Skip to content
Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking appsRead More »Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combiningRead More »⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their missionRead More »When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence ResearchRead More »ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. “In this incident, the threat actor used the tool to download and execute Visual Studio CodeRead More »Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorizationRead More »WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Friday Squid Blogging: Catching Humboldt Squid

First-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below – CVE-2025-53693 – HTML cache poisoning through unsafe reflections CVE-2025-53691 – Remote code execution (RCE) through insecure deserializationRead More »Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Copyright © 2026 infosecintel.net