ALERT

ALERTS

HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY | March(16) April(92) May(99) June(94) July(83)

DATE	NAME	CATEGORY	SUBCATE	INFO
27.7.24	Threat Actor uses MSHTML flaw to distribute Atlantida InfoStealer	ALERTS	VIRUS	A malware campaign conducted by the threat actor known as Void Banshee, which distributes the Atlantida InfoStealer, has been reported. The attack exploits CVE-2024-38112, an MSHTML vulnerability, by abusing .URL files to execute through disabled Internet Explorer.
27.7.24	SeleniumGreed cryptomining operation	ALERTS	CRYPTOCURRENCY	SeleniumGreed is a recently disclosed cryptomining operation observed in the wild. The campaign targets exposed versions of Selenium Grid which is a component in Selenium open-source automation framework used for testing web applications.
27.7.24	Zilla Ransomware - a recent Crysis variant	ALERTS	RANSOM	Zilla is the latest Crysis/Dharma ransomware observed in the threat landscape. The malware encrypts user data and appends .ZILLA extension to the encrypted files. Alongside this custom extension, also a unique ID and the email address of the threat actors is added.
27.7.24	Phishing campaign targeted at users in India attributed to the Smishing Triad group	ALERTS	PHISHING	Fortinet researchers reported on a recent phishing operation targeting mobile users in India. The attack has been attributed to a threat group known as the Smishing Triad, known previously to be targeting various countries across the world with similar smishing runs.
27.7.24	Continuous espionage activities attributed to the Stonefly APT	ALERTS	APT	Symantec Security Response is aware of the recent joint alert from CISA, FBI and several other partners concerning a number of recent targeted activities attributed to the Stonefly APT group (also known as Andariel or DarkSeoul).
27.7.24	Malware campaign exploits SEO poisoning to target W2 Form seekers	ALERTS	EXPLOIT	A malware campaign has been reported targeting users searching for W2 forms through SEO poisoning techniques. Victims are redirected to spoofed IRS websites, where they are lured into downloading a masqueraded JS file disguised as a W2 form.
27.7.24	Russian-linked malware campaign targeting Indian political entities	ALERTS	VIRUS	A malware campaign believed to be orchestrated by a Russian-linked threat actor is reportedly targeting entities interested in Indian political affairs. Victims are lured with .LNK files disguised as genuine office documents.
26.7.24	RADAR Ransomware	ALERTS	RANSOM	Another ransomware group that employs double-extortion tactics has been making the rounds in the already crowded ransomware threat landscape. Calling themselves RADAR, the group compromises machines, encrypts the files, and appends them with a .[random8characters] extension.
26.7.24	Smishing in Japan – Utilities, financial services and shipping top lures	ALERTS	SPAM	Smishing, or SMS phishing, is increasingly becoming a favored tactic for cybercriminals due to the widespread use of mobile devices and generally high open rates of SMS messages compared to emails. Campaigns continue to proliferate around the world, and in some countries such as Japan, they are increasing exponentially with actors using utilities, financial services, and shipping as top lures.
26.7.24	Atlantida Stealer among the malware variants spread by Stargazer Goblin threat group	ALERTS	VIRUS	Atlantida Stealer has been determined as one of several malware payloads spread recently in a malware distribution campaign attributed to the threat actor known as Stargazer Goblin. Other payloads spread via this malware delivery service dubbed as Stargazers Ghost Network included RedLine, Lumma Stealer, Rhadamanthys and RisePro. As reported by researchers from Checkpoint, the attackers responsible for this operation have been leveraging compromised Github repositories and Wordpress sites to distribute archives containing the malicious binaries.
26.7.24	The increasing incidence of threats utilizing AI	ALERTS	AI	There has been a rise in cyber attacks using Large Language Models (LLMs) to generate malicious code. Symantec's Team has observed phishing campaigns where LLM-generated scripts download harmful payloads like Rhadamanthys, NetSupport, CleanUpLoader (Broomstick, Oyster), ModiLoader (DBatLoader), LokiBot, and Dunihi (H-Worm). This highlights the misuse of LLMs in cybercrime.
