProxy, categorized as Phishing-as-a-Service (PhaaS). It provides cybercriminals with a full toolkit to conduct attacks, with a key capability being its ability to bypass Multi-Factor Authentication (MFA) for Microsoft and Google accounts using an Adversary-in-the-Middle (AitM) technique to intercept sensitive […]
343/68 Tuesday, September 16, 2025 The ShinyHunters hacking group has successfully breached the systems of the National Credit Information Center of Vietnam (CIC). Investigators confirmed evidence of unauthorized access, with leaked data containing sensitive customer information tied to several leading Vietnamese financial institutions, including VietCredit, MB Bank, Ocean Bank, VPBank, and Agribank. Authorities in Vietnam, […]
342/68 Monday, September 15, 2025 Samsung has released its monthly Android security update, which includes a fix for the critical zero-day vulnerability CVE-2025-21043 (CVSS 8.8). The flaw is an out-of-bounds write in the libimagecodec.quram.so library that could allow attackers to execute remote malicious code. According to a 2020 report by Google Project Zero, libimagecodec.quram.so is […]
341/68 Monday, September 15, 2025 The U.S. Federal Bureau of Investigation (FBI) has issued a Flash Alert warning of ongoing cyberattacks by two groups, UNC6040 and UNC6395, which are increasingly targeting the Salesforce platform. The primary objective of these campaigns is to steal sensitive organizational data and conduct extortion. The alert also includes Indicators of […]
