New Chinese Zhong Stealer Infects Fintech via Customer Support
A new malware threat called Zhong Stealer has surfaced from China, and it’s already slipping into businesses through an unexpected entry point – customer support…
Author: Cybernoz
Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners Pierluigi Paganini March 04, 2025 A massive attack targets ISPs in…
Google fixes Android zero-day exploited by Serbian authorities
Google has released patches for 43 vulnerabilities in Android’s March 2025 security update, including two zero-days exploited in targeted attacks. Serbian authorities have used one…
Docusnap for Windows Flaw Exposes Sensitive Data to Attackers
A recently disclosed vulnerability in Docusnap’s Windows client software (CVE-2025-26849) enables attackers to decrypt sensitive system inventory files through a hardcoded encryption key, exposing critical…
How New AI Agents Will Transform Credential Stuffing Attacks
Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about…
CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, to its Known Exploited Vulnerabilities (KEV) catalog amid…
Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
Mar 04, 2025Ravie LakshmananNetwork Security / Ransomware Internet service providers (ISPs) in China and the West Coast of the United States have become the target…
Flash drive prices bump along, as SAS HDDs gain mystery bounce
Solid-state drive (SSD) prices per gigabyte (GB) dropped over the last two quarters – since the beginning of September 2024 – while SAS hard disk…
Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector
Mar 04, 2025Ravie LakshmananCyber Espionage / Malware Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities…
Google Warns of Critical Android Vulnerabilities Under Exploit
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws, impacting Android versions 12 through 15,…
CISA Adds Five New Known Exploited Vulnerabilities To Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in…
BigAnt Server Vulnerability Lets Attackers Run Malicious Code Remotely
A critical vulnerability in BigAntSoft’s enterprise chat server software has exposed ~50 internet-facing systems to unauthenticated remote code execution attacks. Designated CVE-2025-0364, this exploit chain enables…