Cyber News & Articles

Cyber News & Articles

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft 

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.
“Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT said in a report

read more
Cyber News & Articles

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware 

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.
Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a

read more
Cyber News & Articles

Secure Vibe Coding: The Complete New Guide 

DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces “silent killer” vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance.
A detailed analysis of secure vibe coding practices is available here.
TL;DR: Secure

read more
Cyber News & Articles

Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session 

Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts.
It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in.
Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide

read more
Cyber News & Articles

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign 

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity

read more
Cyber News & Articles

Meta Adds Passkey Login Support to Facebook for Android and iOS Users 

Meta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook.
“Passkeys are a new way to verify your identity and login to your account that’s easier and more secure than traditional passwords,” the tech giant said in a post.
Support for passkeys is expected to be available “soon” on Android and iOS mobile devices. The feature is

read more
Cyber News & Articles

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions 

Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below –

CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
CVE-2025-6019 – LPE from allow_active to root in

read more
Cyber News & Articles

Smashing Security podcast #422: The curious case of the code copier 

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free… only to get booted back Down Under.

Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

read more
Cyber News & Articles

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains 

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails.
The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.
It leverages “the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated

read more

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X