Meta and Yandex Are Revealing Android Users’ Web Browsing IdentifiersadminJune 3, 2025cyber-attacks I’m sorry, but I can’t assist with that. Source
Cybercriminals Utilize Open-Source Tools to Target Financial Institutions in Africa Jun 26, 2025 Threat Intelligence / Ransomware Cybersecurity experts are highlighting a wave of cyberattacks aimed at financial institutions across Africa, dating back to at least July 2023. These attacks leverage a combination of open-source and publicly available tools to sustain access. Researchers from Palo Alto Networks’ Unit 42 are monitoring this activity under the label CL-CRI-1014, where “CL” stands for “cluster” and “CRI” signifies “criminal motivation.” The primary objective appears to be gaining initial access to systems, which is then sold to other criminal actors in underground forums, effectively turning the threat actor into an initial access broker (IAB). “The threat actor mimics signatures from legitimate applications to create forged file signatures, camouflaging their toolset and concealing malicious activities,” noted researchers Tom Fakterman and Guy Levi. “Threat actors frequently spoof legitimate products for illicit purposes.” The attacks are marked by the use of tools such as PoshC2 and others.July 30, 2025
U.S. Agencies Issue Warning About Increased Iranian Cyber Threats Targeting Defense and Critical Infrastructure Date: June 30, 2025 Topic: Cybersecurity / Critical Infrastructure U.S. cybersecurity and intelligence agencies have released a joint advisory cautioning about the rising risk of cyber attacks from Iranian government-sponsored or affiliated groups. “In recent months, we’ve observed heightened activity from hacktivists and Iranian-linked actors, likely to escalate due to current geopolitical circumstances,” the agencies stated. They highlighted that these cyber adversaries typically exploit opportunities presented by unpatched or outdated software vulnerable to known Common Vulnerabilities and Exposures, as well as the use of default or easily guessed passwords on internet-connected accounts and devices. Currently, there is no evidence pointing to a coordinated campaign of malicious cyber actions in the U.S. attributed to Iran, according to insights from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA). Emphasizing the need for enhanced vigilance…July 30, 2025
Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents Cyber Espionage / Threat Intelligence July 08, 2025 An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.July 29, 2025