26.7.24	PicassoLoader Malware	ALERTS	VIRUS	There was a recent surge in activity from the group called UAC-0057 (aka GhostWriter). In this campaign, attackers are distributing Word documents that are macro-enabled with the intention of launching a malware loader known as PicassoLoader. This malicious loader is capable of deploying a Cobalt Strike Beacon onto the victim's machine.
25.7.24	New Linux Play ransomware targets ESXi servers	ALERTS	RANSOM	As recently reported by researchers from Trend Micro, a new Linux variant of the infamous Play ransomware has been observed to target the ESXi servers. Prior to execution, the malware runs checks to confirm that it is running within an ESXi environment. Play ransomware will also attempt to power off all running ESXi virtual machines before proceeding with the encryption process. .PLAY extension is added to the encrypted files and ransomware note is dropped in the VM's root directories. Some of the network infrastructure used by this Linux Play variant has been previously observed in attacks attributed to the threat actor known as Prolific Puma.
25.7.24	LummaC2 variant exploiting Steam for dynamic C2 domains	ALERTS	VIRUS	A new variant of LummaC2 has been observed exploiting the 'Steam' gaming platform. This variant now obtains dynamic C2 domains on demand, a departure from its previous technique of embedding C2 details within the sample itself. The malware stores a Steam URL, specifically a Steam account profile page, as executable code. Upon accessing this page, it parses a specific <tag> to extract a string, which is then decrypted to reveal the C2 domain.
25.7.24	New variant of the Jellyfish Loader observed in the wild	ALERTS	VIRUS	A new variant of the .NET-based Jellyfish Loader malware has been found in the wild. The malware has been reported as being distributed via a malicious .LNK file execution.
25.7.24	CVE-2024-4879 - ServiceNow Jelly Template Injection vulnerability	ALERTS	VULNEREBILITY	CVE-2024-4879 is a recently disclosed critical template injection vulnerability (CVSS score 9.3) affecting ServiceNow, which is a popular platform for digital business transformation. Successful exploitation of the flaw might allow the unauthenticated remote attackers to gain access and execute arbitrary code within the context of the Now Platform. The vulnerability has been already addressed in the patched software versions released by the application vendor.
25.7.24	BianLian Ransomware changes strategy	ALERTS	RANSOM	BianLian is a ransomware threat actor that has been active since mid-2022, specifically targeting the infrastructure sector in the US and Australia. As part of its attack vector, the threat actor typically exploits RDP credentials acquired through third parties or phishing to gain initial access. They deploy custom malware written in the Go programming language and utilize remote management and access software such as AnyDesk, Atera Agent, TeamViewer, etc., for persistence.
25.7.24	Threat Actors continue to exploit CVE-2024-21412	ALERTS	VULNEREBILITY	Threat actors continue to exploit CVE-2024-21412, a security bypass vulnerability in Microsoft Windows SmartScreen that was reported and patched in February 2024.
24.7.24	Malware-laden Word Document Delivering Daolpu Stealer	ALERTS	VIRUS	Following the recent outage which affected computers running Microsoft operating systems across the globe, attackers are continuously exploiting the incident to lure users into accessing malicious links or launching malware-laden files. A new attack linked to this incident has been discovered involving a Word document containing macros that execute and download an unidentified stealer dubbed Daolpu.
24.7.24	Protection Highlight: ScriptNN	ALERTS	PHISHING	Phishing is an all-too-common type of social engineering attack that attempts to steal user data by sending fraudulent communications, usually via email or SMS, which appear to come from a legitimate source. Phishing is predominantly employed at the first stage in a malware attack, whether the ultimate objective is reconnaissance or compromise.
