Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft.
The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to dece…
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft.
The malware, according to Thre… [+4696 chars]
Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices.
"The developer runs dedic…
Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time survei… [+10631 chars]
Large stone tool workshop from the Second Temple period, which produced tools for Jews some 2,000 years ago, uncovered in a cave on the eastern slopes of Mount Scopus in Jerusalem.
A large stone tool workshop from the Second Temple period, which produced tools for Jews some 2,000 years ago, was uncovered in a cave on the eastern slopes of Mount Scopus in Jerusalem. In the under… [+5679 chars]
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to t…
Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign
ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign … [+4043 chars]
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.
The coordinated campaign h…
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the … [+6665 chars]
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
A North Korean hacking campaign is targeting financial technology and cryptocurrency firms with attacks which combine social engineering, deepfakes and MacOS malware.
The attacks have been detailed … [+2801 chars]
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft.
"The intrusion relied on a social enginee…
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitatin… [+5452 chars]
Romance scams are among the most emotionally damaging forms of cyber crime because they combine carefully manufactured intimacy with financial theft – the scammers go after your heart, and then your wallet.
Romance scams are among the most emotionally damaging forms of cyber crime because they combine carefully manufactured intimacy with financial theft the scammers go after your heart, and then your wa… [+5396 chars]
In the lead up to Valentine’s Day, dating apps get busier – and so do scammers.
Maria Korneeva/Getty Images
Romance scams are among the most emotionally damaging forms of cyber crime because they combine carefully manufactured intimacy with financial theft – the scammers go aft… [+5235 chars]
The Mandiant security team says North Korean hackers are upgrading their social engineering tactics to include AI-generated video.
In brief
<ul><li>North Korean actors are targeting the crypto industry with phishing attacks using AI deepfakes and fake Zoom meetings, Google warned.</li><li>More than $2 billion in crypto was stol… [+5421 chars]
ZeroDayRAT is a commercial mobile spyware that grants full remote access to Android and iOS devices for spying and data theft. ZeroDayRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices. I…
ZeroDayRAT spyware grants attackers total access to mobile devices
ZeroDayRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices. … [+3478 chars]
ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access
A new mobile spyware operation known as ZeroDayRAT has been documented targeting both Android and iOS devices.
The cross-platform tool provides attackers with persistent access to personal communica… [+3082 chars]
ZeroDayRAT is a new spyware sold on Telegram that targets Android and iOS devices with live surveillance, keylogging, and financial theft.
Weve said this time and time again, but you have to be vigilant about links sent by unknown senders, suspicious email attachments, and downloading apps outside of authorized app stores. According to … [+2417 chars]
A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices. [...]
A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices.
The… [+2917 chars]
Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform langua…
Microsoft: Info-Stealing malware expands from Windows to macOS
Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusi… [+5179 chars]
None
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can lea… [+3500 chars]
High Vulnerabilities
<table>
<tr>
<th>PrimaryVendor -- Product</th>
<th>Description</th>
<th>Published</th>
<th>CVSS Score</th>
<th>Source Info</th>
<th>Patch Info</th>
</tr>
<tr>
<td>Agatasoft--AgataSoft PingMaster Pro</td>
<td>AgataSoft PingMaster Pr…
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS s… [+899 chars]
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services…
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning arti… [+4070 chars]
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, o…
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected d… [+24771 chars]
Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit…
Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server (VDS) provider used by multiple financially motivated threat actors to commit busine… [+28173 chars]
NEW HAVEN, Conn. (WTNH) — New Haven Police Chief Karl Jacobson admitted theft and misuse of public funds, Mayor Justin Elicker announced during a press conference Monday. Jacobson allegedly admitted to taking money from a city fund used for confidential infor…
Skip to comments.
New Haven police chief admits to theft, misuse of fundsWTNH.com ^
| Ronin Himelrick
Posted on 01/06/2026 7:46:40 AM PST by Puppage
NEW HAVEN, Conn. (WTNH) New Haven Police Chie… [+1661 chars]
North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts.
On Thursday, December 18, 2025, cybersecurity firm Darktrace released new research regarding a dangerous new variant of BeaverTail malware, a JavaScript-based information stealer.
Linked to North K… [+3392 chars]
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers
A newly observed variant of the BeaverTail malware has been tied to hackers associated with North Korea.
The findings come from Darktrace’s latest The State of Cybersecurity report, which links Beav… [+3097 chars]
SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.
SimpleX Chat, a privacy-first messaging platform known for avoiding user identifiers and emphasising metadata protection, confirmed that its official X (formerly Twitter) account was compromised in a… [+4047 chars]
The U.S. is probing how Chinese operators used AI in a cyber-espionage campaign as experts warn similar tools could hit on-chain finance.
In brief
<ul><li>U.S. committees are reportedly seeking details on how Anthropics Claude Code was used in a state-linked cyberattack.</li><li>Anthropic disclosed earlier this month that the threat g… [+3901 chars]
