TECHZONE™

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization https://thehackernews.com/2025/06/scattered-spider-understanding-help.html In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.  This coverage is extremely valuable for the cybersecurity community as it raises

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.  The update will affect all Transport Layer Security (TLS)

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out of bounds read and write in V8 in Google

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN https://thehackernews.com/2025/06/preinstalled-apps-on-ulefone-kruger.html Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows - CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More https://thehackernews.com/2025/06/weekly-recap-apt-intrusions-ai-malware.html If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them. The problem isn’t too

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats https://thehackernews.com/2025/06/the-secret-defense-strategy-of-four.html The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.  "In what appears to be a multi-stage phishing operation, the attackers

This month in security with Tony Anscombe – May 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2025/ From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and