Symantec has recently identified a series of phishing campaigns that targets users of Monex Securities (マネックス証券), one of Japan’s leading online securities companies. Monex Securities was formed through the merger of Monex, Inc. and Nikko Beans, Inc. and offers a range of financial services to individual investors in Japan. What Happened The phishing campaigns involve … Continued
A recently uncovered web skimming campaign is using a legacy Stripe API to validate stolen payment details before exfiltration, reducing the chances of detection. Researchers from Jscarambler identified at least 49 compromised merchants, with numbers expected to rise as more victims are uncovered. How the Attack Operates The attack employs multiple stages to load skimming … Continued
Multiple Vulnerabilities have been discovered in IBM AIX, a Unix-based operating system developed by IBM for its Power Servers. The vulnerabilities are tracked as CVE-2024-56346(CVSS:10) and CVE-2024-56347(CVSS:9.6) cause arbitrary code execution. These vulnerabilities could enable malicious actors to install software, manipulate or erase data, or even create new accounts with full administrative privileges, depending on … Continued
A new research by Kaspersky reveals that threat actors are using DeepSeek LLM as bait in multiple malicious campaigns. Initially discovered in early March, the TookPs downloader – discovered as a key malware strain- has now been found mimicking neural networks and 3D modeling tools. Targets Potential victims of this campaign include both individual users … Continued
A newly identified phishing-as-a-service (PhaaS) platform called Lucid has been found targeting more than 169 organization across 88 countries. The platform uses smishing technique via Apple iMessage and Rich Communication Services (RCS) on Android to orchestrate large-scale phishing attacks. Why It Matters Lucid’s methodology represents a drastic shift from traditional phishing techniques. By utilizing widely … Continued
A recent investigation by Wiz Threat Research has discovered a cryptomining campaign targeting publicly exposed PostgreSQL servers. This new campaign deploy’s XMRig-C3 cryptominers, that can bypass detection. Tracked as JINX-0126, the campaign was initially documented by Aqua Security but has since adapted to enhance its stealth capabilities. The Big Picture The attackers are using brute-force … Continued
North Korea’s infamous Lazarus Group, known for or cybercriminal activity aimed at funding the regime through cryptocurrency theft, is adopting a new “ClickFix” attack method. This latest campaign dubbed as “ClickFake Interview” is aimed to exploit job seekers. The move signals a shift in Lazarus group’s strategy, targeting less tech-savvy victims in the cryptocurrency sector. … Continued
Zscaler ThreatLabz has identified CoffeeLoader, a sophisticated malware loader that emerged in September 2024. Designed to deploy second-stage payloads while evading detection by endpoint security products, CoffeeLoader utilizes advanced evasion techniques, including GPU-based code execution, call stack spoofing, and Windows fiber manipulation. CoffeeLoader’s Architecture Packer (Armoury) GPU-Based Protection: Uses the GPU for executing decryption routines, … Continued
The Hellcat hacking group, which gained limelight in 2024, after a series of high-profile cyber attacks on major corporations like Schneider Electric, Telefónica, and Orange Romania. New research by KelaCyber has revealed the true identities of the group’s key members, Rey and Pyrx. Here’s a breakdown of their findings. Key Details From an obscure group … Continued
A sophisticated Android remote access trojan (RAT) known as PJobRat has resurfaced, targeting Taiwanese people through deceptive messaging applications. Background Initially discovered in 2019, PJobRat targeted active-duty military personnel in India by impersonating dating and instant messaging apps. After being inactive for several years, it has resurfaced in Taiwan. The most recent campaign in Taiwan … Continued
