Npav Lab

Microsoft has officially launched Windows Server 2025, bringing a host of exciting new features and improvements for businesses looking to leverage cutting-edge technology for their infrastructure. Available from November 1st, 2024, Windows Server 2025 delivers significant advancements in virtualization, security, and storage. 

A dangerous new Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices by bypassing security measures and exploiting Android’s accessibility features to facilitate fraudulent money transfers. With roots in the TgToxic malware, ToxicPanda is suspected to be the work of a Chinese-speaking threat actor targeting bank customers in Europe and Latin America.

The newly emerged Interlock ransomware is designed to specifically target FreeBSD servers, exploiting the OS's prevalence in critical infrastructure environments. This ransomware operation, active since late September 2024, has already compromised several organizations, using a unique FreeBSD-based encryptor to execute double-extortion attacks, leaving critical services vulnerable.

The latest variant of the FakeCall malware has taken vishing attacks to a new level, hijacking Android devices to intercept banking calls and manipulate call interfaces. This highly sophisticated malware leverages accessibility permissions to gain control over calls, messages, and other sensitive data, tricking users into sharing critical financial information.

A large-scale ransomware campaign targeting over 22,000 CyberPanel instances has leveraged a critical remote code execution vulnerability to infiltrate servers and encrypt files. Known as the PSAUX ransomware, this attack exploits authentication flaws, command injection vulnerabilities, and security filter bypasses in CyberPanel version 2.3.6, leading to mass outages and compromised data security.

Cybersecurity researchers have identified a significant rise in phishing attacks utilizing Webflow, a legitimate website builder. These attacks target sensitive login information for various cryptocurrency wallets and corporate webmail platforms. With a tenfold increase in phishing traffic between April and September 2024, the campaigns highlight the growing sophistication of cybercriminals leveraging legitimate tools to deceive users.

This Diwali, light up your digital life with complete protection from Net Protector. Celebrate worry-free with our powerful, fast, and multilayered security solutions, keeping your devices safe from cyber threats.

TeamTNT, a notorious hacking group specializing in cryptojacking, has unleashed a new wave of cyberattacks aimed at cloud-native environments. Exploiting exposed Docker APIs, the group is deploying malware and cryptominers, utilizing breached Docker instances for cryptocurrency mining and renting the compromised infrastructure for profit. This multi-stage campaign highlights the need for vigilant cloud security to prevent unauthorized access and cryptomining activity.

Fortinet has disclosed an actively exploited critical vulnerability, CVE-2024-47575, impacting FortiManager and FortiAnalyzer devices, which has been attributed to threat cluster UNC5820. This flaw, labeled FortiJump, enables remote unauthenticated attackers to execute arbitrary code on compromised systems, allowing for data exfiltration and potential lateral movement across enterprise networks. The U.S. CISA has flagged this vulnerability for immediate federal agency action, urging rapid patching to prevent unauthorized access and data theft.

A new variant of the Qilin (Agenda) ransomware, known as Qilin.B, has been discovered with enhanced encryption methods, improved evasion techniques, and capabilities to disrupt data recovery. This strain targets both Windows and network systems, making it a serious threat to enterprises across various sectors.