Npav Lab

Kandji uncovers a September 2025 campaign where attackers clone Homebrew sites to inject malware like Odyssey Stealer via clipboard tricks—exploit C2 servers and bypass trust; mitigate by verifying sources and using endpoint monitoring.

Sophos exposes Maverick Menace, a self-spreading Android worm using WhatsApp ZIP lures to disable Defender/UAC, hijack sessions with Selenium, and deploy trojan for bank/crypto theft—hits 400+ environments; verify attachments and use behavioral antivirus to protect.

Attackers use zero-day in Edge's IE Mode Chakra engine to trick users into legacy reloads, enabling RCE and SYSTEM access for malware. Microsoft disabled easy triggers—configure manually via Settings, migrate from IE, and prioritize modern web standards to stay secure.

IT pro in Pune scammed ₹3.66 crore via WhatsApp group and bogus trading app granting remote access—fake profits lured investments. Expert tips: Use official apps, enable 2FA, verify before investing—report to cyber cell to stay safe.

"Trinity of Chaos" group (Muddled Libra, Bling Libra, LAPSUS$) steals 1B Salesforce records targeting retail/hospitality; launches DLS October 3, 2025, with FBI seizure October 9. EaaS model enables fraud—implement zero trust and ISAC intel to defend against data theft.

Indian scammers use WhatsApp fake ticket alerts to push RAT-infected mParivahan apps, stealing OTPs, spying via camera, and draining banks. Download from official stores, update OS, use antivirus—report to 1930 if hit to stay safe.

High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.

New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.

FortiGuard Labs exposes Chaos ransomware's aggressive C++ upgrade—selective encryption, large file deletion, and Bitcoin wallet swapping via clipboard hijack. This RaaS threat from ex-BlackSuit actors targets big-game hunting; bolster backups and detection to counter faster, multifaceted attacks.

Sophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers.