New Banking Trojan Distributed Through WhatsApp
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
Trustwave
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
SpiderLabs has recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
www.oligo.security
Critical Vulnerabilities in FluentBit | Oligo Security
A new chain of 5 critical vulnerabilities within Fluent Bit allows attackers to compromise cloud infrastructure
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
Socket
Malicious Chrome Extension Injects Hidden SOL Fees Into Sola...
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees ...
Critical Security Vulnerability in React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
react.dev
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
Windows Stealers: How Modern Infostealers Harvest Credentials
https://deceptiq.com/blog/windows-stealers-technical-analysis
https://deceptiq.com/blog/windows-stealers-technical-analysis
Deceptiq
Windows Stealers: Technical Analysis of Credential Harvesting | DeceptIQ
How Windows infostealers harvest credentials. Technical deep dive into DPAPI decryption, browser data theft, and anti-analysis techniques.
December 2025 Security Updates
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
SentinelOne
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
Deep dive into CyberVolk’s new VolkLocker ransomware-as-a-service, its major design flaw, and what it signals for cyber defenders.
Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
www.koi.ai
Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
Discover how GhostPoster used a malicious PNG icon to infect 50,000 Firefox users and the risks behind seemingly harmless downloads.