24.7.24	Braodo: A new Python-based Infostealer in the cyber threat landscape	ALERTS	VIRUS	A new infostealer, named Braodo, has been observed circulating in the ever-evolving threat landscape. It is distributed through an archive file that includes a BAT file. When executed, this BAT file connects to GitHub to download a secondary BAT file and a ZIP archive containing the final Braodo infostealer payload.
24.7.24	Daggerfly group updates their toolset	ALERTS	GROUP	The Daggerfly (aka Evasive Panda, Bronze Highland) threat group, which has been active for at least a decade, has made some significant updates to their toolset. Symantec’s Threat Hunter Team has published a report providing details regarding Daggerfly tools such as the modular malware framework MgBot, Macma, a modular macOS backdoor, and a recently observed multi-stage backdoor identified as Suzafk.
24.7.24	FIN7 has a versatile attack arsenal	ALERTS	GROUP	Threat Actor FIN7 (also tracked under the names Carbon Spider, the Carbanak Group, and Sangria Tempest) is known for its proficiency in sophisticated campaigns and engineering attacks to gain initial access to corporate networks.
24.7.24	BlackSuit Ransomware poses as fake Antivirus Installer	ALERTS	RANSOM	New variants of BlackSuit ransomware have been observed in the wild, employing deceptive tactics to evade detection. Recently, they masqueraded as fake Qihoo 360 antivirus installers to deceive victims. Once installed, the malware encrypts user files and appends the .blacksuit extension.
24.7.24	CyberVolk Ransomware	ALERTS	RANSOM	A new strain of ransomware dubbed CyberVolk has been reported. This ransomware is written in C/C++ and features a unique encryption algorithm developed entirely by the group behind the malware.
24.7.24	RA World Ransomware group	ALERTS	RANSOM	Researchers at Palo Alto Networks have provided an analysis of the RA World Ransomware group. This group has been active since 2023 and has targeted victims worldwide across multiple industries.
24.7.24	RA World Ransomware group	ALERTS	RANSOM	In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign.
24.7.24	FakeApp Campaign: South Korea's Financial Institutions' Mobile Users Targeted	ALERTS	CAMPAIGN	In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign.
24.7.24	New backdoor spreading in Seedworm malspam campaign	ALERTS	CAMPAIGN	Recently the APT group Seedworm has been observed deploying a previously undocumented backdoor named Bugsleep, primarily via a phishing campaign with PDFs containing malicious links targeting organizations in the Middle East. Once deployed this new backdoor allows attackers to execute remote commands and exfiltrate files to the C&C server.
24.7.24	Tag-100: Emerging threat actor exploiting appliance vulnerabilities	ALERTS	GROUP	A new threat actor, dubbed Tag-100, has been reported targeting government and private sector entities worldwide. This threat actor exploits vulnerabilities in appliances to initiate its attacks and has been observed exploiting known vulnerabilities in appliances such as Citrix NetScaler.
24.7.24	Copybara Android malware	ALERTS	VIRUS	Copybara is a banking Trojan affecting Android mobile devices and has been observed targeting users in Italy. Threat actors use previously obtained contact details and portray themselves as bank employees to socially engineer victims into downloading the malicious application by way of SMS phishing and voice phishing, also known as smishing and vishing respectively.
24.7.24	NullBulge exploiting code repositories in AI and Gaming Sectors	ALERTS	AI	n response to the threat actors exploiting security vulnerabilities in AI and gaming-focused entities, a new group dubbed NullBulge has been reported.
24.7.24	Health Insurance Fund (NEAK) Targeted with Lokibot Malware	ALERTS	VIRUS	A recent report has revealed that the National Health Insurance Fund (NEAK) based in Hungary was targeted by attackers who aimed to deploy Lokibot malware.
24.7.24	Grayfly is targeting and compromising multiple sectors	ALERTS	APT	Over the past few weeks, multiple campaigns have been reported, carried out by the China-linked APT group Grayfly also known as APT41.
