Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/
https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/
Zimperium
Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
true
Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
mansk1es.gitbook.io
Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711 | AnyDesk CVE-2024-12754
AnyDesk is a popular personal and enterprise software for remote administration distributed by AnyDesk Software GmbH. This post will dive into the vulnerability I found on AnyDesk mid of the year.
Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails
https://brutecat.com/articles/leaking-youtube-emails
brutecat.com
Leaking the email of any YouTube user for $10,000
What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
This is undoubtedly an innovation. OpenBLD.net smart balancing service is now a separate project, introducing key features:
► Detects slow servers before they start lagging
► If an upstream server shows an increase in timeouts or errors → ML predicts potential failures and automatically prepares backup routes before the infrastructure starts "firing"
► Based on historical data, ML knows when servers experience peak loads (e.g., during lunch hours or at the end of the workday)
► Instead of reacting to downtime, it distributes traffic efficiently in advance
► Reduces latency and timeouts by proactively optimizing traffic distribution
► And much more, including environmental factors such as server energy consumption optimization
The balancer operates like a living organism, learning and adapting to conditions on its own)
How does this benefit users?
🚀 More autonomy and focus on your own development.
⚡ More speed.
📢 This week, the updated balancers will be seamlessly integrated into ADA’s infrastructure—the only thing you might notice is the increased speed.
✌️ Stay fast, stay optimized!
Please open Telegram to view this post
VIEW IN TELEGRAM
Vgod RANSOMWARE
The ransomware specifically targets Windows systems using advanced encryption techniques, appending a unique file extension to encrypted files...
https://www.cyfirma.com/research/vgod-ransomware
The ransomware specifically targets Windows systems using advanced encryption techniques, appending a unique file extension to encrypted files...
https://www.cyfirma.com/research/vgod-ransomware
CYFIRMA
Vgod RANSOMWARE - CYFIRMA
EXECUTIVE SUMMARY CYFIRMA Research and Advisory Team has found Vgod Ransomware while monitoring various underground forums as part of our...
♾ AppSecFest - 25 апреля в Алматы. CFP.
Который год AppSecFest.kz радует контентом, организацией, масштабом. Организаторы настроены на серъезный контент, аудиторию и содержание.
Добрая атмосфера для всех, а + для докладчиков возможность рассказать о своих ресерчах, достижениях в области разработки и защите приложений.
Пока сайт конфы делается, организаторы организуются - ведется CFP набор заявок на доклады связанные с:
- Mobile, Web, X-Platform, Frontend/Backend, Microservices, Docker/K8s, Blockchain, AI, ML
- DevOps, CI/CD, Agile, UI/UX, качеством и безопасностью кода
- SAST, DAST, IAST, API, IaC, Cloud Security, Pentesting, SDLC, DevSecOps, Vulnerability Management
Подать спикер-заявку - https://appsecfest.kz
Который год AppSecFest.kz радует контентом, организацией, масштабом. Организаторы настроены на серъезный контент, аудиторию и содержание.
Добрая атмосфера для всех, а + для докладчиков возможность рассказать о своих ресерчах, достижениях в области разработки и защите приложений.
Пока сайт конфы делается, организаторы организуются - ведется CFP набор заявок на доклады связанные с:
- Mobile, Web, X-Platform, Frontend/Backend, Microservices, Docker/K8s, Blockchain, AI, ML
- DevOps, CI/CD, Agile, UI/UX, качеством и безопасностью кода
- SAST, DAST, IAST, API, IaC, Cloud Security, Pentesting, SDLC, DevSecOps, Vulnerability Management
Подать спикер-заявку - https://appsecfest.kz
New variant of the Snake Keylogger (also known as 404 Keylogger)
https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant
https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant
Fortinet Blog
FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant
Explore how FortiSandbox 5.0 detected this malware, the behavioral indicators it leveraged for identification, and Snake Keylogger's technique to evade detection and analysis.…
Android trojan TgToxic updates its capabilities
..TgToxic is an Android banking trojan discovered by Trend Micro in July 2022. It’s designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps.
The actors once again changed the way the malware obtains the C2 URL, from a dead drop location to a domain generation algorithm (DGA)..:
https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities
..TgToxic is an Android banking trojan discovered by Trend Micro in July 2022. It’s designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps.
The actors once again changed the way the malware obtains the C2 URL, from a dead drop location to a domain generation algorithm (DGA)..:
https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities
Intel 471
Android trojan TgToxic updates its capabilities
Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an…
Massive Botnet Targets M365 with Stealthy Password Spraying Attacks
https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/
https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/
SecurityScorecard
Massive Botnet Targets M365 with Stealthy Password Spraying Attacks
A Technical Breakdown of Large-Scale Password Spraying Through Non-Interactive Sign-Ins
Auto-Color: An Emerging and Evasive Linux Backdoor
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
Unit 42
Auto-Color: An Emerging and Evasive Linux Backdoor
The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more. The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this…
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
https://socket.dev/blog/typosquatted-go-packages-deliver-malware-loader
https://socket.dev/blog/typosquatted-go-packages-deliver-malware-loader
Socket
Typosquatted Go Packages Deliver Malware Loader Targeting Li...
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated pa...
Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
Analysys:
https://blog.talosintelligence.com/new-persistent-attacks-japan/
Analysys:
https://blog.talosintelligence.com/new-persistent-attacks-japan/
Cisco Talos Blog
Unmasking the new persistent attacks on Japan
Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.
StopRansomware: Medusa Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
Cybersecurity and Infrastructure Security Agency CISA
#StopRansomware: Medusa Ransomware | CISA
Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors.
GitHub Actions - tj-actions/changed-files action is compromised
The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit...
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit...
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
www.stepsecurity.io
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
Trend Micro
ZDI-CAN-25373 Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 (aka ZDI-25-148), a Windows .lnk file vulnerability that enables hidden command execution.
Technical Explanation of NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
0x6rss
CVE-2025-24071: NTLM Hash Leak
Technical explanation of NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
https://www.sentinelone.com/blog/readerupdate-reforged-melting-pot-of-macos-malware-adds-go-to-crystal-nim-and-rust-variants/
https://www.sentinelone.com/blog/readerupdate-reforged-melting-pot-of-macos-malware-adds-go-to-crystal-nim-and-rust-variants/
SentinelOne
ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
https://www.itpro.com/security/phishing/have-i-been-pwned-owner-troy-hunts-mailing-list-compromised-in-phishing-attack
https://www.itpro.com/security/phishing/have-i-been-pwned-owner-troy-hunts-mailing-list-compromised-in-phishing-attack
IT Pro
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Industry experts say the incident shows even seasoned professionals can fall victim
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices
Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices
ThreatFabric
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
ThreatFabric analysts discovered a new Device-Takeover Android banking Trojan equipped with remote access, black screen overlays, and advanced credential theft capabilities.
Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
https://www.wiz.io/blog/postgresql-cryptomining
https://www.wiz.io/blog/postgresql-cryptomining
wiz.io
Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers | Wiz Blog
Wiz Threat Research uncovers a stealthy cryptomining campaign exploiting weak PostgreSQL credentials