3+ hour, 52+ min ago  (452+ words) These threat actors are employing sophisticated phishing campaigns designed to steal verification codes and account PINs. In a joint Public Service Announcement (PSA) published on June 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)…...

6+ hour, 37+ min ago  (532+ words) The sample set and telemetry analyzed by Group-IB show the RAT embeds its entire configuration inside an RCDATA resource, masks that configuration with Base64 plus a custom XOR layer using a hardcoded password, and then leverages the Telegram Bot API via…...

5+ hour, 43+ min ago  (366+ words) UNC1151 tracked by many as Ghostwriter or Frosty Neighbor has advanced a credential-phishing technique that uses a real-time Web Socket relay to defeat SMS and OTP-based multi-factor authentication (MFA). The method was observed in a recent campaign that targeted Belarusian politician…...

7+ hour ago  (606+ words) DCloud Uni-App has become a mass-production layer for fraud, with more than 236, 000 distinct scam domains tied to a sprawling ecosystem of fake exchanges, wallet drainers, phishing portals, and investment schemes. The scale matters because it shows scam operations are no…...

7+ hour, 43+ min ago  (381+ words) Rokarolla, a sophisticated Android banking trojan distributed via malicious websites that masquerade as trusted applications such as Tik Tok, Google Chrome and even Google Play Protect. Initial deployment relies on social-engineered sideloading. Victims are lured to fake download portals where…...

2+ day, 3+ hour ago  (466+ words) A critical cloud storage attack technique that exploits a fundamental architectural vulnerability shared across all major cloud service providers. The technique, dubbed cloud bucket hijacking, allows attackers to silently redirect active data streams, including audit logs, telemetry pipelines, and sensitive…...

3+ day, 5+ hour ago  (495+ words) Whats App has introduced a new proactive security feature that warns users before they start conversations with unknown phone numbers. This update, currently being rolled out to both Android and i OS users, adds a trust verification layer at the…...

1+ week, 5+ day ago  (446+ words) A sophisticated malware campaign has been abusing Steam Workshop's sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily targeting gamers in China and Russia. The campaign exploits Wallpaper Engine's "application" wallpaper type essentially standalone…...

1+ week, 5+ day ago  (468+ words) Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Rokarolla uses a two-stage dropper model to…...

1+ week, 5+ day ago  (374+ words) A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the Lite LLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the Git Hub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all…...