19.7.24	New variant of BeaverTail malware targets job seekers	ALERTS	VIRUS	A new variant of the BeaverTail malware has been reported, distributed via a macOS DMG file that mimics the legitimate video call service MiroTalk. This campaign is linked to North Korean hackers targeting job seekers. The updated malware is a native Mach-O executable capable of stealing sensitive data from web browsers and cryptocurrency wallets.
19.7.24	APT17 Campaign: New variants of 9002 RAT targeting Italian government entities	ALERTS	APT	A malware campaign by the APT17 group has been reported, distributing newer variants of 9002 RAT. The campaign specifically targets government entities and Italian companies. Users are lured with a link to a masqueraded Italian government domain, purportedly to download a Skype installer.
19.7.24	UAC-0180 Phishing Campaign Targeting Ukrainian	ALERTS	GROUP	A recent phishing campaign was observed by researchers targeting Ukrainian defense enterprises on the topic of Unmanned Aerial Vehicle (UAV) purchasing. The distributed email includes a ZIP attachment with a PDF file containing a malicious link.
19.7.24	RDPWrapper and Tailscale leveraged in recent malspam campaign	ALERTS	CAMPAIGN	Researchers have uncovered a multi-stage cyberattack campaign starting with a malicious zip file containing a .lnk shortcut file that was likely spread via phishing emails. Upon execution, the .lnk file downloads a PowerShell script enabling threat actors access via RDP.
19.7.24	ShadowRoot Ransomware	ALERTS	RANSOM	Threat researchers have identified a new ransomware called ShadowRoot which targets businesses in Turkey. The attack starts with a PDF attachment sent via suspicious emails from the "internet[.]ru" domain. If a user clicks on the embedded links within the PDF, it triggers the download of an executable payload that proceeds to encrypt files. Encrypted files have their extensions changed to ".shadowroot".
19.7.24	Phishing malware campaign targeting Ukrainian Government entities linked to Russian Threat Actor UNC4814	ALERTS	PHISHING	Symantec has observed a phishing malware campaign targeting government entities in Ukraine. Based on the attack vector and behavior, Symantec believes UNC4814, a suspected Russian threat actor, is responsible for the campaign. The threat actor initiates attacks by sending phishing emails with HTA files attached, masquerading as bills and payment notifications.
19.7.24	Zero-Day Exploit: Malicious .url Files Leveraging CVE-2024-38112 on Windows	ALERTS	EXPLOIT	An ongoing campaign targeting Windows users has been observed. Threat actors distribute phishing emails containing Windows Internet Shortcut files with a .url extension.
18.7.24	Killer Ultra Malware	ALERTS	VIRUS	A tool used in Qilin ransomware attacks known as "Killer Ultra" was recently uncovered by researchers. It disables endpoint detection and response (EDR) and antivirus (AV) tools, using a Zemana driver to terminate their processes.
18.7.24	Noxious Stealer	ALERTS	VIRUS	A new stealer malware dubbed Noxious Stealer was recently identified by researchers. This Python-based open-source tool, currently hosted on GitHub, possesses several capabilities such as collecting sensitive user data including billing details, emails, phone numbers, tokens, as well as system information such as cookies, browsing history, and WiFi passwords.
18.7.24	Specially crafted HTML files allow for abuse of Windows search	ALERTS	SPAM	Attackers have been recently observed abusing Windows search in order to redirect users to malware. The attack begins by sending the targets malspam with specially crafted HTML files that are designed to abuse the built-in Windows search functionality, once these files are opened they redirect to an externally hosted site to download malware of the attackers choice.
18.7.24	Jenkings Script Console exploited for cryptocurrency mining	ALERTS	CRYPTOCURRENCY	Improperly configured Jenkins Script Console instances (such as Jenkins Groovy plugin) have been weaponized by attackers leading to criminal activities such as the deployment of cryptocurrency miners, and backdoors to gather sensitive information.
