Friday , February 14 2025

Cyber Attack

“Astaroth” Phishing Kit Bypasses 2FA Of Gmail, Yahoo, AOL, M365

Astaroth

The new Astaroth Phishing Kit can bypass two-factor authentication to steal login credentials for Gmail, Yahoo, and Microsoft. It uses a reverse proxy, captures credentials in real-time, and hijacks sessions. The new phishing kit called Astaroth has been found on cybercrime networks by SlashNext threat researchers. Astaroth can bypass two-factor …

Read More »

CVE-2023-38831
Malware campaign target Bangladeshi Government Entities: Report

Government Entities

A sophisticated malware campaign is targeting military and government entities in Bangladesh. It uses social engineering to deliver malicious files disguised as official documents, aiming to infiltrate secure networks, steal credentials, and access sensitive systems. The attack starts with a WhatsApp message that forwards a file (like 508.rar) pretending to …

Read More »

FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

CYFIRMA

CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through fake mobile apps. These apps, distributed via phishing links and social engineering, closely resemble the real bank apps, deceiving users into sharing their credentials and personal information. The malware uses advanced techniques, such as encrypted …

Read More »

Paragon spyware targeted victims in dozens of European countries: Italy says

European countries

WhatsApp revealed that seven Italians, along with victims from over a dozen other European countries, were targeted by spyware in a widespread hacking campaign, according to the Italian government. Italy’s cybersecurity agency, Agenzia per la Cybersicurezza Nazionale (ANC), is investigating alleged hacking attempts by Paragon Solutions, according to a statement …

Read More »

Sophisticated malware attack on Indian Banks; Exposes 50,000 users

Indian Bank

The zLabs research team found a mobile malware campaign with nearly 900 malware samples aimed at Indian bank users. Analysis shows shared code, interfaces, and logos, indicating a single group behind the attacks on Android devices. Zimperium’s detection engine successfully identified these as Trojan Bankers targeting Indian financial institutions. This …

Read More »

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …

Read More »

.Gov Domains Weaponized in Phishing Surge

.gov

A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to execute phishing campaigns. Between November 2022 and November 2024, attackers have leveraged vulnerabilities in government websites from various countries to host malicious content, act as command-and-control (C2) servers, and funnel …

Read More »

Paragon Attack WhatsApp With New Zero-Click Spyware

paragon

WhatsApp reveiled on Friday that a “zero-click” spyware attack, linked to the Israeli company Paragon, has targeted many users globally, including journalists and civil society members. The spyware targeted almost 100 WhatsApp users, including journalists, and operated without user interaction, links, or attachments, making it particularly dangerous. Reuters reported that …

Read More »