Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

/in

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s contacts list.
“Recent

The Hacker News – ​Read More

Google Researchers Find New Chrome Zero-Day

/in

Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.

The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names

/in

Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute.

The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

/in

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
“By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice president at Microsoft

The Hacker News – ​Read More

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

/in

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”
The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. 
The update will affect all Transport Layer Security (TLS)

The Hacker News – ​Read More

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

/in

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
“Out of bounds read and write in V8 in Google

The Hacker News – ​Read More

EMR-ISAC Shuts Down: What Happens Now?

/in

The Emergency Management and Response – Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.

darkreading – ​Read More

Exploitation Risk Grows for Critical Cisco Bug

/in

New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.

darkreading – ​Read More

Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed

/in

Luxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information.

The post Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed appeared first on SecurityWeek.

SecurityWeek – ​Read More

Google quietly launches AI Edge Gallery, letting Android phones run AI without the cloud

/in

Credit: VentureBeat made with Midjourney

Google quietly launched AI Edge Gallery, an experimental Android app that runs AI models offline without internet, bringing Hugging Face models directly to smartphones with enhanced privacy.Read More

Security News | VentureBeat – ​Read More