VulnHub

A new variant of the NGate malware is targeting Android users by disguising itself within a trojanized version of HandyPay, a legitimate mobile payment app. This malware is designed to steal NFC payment data, posing a significant risk to users who rely on their smartphones for transactions. By embedding itself in a trusted application, attackers are increasing the chances that unsuspecting users will download and use the malicious version. Users of Android devices should be cautious about installing apps from unofficial sources and ensure they are using the latest security updates to protect their sensitive financial information. The implications of this malware are serious, as it could lead to unauthorized transactions and financial loss for those affected.

Researchers have discovered that 100 Chrome extensions, published through five different accounts, are part of a coordinated campaign designed to steal user data and create backdoors. These malicious extensions utilize shared command and control (C&C) infrastructure, indicating a well-organized effort by the attackers. Users who have installed these extensions are at risk of having their data compromised, which could lead to identity theft or other forms of online fraud. This incident serves as a reminder for users to be cautious when installing browser extensions and to regularly review their installed add-ons for any suspicious activity. The findings underscore the need for enhanced scrutiny of browser extensions to protect user privacy and security.

Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.

Google's threat intelligence team has identified a new extortion group known as UNC6783, which appears to be linked to the Raccoon persona. This group is specifically targeting Business Process Outsourcing (BPO) companies and helpdesk services, indicating a shift in focus towards sectors that handle sensitive customer data. The group's tactics may involve ransomware or other extortion methods, which poses significant risks to affected organizations. Companies in the BPO sector should be vigilant and enhance their security measures to protect against potential breaches and data leaks. As this threat evolves, understanding the methods and motivations behind it will be crucial for businesses in these industries.

Kaspersky has reported that SparkCat malware has resurfaced on app stores, specifically targeting cryptocurrency users in Asia. This malware has been found in applications available for both iOS and Android devices. Users downloading these apps may unknowingly expose their sensitive information, such as cryptocurrency wallet details, to attackers. This resurgence is particularly concerning given the increasing popularity of cryptocurrency among users, making them prime targets for cybercriminals. As the malware spreads, it underlines the need for users to be vigilant about the apps they download and the permissions they grant.

Recent research from Varonis Threat Labs has identified a new cybersecurity threat called Storm infostealer, which operates as a subscription service. This malicious software is designed to bypass the encryption used by Google Chrome, putting users' sensitive information at risk. It primarily targets web browsers, cryptocurrency wallets, and various online accounts. This is concerning because it can lead to identity theft and financial loss for affected individuals. As this service gains traction, it raises alarms about the potential for widespread exploitation of personal data.

The latest ThreatsDay Bulletin highlights a range of pressing cybersecurity threats impacting various systems. Researchers are reporting on the alarming trend of chaining together minor vulnerabilities to create significant backdoors, which could allow attackers to gain unauthorized access. Additionally, there are ongoing concerns about Android rootkits and methods for evading AWS CloudTrail logging, raising red flags for cloud security. These developments underscore the need for organizations to stay vigilant and proactive in patching software and monitoring their systems for unusual activity. With cyber threats evolving quickly, it’s crucial for companies to keep their defenses updated and educate their teams on the latest risks.

Google has released a series of updates to address 21 vulnerabilities in its Chrome browser, including a significant zero-day flaw identified as CVE-2026-5281. This vulnerability affects the Dawn component of Chrome and has been exploited in the wild, which means attackers are actively taking advantage of it. Users of Chrome are urged to update their browsers to the latest version to protect themselves against potential exploits. Keeping browsers up to date is crucial as these vulnerabilities can allow unauthorized access or manipulation of user data. The timely patching of such vulnerabilities emphasizes the ongoing need for vigilance in maintaining cybersecurity.

Google has addressed 21 vulnerabilities in its Chrome browser, including a serious zero-day flaw identified as CVE-2026-5281. This vulnerability is categorized as a use-after-free (UAF) issue in Dawn, which is part of the WebGPU standard utilized by Chromium and its derivatives. While specific details about the exploitation of this flaw are scarce, the fact that it has been flagged as 'in-the-wild' suggests that attackers are actively using it. Users of Chrome and other Chromium-based browsers should ensure they are running the latest versions to protect themselves from potential attacks. Keeping browsers updated is crucial because such vulnerabilities can lead to unauthorized access or other malicious activities.