Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. The…
Author: Cybernoz
8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Groups
A critical Windows vulnerability that has been exploited since 2017 by state-sponsored threat actors has been uncovered recently by researchers. The vulnerability, tracked as ZDI-CAN-25373,…
Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices
Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices, particularly in the era of the Internet of Things (IoT). These…
Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads
Cybersecurity researchers at Bitdefender have discovered a malicious ad fraud campaign that has successfully deployed over 300 applications within the Google Play Store. These malicious…
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber…
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code
ClearFake, a malicious JavaScript framework first identified in July 2023, has evolved with sophisticated new social engineering tactics. Originally designed to display fake browser update…
Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials
A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts to trick users into transferring…
Bybit Hack – Sophisticated Multi-Stage Attack Details Revealed
Cryptocurrency exchange Bybit detected unauthorized activity involving its Ethereum cold wallets, leading to a major security breach. The incident occurred during an ETH multisig transaction…
DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide
The cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a “Document Viewing Authentication App” to…
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
Mar 18, 2025Ravie LakshmananVulnerability / Firmware Security A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow…
ChatGPT SSRF bug quickly becomes a favorite attack vector
ChatGPT SSRF bug quickly becomes a favorite attack vector Pierluigi Paganini March 18, 2025 Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as…
Google to purchase Wiz for $32 billion in cloud security play
Google announced today a definitive agreement to acquire leading cloud security platform Wiz for $32 billion in an all-cash transaction. Wiz was founded in 2020…