18.7.24	Phishing campaign impersonating Afrihost services	ALERTS	CAMPAIGN	Afrihost is a South African Internet Service Provider (ISP) that offers services such as ADSL broadband, wireless, mobile services, and web hosting. Recently, Symantec has observed phishing campaigns impersonating Afrihost services. These campaigns involve fake notification emails that urge recipients to update their payment methods to avoid service interruption.
18.7.24	CVE-2024-36401: Vulnerability in OSGeo GeoServer GeoTools	ALERTS	VULNEREBILITY	CVE-2024-36401 (CVSS score: 9.8) is a vulnerability in OSGeo GeoServer GeoTools, with evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data.
18.7.24	Malware disguised as cracked versions of MS Office	ALERTS	VIRUS	Threat researchers discovered malware disguised as cracked versions of MS Office. It spreads through downloads and torrents, enabling attackers to control infected systems via updates. The malware adapts installation methods based on the presence of V3 security software. It uses the task scheduler for persistence, ensuring it remains active even if detected.
18.7.24	BadPack method used in Android malware	ALERTS	VIRUS	BadPack is a method observed in malware which targets Android mobile devices. The authors of BadPack manipulate header information of the APK file format which effectively breaks the file and prevents manual analysis.
16.7.24	Quasar RAT delivered via Home Trading System	ALERTS	VIRUS	Threat researchers have identified Quasar RAT malware being distributed via a private Home Trading System (HTS), a tool that allows investors to trade from their own PCs. However, the HTS (aka HPlus) used in these attacks is unsearchable and its provider remains unknown.
16.7.24	Malicious Word Document Spreading Stealer Malware	ALERTS	VIRUS	An ongoing campaign has revealed a stealer malware initially distributed through Word documents. This malware infects computers, retrieves the device’s IP address, and subsequently sends the user’s browser information to a dedicated command-and-control (C2) server operated by the attackers, with the data customized for different countries.
16.7.24	CVE-2024-36991 - Path Traversal vulnerability in Splunk Enterprise	ALERTS	VULNEREBILITY	CVE-2024-36991 (CVSS: 7.5 High) is a path traversal vulnerability in Splunk Enterprise, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, helping organizations derive insights from this data.
15.7.24	Poco RAT phishing campaign targeting Spanish speakers	ALERTS	VIRUS	Since early 2024, an ongoing phishing campaign has been targeting Spanish speakers, distributing a new remote access trojan (RAT) known as Poco RAT.
15.7.24	CRYSTALRAY's Ongoing Operations Leveraging SSH-Snake	ALERTS	GROUP	Since February 2024, researchers have been tracking the evolving threat actor CRYSTALRAY. The group was observed to leverage the use of a network mapping tool called SSH-Snake, a self-modifying worm malware which exploits compromised SSH credentials to spread through networks.
12.7.24	OilAlpha targets Arabic-speaking humanitarian NGOs in Yemen	ALERTS	APT	OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. According to reports, users are lured to a deceptive web portal that mimics the generic login interfaces of humanitarian organizations such as CARE International and the Norwegian Refugee Council, with the aim of stealing credentials.
12.7.24	Vultur Campaign: Clothing Retailer Brand Abused in Fake App Scheme	ALERTS	CAMPAIGN	Brands of all genres are constantly abused by cybercriminals to target specific demographics, and financial institutions are usually the ones most impersonated.
12.7.24	DodgeBox Loader Loading MoonWalk Backdoor	ALERTS	VIRUS	Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
12.7.24	Tax-Themed Android Malware Targeting Uzbekistan Mobile Users	ALERTS	VIRUS	Taxes have been and continue to be prevalently used in social engineering tactics around the world to trick users (both consumers and enterprises) into deploying malware on their machines, entangling themselves in BEC scams, inputting sensitive data into phishing websites, and more.
