Latest Intelligence
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
A new variant of the HOOK Android banking trojan has been identified, which now includes ransomware-style overlays to extort victims for ransom payments. This variant is notable for its ability to deploy full-screen overlays that display threatening messages to compel users to pay. Read Original »
Organizations Warned of Exploited Git Vulnerability
CISA has issued a warning to federal agencies regarding an exploited vulnerability in Git that allows for arbitrary file write and can lead to remote code execution. Organizations are urged to take immediate action to patch this vulnerability. Read Original »
FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands
The FTC has urged major tech companies to maintain their encryption standards and not to compromise security and privacy in response to requests from foreign governments. This call to action emphasizes the importance of protecting user data against external pressures for decryption. Read Original »
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google is implementing a verification process for all developers distributing apps on Android, including those outside the Play Store. This initiative aims to enhance accountability and reduce the risk of malicious applications being installed on certified Android devices. Read Original »
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, indicating they are actively being exploited. One of the vulnerabilities, CVE-2024-8068, affects Citrix Session Recording and involves improper privilege management. Read Original »
Hackers Lied In Wait, Then Knocked Out Iran Ship Comms
Lab-Dookhtegen has claimed responsibility for a significant cyberattack that targeted over 60 cargo ships and oil tankers owned by two Iranian companies that are under US sanctions. The attack specifically aimed to disrupt communications on these vessels. Read Original »
FTC Chair Tells Tech Giants to Hold the Line on Encryption
The FTC Chairman has urged major tech companies like Apple, Meta, and Microsoft to resist foreign government pressures to compromise their encryption standards. This stance emphasizes the importance of maintaining strong encryption for user security and privacy. Read Original »
ClickFix Attack Tricks AI Summaries Into Pushing Malware
The article discusses a cybersecurity issue where attackers exploit AI-generated content summaries to trick victims into following malicious instructions. Since the instructions appear credible, victims are more likely to act on them without suspicion. Read Original »
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
The article discusses a series of attacks attributed to the threat actor UNC6384, targeting diplomats and other entities to further China's strategic interests. These attacks utilize advanced social engineering techniques, including valid code signing certificates and adversary-in-the-middle attacks, to bypass security measures. Read Original »
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has addressed a critical security vulnerability in its Desktop app for Windows and macOS, identified as CVE-2025-9074, which could allow attackers to escape container confinement. The flaw has a high CVSS score of 9.3 and has been fixed in version 4.44.3. Read Original »
OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
OneFlip is a newly discovered Rowhammer-based attack that can compromise AI systems by flipping a single bit in neural network weights. This stealthy backdoor method does not degrade performance, posing significant risks to various AI applications. Read Original »
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
A new phishing campaign has been identified that uses fake voicemail and purchase order emails to distribute a malware loader known as UpCrypter. The campaign employs convincing phishing pages to trick recipients into downloading malicious JavaScript files. Read Original »
Fast-Spreading, Complex Phishing Campaign Installs RATs
A global phishing campaign is enabling attackers to not only steal credentials but also gain long-term, persistent access to corporate networks. This complex operation poses significant security risks to organizations. Read Original »
Securing the Cloud in an Age of Escalating Cyber Threats
The article emphasizes the need for organizations to abandon outdated security models as cyber threats become more severe and cloud adoption increases. It highlights the urgency for modernizing security approaches in response to evolving risks. Read Original »
Pakistani Hackers Back at Targeting Indian Government Entities
The article reports that the Pakistani state-sponsored hacking group APT36 is actively targeting Linux systems in a new campaign directed at Indian government entities. This marks a continuation of their efforts to compromise governmental cybersecurity. Read Original »