fp-3a

Since August 2024, BankBot.Remo variants use WebSocket chunked downloads on spoofed Google Play pages to deliver malware as fake payment/identity apps like IdentitasKependudukanDigital.apk; over 100 Alibaba/Gname domains evade filters—monitor WebSockets and block C2 for defense.

Average breakout time drops to 18 minutes (June-August 2025, per ReliaQuest), fueled by automation and Oyster malware's abuse of rundll32.exe for DLL loading via scheduled tasks. Learn about Gamarue USB attacks, AI-driven malvertising, and defenses like behavioral monitoring.

The npm package "fezbox" (alias janedu) disguises as a JS/TS utility library but hides credential-stealing code in a Cloudinary QR image. Discovered by Socket Threat Research, it uses reversed strings and obfuscation to evade detection—learn risks and defenses like CI/CD scanning and zero-trust dependencies.

Malicious fake online speedtest tools, uncovered September 21, 2025, use obfuscated JavaScript, Node.js, and Inno Setup to exfiltrate system data to C2 servers like cloud.appusagestats[.]com. Learn about XOR-encoded commands, execution risks, and key mitigations like EDR and app whitelisting.

Iranian threat group Nimbus Manticore (UNC1549) targets job seekers with phishing via fake recruitment sites mimicking Boeing and Airbus, delivering evasive malware like MiniJunk and MiniBrowse. Explore tactics, expansion to Western Europe, and essential mitigations for defense and telecom sectors.

Kawa4096 ransomware, active since June 2025, attacks multinational firms using double extortion by stealing data before encryption and threatening public leaks. It employs partial encryption and deletes shadow copies to prevent recovery.

Zero Salarium's EDR-Freeze proof-of-concept uses Windows' MiniDumpWriteDump to freeze EDR and antivirus software indefinitely, offering a stealthy alternative to BYOVD attacks without third-party drivers or detection risks.

Trend Micro warns of cybercriminals using AI to create fake CAPTCHA pages that trick users into revealing sensitive data, boosting phishing success rates and challenging cybersecurity defenses.

A sophisticated phishing attack uses Facebook’s URL redirect service to trick users into entering login credentials on fake pages, stealing emails, phone numbers, and passwords.

A zero-click flaw in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive Gmail data via hidden email prompts. OpenAI patched the service-side vulnerability in 2025 to prevent stealthy data leaks from its cloud infrastructure.