Security Bulletin

Threat actors have been distributing the novel Antidot Android banking trojan as fraudulent Google Play updates to facilitate credential compromise and other malicious actions, SecurityWeek reports.

More phishing campaigns have been leveraging the Latrodectus malware loader since March, with the loader updated with more extensive enumeration and execution capabilities, as well as self-delete functionality, according to The Hacker News.

Fraudulent Google ads for the WinSCP and PuTTy utilities have been leveraged to attempt ransomware distribution as part of a malvertising campaign against Windows system administrators, reports BleepingComputer.

Cryptojacking operation Kinsing, also known as H2Miner, had its botnet strengthened with the addition of new security vulnerabilities, reports The Hacker News.

Security Affairs reports that North Korean state-sponsored cyberespionage operation Kimsuky, also known as APT43, Springtail, Black Banshee, Velvet Chollima, Thallium, and ARCHIPELAGO, has been targeting South Korean entities with the new Gomir Linux...

Nearly 1,500 banks across more than 60 countries had their customer accounts targeted in a widespread Grandoreiro banking trojan campaign, which commenced just two months after the trojan was dismantled in an international law enforcement operation...

The Whole of State program is now providing State and Local Cybersecurity Grant Program funds to measure the cybersecurity health of city and local agencies. Find out the three key areas you need to focus on to make it a success for your community.

Antidot uses overlay attacks and keylogging to target users' financial data.

Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability CVE-2023-43208 NextGen Healthcare Mirth Connect...

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 8theme--XStore Core Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from...