-
A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate government identity applications and payment services. The malicious operation, active since approximately August 2024, employs advanced evasion techniques to deliver variants of the BankBot trojan family while maintaining an extensive infrastructure of over 100 domains. The threat […] The post Banking Trojans Attacking Android Users Mimic as Government and Legitimate Payment Apps appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used content management system. The vulnerability, tracked as CVE-2025-59545 with a severity score of 9.1 out of 10, affects all DNN Platform versions prior to 10.1.0 and allows attackers to execute malicious scripts through the platform’s […] The post Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s cybersecurity analysts recently uncovered one such case: a malicious SVG disguised as a PDF, hosted on a legitimate domain and packed with hidden redirects. By mid-September, it scaled into a full spam wave with Microsoft-themed lures. Let’s look at how […] The post Malicious SVGs in Phishing Campaigns: How to Detect Hidden Redirects and Payloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively exploited in the wild. The flaw exists in the Simple Network Management Protocol (SNMP) subsystem and can allow a remote attacker to achieve remote code execution (RCE) or cause a denial-of-service (DoS) condition on […] The post Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […] The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering can bypass traditional security controls. The adversary’s modus operandi involves posing as remote software engineers, submitting legitimate-looking résumés, completing coding assessments, and ultimately blending into corporate environments. Initial signs were subtle: benign emails, genuine code […] The post New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems. In these incidents, threat actors deliver a small downloader to victims via malicious links or at…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London Heathrow. The National Crime Agency (NCA) confirmed that officers detained the man on Tuesda…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured Google Firebase services. The scope of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By making their malicious traffic appear as legitimate connections to high-trust domains, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
