Researchers have discovered two new Android malware strains named BankBot-YNRK and DeliveryRAT that are actively stealing users’ financial and personal information. These trojans were found disguised as legitimate applications and are spreading through deceptive downloads and fake app packages targeting Android devices. BankBot-YNRK is a mobile banking trojan that hides inside apps pretending to be … Continued
Researchers have identified a new backdoor named HttpTroy used in a targeted cyberattack against a victim in South Korea. Security analysts link the campaign to the APT group Kimsuky, which has been associated with North Korea and known for focused espionage operations. The attackers delivered the malware through a realistic-looking VPN invoice. The invoice was … Continued
Application Security (AppSec) has become an essential part of modern software development. It ensures that applications stay secure during their design, build, and deployment phases. As DevOps pipelines speed up and cloud-native systems grow, organizations increasingly depend on Application Security Testing (AST) tools to find and fix vulnerabilities early in the lifecycle. A previous post, … Continued
The Eclipse Foundation has announced that it has revoked a small number of access tokens used in its Open VSX Registry after a security firm discovered they had been leaked. These tokens were used by developers to publish or update extensions, and if misused, they could have allowed attackers to upload malicious versions. The Foundation … Continued
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a new VMware zero-day vulnerability, tracked as CVE-2025-41244. The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) list, which means it is being actively used in real-world attacks. Security experts say this vulnerability needs immediate attention from all organizations using … Continued
As organizations move to cloud environments, the need for skilled cloud security professionals is rising. The global cloud security market, valued at $35.84 billion in 2024, is expected to grow to $75.26 billion by 2030, with a compound annual growth rate of 13.3% [Grand View Research]. The urgency is further emphasized by the alarming statistic … Continued
A major data breach has occurred at Ravin Academy, a cybersecurity training centre established in 2019 in Tehran and linked to Iran’s Ministry of Intelligence and Security (MOIS). The academy confirmed the incident through a statement on its official Telegram channel on October 22, saying that one of its online platforms was attacked and that … Continued
Security researchers recently discovered that ten malicious npm packages were uploaded to the public npm registry. These packages were designed to look like legitimate ones but had slightly altered names, a trick known as typosquatting. The goal was to make developers accidentally install them, allowing attackers to secretly execute malicious code during the installation process … Continued
Russian hackers have launched a new cyberattack campaign targeting Ukrainian organizations. Security researchers discovered that these hackers used legitimate system tools already present on computers instead of traditional malware. This stealthy method allowed them to move through networks quietly, steal information, and remain undetected for long periods. The investigation revealed that two Ukrainian organizations were … Continued
SideWinder, a known hacking group, has launched a new cyber campaign targeting diplomats and government organizations across South Asia. Security experts from the Trellix Advanced Research Center uncovered this operation and revealed that the group is now using PDF files and ClickOnce installers to spread malware. This shows how SideWinder continues to evolve its techniques … Continued
