Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

/in

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace.
The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming

The Hacker News – ​Read More

Iranian ransomware group offers bigger payouts for attacks on Israel, US

/in

The Iran-linked ransomware-as-a-service group Pay2Key.I2P reportedly told affiliates that they can keep a larger cut of extortion payments if they attack entities within Iran’s adversaries.

The Record from Recorded Future News – ​Read More

The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore

/in

As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors.

The post The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore appeared first on SecurityWeek.

SecurityWeek – ​Read More

4 Critical Steps in Advance of 47-Day SSL/TLS Certificates

/in

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.

darkreading – ​Read More

Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection

/in

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework.

darkreading – ​Read More

Marks & Spencer chair refuses to say if retailer paid hackers after ransomware attack

/in

The retail giant’s chair confirmed the breach was caused by ransomware.

Security News | TechCrunch – ​Read More

New spyware strain steals data from Russian industrial companies

/in

Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.

The Record from Recorded Future News – ​Read More

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

/in

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise.

The post SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover appeared first on SecurityWeek.

SecurityWeek – ​Read More

Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud

/in

Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud.

darkreading – ​Read More

Infostealers-as-a-Service Push Identity Hacks to Record Highs

/in

Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service & infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise business emails.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More