A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the […]
Category Archives: Uncategorized
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.” The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update […]
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. “By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate […]
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. “Out […]
The Emergency Management and Response – Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations. Go to Source Author: Arielle Waldman
New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say. Go to Source Author: Jai Vijayan, Contributing Writer
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware. Go to Source Author: Alexander Culafi, Senior News Writer, Dark Reading
Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations […]
The country will require certain organizations to report ransomware payments and communications within 72 hours after they’re made or face potential civil penalties. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
The unpatched security vulnerabilities in Consilium Safety’s CS5000 Fire Panel could create “serious safety issues” in environments where fire suppression and safety are paramount, according to a CISA advisory. Go to Source Author: Elizabeth Montalbano, Contributing Writer