11.7.24	Despite group disruptions, ransomware activity not decreasing	ALERTS	RANSOM	In a newly released report, Symantec’s Threat Hunter Team shares insight into observed ransomware activity. The data shows that despite disruptions affecting Lockbit and Noberus groups and a downward trend between the last quarter of 2023 and the first quarter of 2024, activity is still on the rise.
11.7.24	ViperSoftX: Evolving tactics from Torrent software lures to eBook disguises	ALERTS	VIRUS	ViperSoftX is an infostealer that continues to evolve and enhance its tactics and techniques. Initially, attackers leveraged pirated versions of popular software to lure users, often distributed through torrent sites.
11.7.24	GuardZoo: Android spyware targeting middle eastern defense entities	ALERTS	VIRUS	An Android spyware dubbed GuardZoo has been observed targeting defense entities in the Middle East. It is believed to be associated with the Houthi rebel faction in Yemen.
11.7.24	Ghostscript (CVE-2024-29510)	ALERTS	VULNEREBILITY	Symantec is aware of a remote code execution vulnerability (CVE-2024-29510) in the "Ghostscript" document conversion toolkit used on Linux systems.
10.7.24	Water Sigbin exploits vulnerabilities to deliver cryptocurrency miner	ALERTS	CRYPTOCURRENCY	The threat actor Water Sigbin (aka 8220 Gang) has exploited vulnerabilities in the Oracle WebLogic Server ( CVE-2017-3506 and CVE-2023-21839) to deliver a cryptocurrency miner called XMRing to the compromised systems.
10.7.24	Protection Highlight: Recent Sideloading Attacks	ALERTS	HACKING	In this bulletin however we'll talk about sideloading as it relates to the cybersecurity field. MITRE defines sideloading attacks in T1574.002 as a type of (search order) Hijack Execution Flow, which exploits the way Windows applications load DLLs.
9.7.24	Popular sticky-note installers trojanized to push malware	ALERTS	VIRUS	A recent report by (CTA) member Rapid7 has recently disclosed that popular sticky-note app 'Notezilla' installers have been trojanized in order to deliver malware.
9.7.24	Recent Water Hydra APT Activity Exploiting CVE-2024-21412	ALERTS	APT	In early 2024, threat researchers exposed the DarkGate campaign, exploiting CVE-2024-21412 via fake software installers. Afterwards, the APT group Water Hydra used the same vulnerability to target financial traders with the DarkMe RAT, bypassing SmartScreen.
8.7.24	Zergeca: A new Golang botnet with advanced capabilities	ALERTS	BOTNET	A new botnet, dubbed Zergeca and written in Golang, has been observed in the wild. In addition to conducting distributed denial-of-service (DDoS) attacks, the botnet includes several other features such as proxy-based obfuscation.
8.7.24	Beware of Orcinius trojan's multi-stage attack via Dropbox and Google docs	ALERTS	VIRUS	Beware of the Orcinius trojan malware! It's a multi-stage trojan reported to utilize Dropbox and Google Docs as part of its attack vector for downloading secondary payloads.
8.7.24	Neptune Stealer	ALERTS	VIRUS	A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection.
5.7.24	Mekotio malware targets banking users in Latin America	ALERTS	VIRUS	Mekotio is a banking trojan active in the threat landscape since at least 2015 and targeting predominantly the Latin America region.
5.7.24	Religion as Bait: AndroRAT Targets Nigerian Mobile Users	ALERTS	VIRUS	Nigeria features a vibrant religious landscape with multiple different faiths shaping the country.
5.7.24	Fake Sex Tapes of Turkish Celebrities Fuel SpyNote Spread	ALERTS	VIRUS	Fake sex tapes remain a common social engineering lure used by malware actors due to their ability to evoke strong emotions potentially resulting in impulsive actions.
5.7.24	CVE-2024-37051 - JetBrains IntelliJ IDEs vulnerability	ALERTS	VULNEREBILITY	CVE-2024-37051 is a recently disclosed critical vulnerability impacting Jetbrains IntelliJ integrated development environment (IDE) apps.
