Unpatched URL Spoofing Vulnerability Discovered in UC Browser and UC Browser Mini A recently uncovered security flaw poses a significant threat to users of UC Browser and UC Browser Mini, widely used mobile applications developed by Alibaba-owned UCWeb. This vulnerability, which remains unpatched, allows attackers to manipulate the address bar,…
A recently uncovered campaign attributed to the China-based cybercrime group known as Silver Fox—also referred to as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne—has targeted organizations in Russia and India with new malware identified as ABCDoor. The operation has prominently involved the use of phishing emails…
Microsoft has revealed a comprehensive credential theft operation that exploited themes related to code of conduct, utilizing legitimate email services to redirect users to domains controlled by attackers and extract authentication tokens. This multi-faceted campaign occurred between April 14 and April 16, 2026, affecting over 35,000 users from more than…
The American educational technology company Instructure, known for its Canvas platform, has reported a breach involving a decentralized cybercriminal group. This group threatened to leak sensitive data stolen from thousands of educational institutions following a successful infiltration of Instructure’s network. In an update released on Monday, the Utah-based firm announced…
Each year, countless smartphones fall victim to theft. Among them, a significant number are iPhones that are illegally shipped to various regions, particularly China, where they are dismantled for parts. However, there exists a lucrative market in which these stolen devices can be unlocked and reset, offering criminals a chance…
In a recent report from cybersecurity researchers, a new attack strategy has been revealed, utilizing phishing emails to spread an open-source backdoor known as VShell. According to Trellix researcher Sagar Bade, this “Linux-specific malware infection chain begins with a spam email containing a harmful RAR archive file.” The unique aspect of this attack is that the malicious payload is embedded directly in the filename, rather than hidden within the file’s content or through macros. By employing shell command injection and Base64-encoded Bash payloads, attackers transform routine file listing commands into triggers for automatic malware execution. This technique exploits a common, yet dangerous pattern in shell scripts, where poorly sanitized file names allow seemingly innocuous commands like eval or echo to execute arbitrary code. Additionally, this approach provides further advantages…
Linux Malware Exploits Malicious RAR Filenames to Bypass Antivirus Detection August 22, 2025 Recent research has unveiled a sophisticated attack vector targeting Linux systems, whereby threat actors utilize phishing emails to distribute an open-source backdoor named VShell. According to cybersecurity expert Sagar Bade from Trellix, this method represents a distinct…
In a recent report from cybersecurity researchers, a new attack strategy has been revealed, utilizing phishing emails to spread an open-source backdoor known as VShell. According to Trellix researcher Sagar Bade, this “Linux-specific malware infection chain begins with a spam email containing a harmful RAR archive file.” The unique aspect of this attack is that the malicious payload is embedded directly in the filename, rather than hidden within the file’s content or through macros. By employing shell command injection and Base64-encoded Bash payloads, attackers transform routine file listing commands into triggers for automatic malware execution. This technique exploits a common, yet dangerous pattern in shell scripts, where poorly sanitized file names allow seemingly innocuous commands like eval or echo to execute arbitrary code. Additionally, this approach provides further advantages…
Published: July 15, 2013
Warning: A new scam is circulating through Twitter direct messages (DMs) and deceptive emails, directing users to a phishing site at “twittler.com.” This scam utilizes compromised Twitter accounts to send seemingly legitimate messages. Security expert Janne Ahlberg highlights the danger, stating, “This is a particularly insidious tactic, especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a familiar contact, alert them – their account has likely been hijacked by attackers.”
The fraudulent webpage mimics the Twitter login screen and attempts to capture your login credentials, using a domain name that closely resembles the official Twitter.com, with the addition of “LL.”
To stay safe, always verify your browser’s address bar to ensure you are on the legitimate Twitter site at twitter.com before entering your login information. If you input your Twitter username…
Warning: Phishing Attack Targeting Twitter Users July 15, 2013 A concerning phishing scam has emerged, targeting Twitter users through deceptive direct messages (DMs) and counterfeit emails that direct recipients to a fraudulent website, “twittler.com.” This scheme relies on compromised Twitter accounts to deliver messages that appear trustworthy, undermining the basic…
Published: July 15, 2013
Warning: A new scam is circulating through Twitter direct messages (DMs) and deceptive emails, directing users to a phishing site at “twittler.com.” This scam utilizes compromised Twitter accounts to send seemingly legitimate messages. Security expert Janne Ahlberg highlights the danger, stating, “This is a particularly insidious tactic, especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a familiar contact, alert them – their account has likely been hijacked by attackers.”
The fraudulent webpage mimics the Twitter login screen and attempts to capture your login credentials, using a domain name that closely resembles the official Twitter.com, with the addition of “LL.”
To stay safe, always verify your browser’s address bar to ensure you are on the legitimate Twitter site at twitter.com before entering your login information. If you input your Twitter username…
Booking.com is reaching out to its customers following a confirmed data breach in which a third party accessed portions of its reservation data. The company characterizes this incident as a targeted attack impacting an undisclosed number of bookings. In communications to affected customers, the exposed information may consist of names,…
“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”
Sep 06, 2025 – Malware / Cyber Espionage
A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”
Noisy Bear Campaign: Phishing Test Unveiled in Kazakhstan’s Energy Sector On September 6, 2025, cybersecurity experts revealed that a series of attacks targeting Kazakhstan’s energy sector has been linked to a threat actor possibly originating from Russia. This campaign, dubbed Operation BarrelFire, is attributed to a new group identified by…
“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”
Sep 06, 2025 – Malware / Cyber Espionage
A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”
