Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat.
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered fourRead More »Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. “The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware,” Kaspersky researchers Denis Kulik and Daniil Pogorelov said. “One ofRead More »China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
Episource, a medical billing organization, has notified individuals that their personal and health data was stolen in a cyberattack.
An unencrypted, non-password-protected database was discovered, associated with a prominent adoption agency.
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.Read More »Microsoft Fix Targets Attacks on SharePoint Zero-Day
Iranian APT MuddyWater has been using new versions of the DCHSpy Android surveillance tool since the beginning of the conflict with Israel. The post Iranian APT Targets Android Users With New Variants of DCHSpy Spyware appeared first on SecurityWeek.
Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe.Read More »⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Cierant Corporation and Zumpano Patricios independently disclosed data breaches, each impacting more than 200,000 individuals. The post Marketing, Law Firms Say Data Breaches Impact Over 200,000 People appeared first on SecurityWeek.
By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, securesRead More »Assessing the Role of AI in Zero Trust