5.7.24	LukaLocker ransomware distributed by Volcano Demon group	ALERTS	RANSOM	LukaLocker is a newly seen offering from a ransomware group dubbed Volcano Demon. Recently observed attacks were prefaced by exfiltration of data using harvested credentials.
4.7.24	Disguised e-book delivering AsyncRAT	ALERTS	VIRUS	Former reports detailed how AsyncRAT malware is usually distributed via file extensions such as .chm, .wsf, and .lnk. Attackers disguise malware as 'survey' content in document files and more recently as e-books.
4.7.24	CosmicSting (CVE-2024-34102) - XXE vulnerability is targeting Adobe Commerce and Magento	ALERTS	VULNEREBILITY	CVE-2024-34102 is a critical (CVSS: 9.8) XML External Entity Reference (XXE) vulnerability in Adobe commerce and Magento, which are popular E-commerce platforms.
4.7.24	CVE-2024-29849 - Veeam Backup Enterprise Manager authentication bypass vulnerability	ALERTS	VULNEREBILITY	CVE-2024-29849 is a recently disclosed critical authentication bypass vulnerability (CVSS score 9.8) affecting Veeam Backup Enterprise Manager.
4.7.24	CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz	ALERTS	VULNEREBILITY	CVE-2024-36104 is a Path traversal vulnerability in Apache OFBiz, which is a comprehensive suite of business applications. Due to improper restrictions on special characters (such as;, %2e) in HTTP request URLs,
4.7.24	k4spreader: New malware tool used by '8220' Chinese threat actor group	ALERTS	GROUP	A new malware tool known as k4spreader has been observed being used by the '8220' Chinese threat actor group in recent campaigns.
3.7.24	RegreSSHion (CVE-2024-6387)	ALERTS	VULNEREBILITY	Symantec is aware of the "regreSSHion" vulnerability (CVE-2024-6387), which is a critical remote code execution (RCE) flaw in OpenSSH.
3.7.24	Protection Highlight: CVE-2024-4577 PHP-CGI Argument Injection Vulnerability	ALERTS	VULNEREBILITY	PHP is a general-purpose server scripting language and a powerful scripting tool for making dynamic and interactive Web pages. CVE-2024-4577 is a high-severity (CVSS: 9.8) argument injection vulnerability affecting PHP when running in CGI mode.
3.7.24	Apple IDs Targeted in US Smishing Campaign	ALERTS	HACKING	Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims.
3.7.24	CVE-2024-31982 - XWiki RCE vulnerability	ALERTS	VULNEREBILITY	CVE-2024-31982 is a recently disclosed remote code execution (RCE) vulnerability affecting XWiki, which is a popular open-source and Java-based wiki platform.
2.7.24	Datebug APT continues to spread CapraRAT Android malware	ALERTS	APT	Renewed malicious activity associated to the Datebug APT (aka. Transparent Tribe or APT36) has been reported by researchers from Sentinel One.
2.7.24	Poseidon infostealer targeting macOS	ALERTS	VIRUS	Poseidon is a new infostealer variant targeting the macOS platform. The malware is an evolution of the older variant known as RodStealer.
2.7.24	MerkSpy malware payload delivered through exploitation of CVE-2021-40444 vulnerability	ALERTS	VIRUS	Researchers from Fortinet have reported on a new campaign delivering the MerkSpy malware.
2.7.24	Kematian Stealer	ALERTS	VIRUS	Researchers have reported a new stealer-type malware dubbed Kematian. This PowerShell-based tool is used for covertly accessing and transferring data from Windows systems.
2.7.24	Fake ZainCash App Steals Mobile User Data	ALERTS	VIRUS	ZainCash, a comprehensive mobile wallet service licensed under the Central Bank of Iraq, designed to provide a variety of digital financial services, has become one of the latest Fintech brands abused by cybercriminals.