A recent cybersecurity campaign has exploited ostensibly harmless Android dropper apps available on the Google Play Store to infiltrate users’ devices with banking malware. Dubbed DawDropper by security analysts at Trend Micro, this malicious operation involved 17 dropper applications masquerading as productivity and utility tools, including document scanners, VPN services,…
Recent investigations have revealed a sophisticated malware campaign deploying a remote access trojan (RAT) called AsyncRAT, utilizing Python payloads and TryCloudflare tunnels for distribution. Forcepoint X-Labs researcher Jyotika Singh indicated that AsyncRAT capitalizes on the async/await programming model, allowing attackers to covertly access and manipulate infected systems, exfiltrate data, and…
A new cyber threat attributed to the North Korea-linked Lazarus Group has surfaced, where attackers exploit fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malicious software. This campaign targets operating systems across the board, including Windows, macOS, and Linux. According to cybersecurity firm Bitdefender, the operation…
High-Severity Vulnerabilities Discovered in Ruby-SAML Library, Posing Authentication Risks Two significant security vulnerabilities have been identified in the open-source ruby-saml library, which poses a risk of allowing malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. The discovered vulnerabilities are classified as CVE-2025-25291 and CVE-2025-25292, carrying a high…
Cybersecurity experts are raising alarms over a breach involving the popular GitHub Action, tj-actions/changed-files, which has reportedly been manipulated to leak sensitive information from repositories utilizing continuous integration and continuous delivery (CI/CD) frameworks. This incident is significant, given that the affected action is employed in more than 23,000 repositories for…
On March 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a high-severity vulnerability in its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is associated with a supply chain compromise affecting the GitHub Action known as tj-actions The vulnerability, identified as CVE-2025-30066, has been assigned…
Supply Chain Attack Targets GitHub Action, Compromising Sensitive Data A recent supply chain attack has raised significant cybersecurity concerns, particularly for businesses relying on open-source projects. This incident originated from the GitHub Action “tj-actions/changed-files,” which was initially directed at one of Coinbase’s open-source initiatives but subsequently expanded in scale. According…
The cybersecurity landscape has experienced notable turbulence in the first quarter of 2025, marked by intensifying attacks from cybercriminals employing innovative methods to breach defenses. This report highlights significant malware families and their corresponding analyses within controlled environments. One of the prominent threats this quarter is the NetSupport Remote Access…
In the realm of cybersecurity, last week’s developments showcased a significant range of incidents and insights. These events reflect the evolving landscape of cyber threats and the pressing need for vigilance among businesses and professionals. A critical incident involved Salesloft Drift, where attackers gained unauthorized access through the company’s GitHub…
