Aggregator

Favicorn: Favicorn takes a favicon and provides search result links across 10 platforms

A fresh variant of SquidLoader malware has surfaced, actively entering Hong Kong institutions with previously unheard-of stealth, which is alarming for the financial industry. This sophisticated loader achieves near-zero detection rates on platforms like VirusTotal, leveraging intricate anti-analysis, anti-sandbox, and anti-debugging mechanisms to deploy Cobalt Strike Beacons for remote access. The malware’s attack chain begins […]

The post SquidLoader Deploys Stealthy Malware with Near-Zero Detection to Evade Security Measures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TXT-записи доменов стали новым убежищем для вредоносного ПО.

A vulnerability was found in HPE AutoPass License Server up to 9.17 and classified as critical. Affected by this issue is some unknown functionality of the component hsqldb. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2025-37105. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ISC BIND up to 9.20.10/9.20.10-S1/9.21.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the component named. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2025-40777. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in IBM WebSphere Application Server and WebSphere Application Server Liberty 9.0. Affected is an unknown function of the component Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-36097. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Режим “Спасайся, кто может” активирован.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

The post SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices appeared first on CyberScoop.

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on