Introduction The Zscaler ThreatLabz team recently observed a surge in tech-support scams, with a noteworthy focus on the utilization of Windows Action Center notifications to display misleading warning messages to users. While the majority of tech-support scams previously centered around counterfeit notifications related to Windows Defender, scammers have since expanded their tactics to include bogus […]
An individual employed by a Washington DC-based organization with international offices was targeted with powerful hacking software made by NSO Group, researchers have claimed, raising new concerns about the proliferation of spyware that can infect Apple devices. The alleged attack was discovered by researchers at the Citizen Lab at the Munk School at the University […]
A relatively unknown threat group W3LL, which started six years ago with a custom tool for bulk email spam, is now running a massive operation by selling a phishing kit that targets Microsoft 365 business email accounts. According to researchers from Group-IB, the group has gone to great lengths to stay under the radar while […]
Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.
In addition to targeting researchers with 0-day exploits, the threat actors also developed a standalone Windows tool that has the stated goal of ‘download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers.’ The source code for this tool was first published on GitHub on September 30, 2022, with several updates […]
Attackers are targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool in a cryptocurrency-mining campaign that’s been ongoing since at least November 2021. The campaign abuses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals — such as […]
Sep 08, 2023THNZero Day / Cyber Attack Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social […]
⚠️ September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this. Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package […]
Last updated 30 August, 2023 We’ve teamed up with AIAIAI to offer you the chance to win one of five pairs of their brand-new TMA-2 DJ XE headphones in this free prize draw. The AIAIAI TMA-2 DJ XE are designed to appeal specifically to DJs who need durable design and custom-tuned audio for practising and […]