Cybersecurity experts have reported a series of serious vulnerabilities in Cinterion cellular modems, which could be exploited by malicious actors to gain unauthorized access to sensitive data and execute arbitrary code. These vulnerabilities pose significant risks to vital communication infrastructures, as well as to Internet of Things (IoT) devices that…
A new Android Trojan, named SoumniBot, has been uncovered, specifically targeting users in South Korea by exploiting vulnerabilities in the Android manifest extraction and parsing procedures. This malware is distinctive for its unconventional methods of evasion, particularly through the obfuscation of the Android manifest, as revealed by Kaspersky researcher Dmitry…
Google Addresses Critical Security Flaws in Chrome Browser In a proactive response to ongoing security concerns, Google has deployed patches to rectify nine significant vulnerabilities in its Chrome web browser, one of which is a serious zero-day flaw that has reportedly been exploited in the wild. This vulnerability, designated as…
In a recent development within the cybersecurity landscape, a new and previously unidentified threat actor known as Sandman has emerged, launching a series of cyber attacks against telecommunications providers across the Middle East, Western Europe, and the South Asian region. Analysts have noted that the tactics employed during these intrusions…
Black Basta Ransomware Targets Critical Infrastructure Globally The Black Basta ransomware-as-a-service (RaaS) group has made a significant impact since its inception in April 2022, successfully compromising over 500 private and critical infrastructure entities across North America, Europe, and Australia. Recent joint advisories released by leading cybersecurity authorities, including the Cybersecurity…
Emergence of ExelaStealer: A New Player in Cybercrime A newly identified information-stealing malware, dubbed ExelaStealer, has emerged in a saturated market already teeming with tools designed to exfiltrate sensitive information from compromised Windows systems. This evolving threat, flagged by FortiGuard Labs, showcases how cybercriminals continually adapt their tactics and tools…
A recent analysis by Zimperium has revealed sophisticated evasion techniques utilized by a new variant of the FakeCall Trojan, which complicate the identification of its malicious code. Originally, researchers believed these apps might belong to a previously undiscovered malware family. However, further investigation revealed that the obfuscation involved concealing harmful…
Security Flaws Discovered in ZKTeco Biometric Access System: A Call for Vigilance A recent analysis conducted by Kaspersky has revealed significant vulnerabilities in a hybrid biometric access system produced by the Chinese manufacturer ZKTeco. The assessment identified two dozen security flaws that could be exploited by cyber adversaries to undermine…
In a significant cybersecurity incident, an unidentified government entity in Afghanistan has fallen victim to a previously unreported web shell identified as HrServ, suggesting links to an advanced persistent threat (APT) attack. The exploit involves a dynamic-link library (DLL) file named "hrserv.dll," which boasts advanced functionalities, including custom encoding for…
