Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence. The most recent samples detected by the cybersecurity firm are dated March 2024.

Spyware 77

Spyware Surveillance Encryption Malware 77

Security Affairs

OCTOBER 22, 2024

Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. Samsung addressed the vulnerability with the release of security updates in October 2024 “A Use-After-Free in the mobile processor leads to privilege escalation.”

Firmware 144

Firmware Mobile Spyware Media 144

Security Affairs

FEBRUARY 15, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware. HF1 (R6.4.0.136).

Spyware 106

Spyware DDOS Hacking Authentication 106

Security Affairs

AUGUST 7, 2024

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. This AES key is then encrypted using a hardcoded public RSA key embedded in the spyware.

Spyware 142

Spyware Malware Encryption Data collection 142

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. Customers are recommended to install the security updates released by the company. In 2024, Apple addressed six zero-day vulnerabilities in its products.

Spyware 118

Spyware Surveillance Media Hacking 118

Security Affairs

DECEMBER 27, 2024

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. reached the end of life (EOL) on November 17, 2024, for this reason, it will not provide a fix for this release. The company noted that PAN-OS 11.0

DNS 111

DNS Firewall Spyware Software 111

Security Affairs

MAY 30, 2024

Researchers spotted a macOS version of the LightSpy surveillance framework that has been active in the wild since at least January 2024. Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024.

Spyware 135

Spyware Malware Surveillance Mobile 135

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware 125

Spyware Malware Mobile Marketing 125

Security Affairs

DECEMBER 8, 2024

warn of PRC-linked cyber espionage targeting telecom networks U.S. Hackers stole millions of dollars from Uganda Central Bank International Press Newsletter Cybercrime INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million Hackers Stole $1.49

Artificial Intelligence 101

Artificial Intelligence Spyware Hacking Ransomware 101

Security Affairs

APRIL 16, 2025

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping.

Malware 126

Malware Manufacturing Mobile Spyware 126

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 108

Cryptocurrency Hacking Phishing Cyber Attacks 108

Security Affairs

NOVEMBER 19, 2024

DEEPDATA is a modular post-exploitation tool for Windows that allows operators to harvest sensitive information from infected systems. DEEPPOST is a post-exploitation data exfiltration tool used to send files to a remote system and LIGHTSPY is a modular spyware. ” reads the advisory.

VPN 116

VPN Malware Spyware Passwords 116

Security Affairs

MARCH 3, 2025

Amnesty International first found traces of this Cellebrite USB exploit used in a separate case in mid-2024.” ” In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. .”

Hacking 66

Hacking Spyware Technology Surveillance 66

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware 126

Spyware Surveillance Mobile Hacking 126

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 110

Cryptocurrency Malware Hacking Ransomware 110

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 72

Malware Spyware Government Mobile 72

Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 71

Malware Spyware Ransomware Hacking 71

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! The Polyfill.io

Internet 113

Internet Internet Risk Social Engineering 113

Security Affairs

NOVEMBER 22, 2024

The vulnerability CVE-2024-44309 is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content. The vulnerability CVE-2024-44308 impacts the JavaScriptCore and could lead to arbitrary code execution when processing malicious web content. reads the advisory.

Spyware 63

Spyware Hacking Cybersecurity Risk 63

Security Affairs

JANUARY 5, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 65

Malware Spyware Ransomware Hacking 65

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 125

Spyware Data breaches Hacking Ransomware 125

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware 68

Spyware Firewall Artificial Intelligence Malware 68

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware 60

Spyware Cybercrime Scams Social Engineering 60

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. “The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.”

Spyware 133

Spyware Firmware Hacking Information Security 133

Security Affairs

MARCH 5, 2024

Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices.

Spyware 139

Spyware Hacking Information Security 139

Security Affairs

JUNE 13, 2024

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. ” reads the advisory.

Firmware 122

Firmware Spyware Hacking Information Security 122

Security Affairs

AUGUST 6, 2024

Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. “There are indications that CVE-2024-36971 may be under limited, targeted exploitation.”

Firmware 128

Firmware Spyware Hacking Technology 128

Security Affairs

JULY 14, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 125

Malware Spyware Internet Internet 125

Security Affairs

OCTOBER 9, 2024

Google Threat Analysis Group claims that CVE-2024-43047 may be under limited, targeted exploitation, Wang also confirms in-the-wild activity. Regarding the Microsoft flaws added by CISA to the KEV catalog, both issues were addressed by the IT giant in Patch Tuesday security updates for October 2024.

Social Engineering 135

Social Engineering Spyware Engineering Cybersecurity 135

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 118

Malware Spyware Banking Ransomware 118

Security Affairs

MARCH 16, 2025

CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog GitLab addressed critical auth bypass flaws in CE and EE North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities Meta warns of actively exploited (..)

Spyware 71

Spyware Cybercrime Ransomware IoT 71

Security Affairs

AUGUST 4, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 139

Malware Spyware Media Phishing 139

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 123

Spyware Surveillance DDOS Identity Theft 123

Security Affairs

DECEMBER 12, 2024

These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. “Early samples indicate the surveillance tool has been operational since at least 2017, with development continued into late 2024.” ” reads the report published by Lookout.

Surveillance 63

Surveillance Mobile Spyware Malware 63

Security Affairs

AUGUST 4, 2024

US sued TikTok and ByteDance for violating children’s privacy laws Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware Investors sued CrowdStrike over false claims about its Falcon platform Avtech camera vulnerability actively exploited in the wild, CISA warns Over 20,000 internet-exposed VMware ESXi instances (..)

Spyware 122

Spyware Phishing Malware Ransomware 122

Security Affairs

NOVEMBER 24, 2024

CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals Recently disclosed VMware vCenter Server bugs are actively exploited in attacks Foreign adversary hacked email communications of the Library (..)

Cybercrime 69

Cybercrime Artificial Intelligence Hacking VPN 69

Security Affairs

OCTOBER 8, 2024

Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). I found an issue in collaboration with Amnesty and TAG that we have indication may be used ITW, CVE-2024-43047. The vulnerability stems from a use-after-free bug that could lead to memory corruption.

Mobile 118

Mobile Spyware Manufacturing Hacking 118