Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Zscaler
Anatsa’s Latest Updates | ThreatLabz
This analysis explores the latest updates to the Anatsa Android malware family.
SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen
Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you..:
https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen
Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you..:
https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen
www.koi.ai
SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen | Koi Blog
Proxyware Malware Being Distributed on YouTube Video Download Site
Evil YouTube downloaders:
https://asec.ahnlab.com/en/89787/
Evil YouTube downloaders:
https://asec.ahnlab.com/en/89787/
ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 - ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 ASEC
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
...Git CLI on macOS and Linux, issue the command git --version and check to see if the returned version is not on v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1..:
https://securitylabs.datadoghq.com/articles/git-arbitrary-file-write/
Fixes for Exploited Git Vulnerabilities
https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
...Git CLI on macOS and Linux, issue the command git --version and check to see if the returned version is not on v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1..:
https://securitylabs.datadoghq.com/articles/git-arbitrary-file-write/
Fixes for Exploited Git Vulnerabilities
https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
Datadoghq
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
Learn more about the emerging vulnerability affecting Git.
ShadowCaptcha
ClickFix technique and fake Google/Cloudflare CAPTCHA pages..
https://www.gov.il/en/pages/shadowcaptch-campaign
ClickFix technique and fake Google/Cloudflare CAPTCHA pages..
https://www.gov.il/en/pages/shadowcaptch-campaign
APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery
https://cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
https://cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
Cloudsek
Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Deliver | CloudSEK
Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads…
FreePBX zero-day
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
FreePBX Community Forums
Security Advisory: Please Lock Down Your Administrator Access
The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet. AUG. 28 GOOD NEWS: FIX IS NOW DEPLOYED IN STABLE REPOS FOR AFFECTED SUPPORTED VERSIONS, INCLUDING…
ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies
https://research.checkpoint.com/2025/zipline-phishing-campaign/
https://research.checkpoint.com/2025/zipline-phishing-campaign/
Check Point Research
ZipLine Phishing Campaign Targets U.S. Manufacturing - Check Point Research
Check Point Research exposes ZipLine, an advanced phishing campaign targeting U.S. manufacturing with MixShell malware and AI-themed lures
WhatsApp Emergency Updates - Zero-Click Exploit on iOS and macOS Devices
https://www.whatsapp.com/security/advisories/2025/
https://www.whatsapp.com/security/advisories/2025/
WhatsApp.com
WhatsApp Security Advisories 2025
WhatsApp Security Advisories 2025 - List of security fixes for WhatsApp products
Detecting Microsoft Teams Phishing: Hunting the Fake IT Helpdesk Threat
https://www.hunters.security/en/blog/microsoft-teams-phishing-fake-it-helpdesk?utm_campaign=21008660-%5BThreat%20research%5D%20Microsoft%20Teams%20Phishing
https://www.hunters.security/en/blog/microsoft-teams-phishing-fake-it-helpdesk?utm_campaign=21008660-%5BThreat%20research%5D%20Microsoft%20Teams%20Phishing
www.hunters.security
Detecting Microsoft Teams Phishing: Hunting the Fake IT Helpdesk Threat
Microsoft Teams phishing is rising fast. See how attackers bypass defenses—and get practical detection logic and hunting queries for your SOC.
ChillyHell: A Deep Dive into a Modular macOS Backdoor
https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
Jamf
Learn about ChillyHell, a modular Mac backdoor
Discover its origin, how it compromises macOS and more importantly, how the JTL detected this malicious threat to keep Jamf customers safe.
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
Welivesecurity
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
ESET Research has discovered HybridPetya, a copycat of the infamous Petya/NotPetya malware that adds the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.
iso-27001-using-siem.pdf
610.3 KB
ISO 27001:2022 - Security controls with SIEM
Deserialization Vulnerability in GoAnywhere MFT's License Servlet
https://www.fortra.com/security/advisories/product-security/fi-2025-012
https://www.fortra.com/security/advisories/product-security/fi-2025-012