π¦
OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary Cyble Research and Intelligence Labs CRIL has identified a novel Android banking trojan, dubbed OverlayPhantom, actively distributed in the wild via malicious URLs. The malware employs a twostage infection chain, using a dropper application that impersonates trusted platforms, including the official Austrian government identity application, ID Austria, and the widely used consumer platform TikTok, to deceive victims into installing it. Once deployed, OverlayPhantom masquerades as "Google Play Services" and abuses Android's Accessibility Service to gain persistent, elevated control of the infected device. The malware is capable of executing over 30 remote commands, conducting realtime screen streaming, performing overlay attacks using embedded HTML phishin...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
OverlayPhantom-android-banking-trojan-hiding In Plain Sight
Cyble analyzes OverlayPhantom, an Android banking trojan targeting 180+ apps across 10 countries, stealing credentials via fake overlays and real-time screen streaming.
π Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ESETs 2026 APT Activity Report suggests Chinabacked APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms
ESETβs 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
π’ IBM and Red Hat believe they have the answer to open source security risks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Project Lightwell is backed by a 5 billion investment and a team of more than 20,000 engineers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
IBM and Red Hat believe they have the answer to open source security risks
Project Lightwell is backed by a $5 billion investment and a team of more than 20,000 engineers
π’ IBM and Red Hat believe they have the answer to open source security risks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Project Lightwell is backed by a 5 billion investment and a team of more than 20,000 engineers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
IBM and Red Hat believe they have the answer to open source security risks
Project Lightwell is backed by a $5 billion investment and a team of more than 20,000 engineers
π’ Security professionals want leaders who have already led their organization through a major cyber incident β regardless of how things turned out π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Research from ISC2 reveals what makes for a good security leader.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Security professionals want leaders who have already led their organization through a major cyber incident β regardless of howβ¦
Research from ISC2 reveals what makes for a good security leader
π¦Ώ Carnival Data Breach Exposes Data of Nearly 6 Million Customers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Carnival says a data breach exposed personal information of nearly 6 million customers after a social engineering attack tied to a single employee account. The post Carnival Data Breach Exposes Data of Nearly 6 Million Customers appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Carnival Data Breach Exposes Data of Nearly 6 Million Customers
Carnival says a data breach exposed personal information of nearly 6 million customers after a social engineering attack tied to a single employee account.
ποΈ Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An unknown threat actor has been observed using a large language model LLM agent to conduct postcompromise actions after obtaining initial access following the exploitation of a publiclyaccessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internetreachable Marimo notebook via CVE202639987, extracted two cloud credentials from the compromised.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukrainerelated entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russianspeaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report get it here, a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The North Korean statesponsored threat actor known as Kimsuky aka Velvet Chollima has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person
π Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
From a researchdriven pilot, the Cybersecurity Communities of Support CyCOS is about to be handed over to CIISec.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec
π Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ESETs 2026 APT Activity Report suggests Chinabacked APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms
ESETβs 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
π AI-Generated npm Malware Leaks Its Own GitHub Token π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sloppy AIgenerated npm infostealer leaked its own GitHub token, exposing the operator.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
π VMware Carbon Black Pricing Guide 2026: Every Tier, Real Costs & Negotiation Tactics π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Explore the full Carbon Black pricing guide tier costs, tuning labor math, compliance mapping, and the stayvsmigratevsMDR decision framework. The post VMware Carbon Black Pricing Guide 2026 Every Tier, Real Costs Negotiation Tactics appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
VMware Carbon Black Pricing Guide 2026: Every Tier, Real Costs & Negotiation Tactics
Explore the full Carbon Black pricing guide: tier costs, tuning labor math, compliance mapping, and the stay-vs-migrate-vs-MDR decision framework.
β€1
ποΈ ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. "The chatgpt.com response renderer trusts Markdown links and Markdown.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Dexcom Warns Stolen G7 Glucose Sensors May Pose Infection, Reading Risks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Dexcom says stolen G7 sensors from two scrapped lots were sold through unauthorized channels, creating infection and readingfailure risks. The post Dexcom Warns Stolen G7 Glucose Sensors May Pose Infection, Reading Risks appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Dexcom Warns Stolen G7 Glucose Sensors May Pose Infection, Reading Risks
Dexcom says stolen G7 sensors from two scrapped lots were sold through unauthorized channels, creating infection and reading-failure risks.