π Phishing Campaigns Drop RMM Tools for Remote Access π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are using multiple lures to trick users into installing RMM tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Campaigns Drop RMM Tools for Remote Access
Threat actors are using multiple lures to trick users into installing RMM tools
π¦
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary CRIL identified an active Maranho Stealer campaign that is being distributed through social engineering websites hosted on cloud platforms. Current intelligence indicates that the malware has been active since May 2025 and is actively being developed. Available intelligence shows the malware has been active since May 2025 and is undergoing ongoing development. The threat actors primarily target gaming users by distributing gamingrelated links, cheats, and pirated software downloads. e.g., hxxpsderelictsgame.inDerelictSetup.zip. The ZIP archives include an Inno Setup installer, which launches a Node.jscompiled binary responsible for exfiltrating credentials. Key takeaways Maranho Stealer is actively spreading through social engineering websites that distribut...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer
Cyble Research & Intelligence Labs detected MaranhΓ£o Stealer, a Node.jsβbased credential stealer leveraging reflective DLL injection.
π SEO Poisoning Targets Chinese Users with Fake Software Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SEO Poisoning Targets Chinese Users with Fake Software Sites
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos
π¦Ώ Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Unlock 500 channels and secure your browsing with Getflix Smart DNS VPN lifetime access a 66 savings.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS & VPN lifetime accessβa 66% savings.
π HybridPetya Mimics NotPetya, Adds UEFI Compromise π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HybridPetya ransomware mimics PetyaNotPetya, with an added UEFI bootkit and Secure Boot bypass.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HybridPetya Mimics NotPetya, Adds UEFI Compromise
HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass
ποΈ Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Chinaaligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailandbased IP addresses and drops the Yokai backdoor," IBM XForce researchers Golo Mhr and Joshua Chung said in an analysis published last week. The tech giant's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function NpmModule.updatePackage that downloads a package tarball, modifies package.json, injects a local script bundle.js, repacks the archive, and republishes it, enabling.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A team of academics from ETH Zrich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 DDR5 memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix CVE20256202, CVSS score 7.1, is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Villager, a tool developed by a Chinabased red team project known as Cyberspike, is being used to automate attacks under the guise of penetration testing.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July
βVillagerβ is a China-developed tool that can dynamically adapt attacks to breach the domains and devices of victims
π’ NinjaOne expands availability on CrowdStrike Marketplace π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
CrowdStrike Falcon customers now have simplified access to NinjaOnes automated endpoint management capabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
NinjaOne expands availability on CrowdStrike Marketplace
CrowdStrike Falcon customers now have simplified access to NinjaOneβs automated endpoint management capabilities
π’ Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Is this really the end for Scattered Lapsus Hunters?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them?
Is this really the end for Scattered Lapsus$ Hunters?
ποΈ Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE202543300 CVSS score 8.8, an outofbounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80 of companies have already experienced unintended AI agent actions, from unauthorized system.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π UK: Tax Refund-Themed Phishing Slows in 2025 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Reports of email phishing attempts impersonating the UKs HM Revenue Customs plummeted in the first half of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK: Tax Refund-Themed Phishing Slows in 2025
Reports of email phishing attempts impersonating the UKβs HM Revenue & Customs plummeted in the first half of 2025
π JLR Extends Production Halt After Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Jaguar Land Rover JLR has confirmed that its pause in production will last until at least Wednesday, September 24.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed that its pause in production will last until at least Wednesday, September 24
π API Threats Surge to 40,000 Incidents in 1H 2025 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Thales claims there were over 40,000 API incidents in the first half of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
API Threats Surge to 40,000 Incidents in 1H 2025
Thales claims there were over 40,000 API incidents in the first half of 2025
π FinWise Bank Warns of Insider Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An insider data breach at FinWise may have impacted 689,000 customers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FinWise Bank Warns of Insider Data Breach
An insider data breach at FinWise may have impacted 689,000 customers
ποΈ New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site e.g., fake Facebook Security page, with antianalysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
βοΈ Self-Replicating Worm Hits 180+ Software Packages βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
At least 187 code packages made available through the JavaScript repository NPM have been infected with a selfreplicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infectedβ¦
ποΈ SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. "These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actorowned cashout sites, generating fraudulent ad impressions and clicks," HUMANs Satori Threat Intelligence and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Gucci and Alexander McQueen Hit by Customer Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Gucci and Alexander McQueen Hit by Customer Data Breach
The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses