admin

admin

  • Joined: September 10, 2024
  • Articles: 5670

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the…

INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative,…

Urgent Security Update: Chrome Zero-Day CVE-2025-6554 Targeted by Active Attacks

Jul 01, 2025
Vulnerability / Browser Security

Google has issued a critical security update to address a zero-day vulnerability in its Chrome browser, currently being exploited in the wild. The flaw, identified as CVE-2025-6554, has a CVSS score of 8.1 and is classified as a type confusion issue within the V8 JavaScript and WebAssembly engine. According to the National Institute of Standards and Technology (NIST), “Type confusion in V8 in Google Chrome prior to version 138.0.7204.96 allowed remote attackers to perform arbitrary read/write operations through a specially crafted HTML page.” This type of vulnerability poses significant risks, potentially enabling attackers to execute arbitrary code, crash systems, or install malicious software. Zero-day vulnerabilities are particularly alarming, as they are often exploited by attackers before a patch is available, leading to possible spyware installations, drive-by downloads, or other harmful actions simply through user interactions.

Google Addresses Active Chrome Zero-Day Vulnerability CVE-2025-6554 With Security Update On July 1, 2025, Google announced critical security updates for its Chrome browser, designed to remedy a zero-day vulnerability labeled CVE-2025-6554. This flaw, currently being exploited in the wild, has…

SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa

October 17, 2024
Malware / Cyber Espionage

An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.

SideWinder APT Targets Middle East and Africa in Cohesive Multi-Stage Attacks October 17, 2024 Recent reports indicate that an advanced persistent threat (APT) group, identified as SideWinder, is actively executing a series of sophisticated cyberattacks against notable infrastructures and organizations…

Spike in Erlang/OTP SSH Exploits Following April Patch

Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Surge in Attacks Targeting Operational Technology Networks Prajeet Nair (@prajeetspeaks) • August 13, 2025 Image: Ivan Kislitsin/Shutterstock Researchers report a notable surge in exploitation attempts against a critical vulnerability in…

LangSmith Vulnerability Risks Exposure of OpenAI Keys and User Data through Malicious Agents

June 17, 2025
Category: Vulnerability / LLM Security

Cybersecurity experts have revealed a recently fixed security flaw in the LangChain’s LangSmith platform that could be exploited to obtain sensitive information, including API keys and user prompts. The vulnerability, assigned a CVSS score of 8.8 out of 10.0, is codenamed AgentSmith by Noma Security. LangSmith serves as an observability and evaluation tool for developing, testing, and monitoring large language model (LLM) applications, including those created using LangChain. Additionally, it features a LangChain Hub that acts as a repository for publicly available prompts, agents, and models.

“This newly discovered vulnerability targeted unsuspecting users who adopted agents containing pre-configured malicious proxy servers uploaded to the ‘Prompt Hub,'” noted researchers Sasi Levi and Gal Moyal in a report shared with The Hacker News. “Once adopted, the malicious proxy discreetly intercepted all user communications…”

Security Flaw in LangSmith Could Compromise OpenAI Keys and User Data In a recent disclosure, cybersecurity researchers have unveiled a significant vulnerability within the LangSmith platform, a tool integral to the development and monitoring of large language model (LLM) applications.…