Author Archives: Ravie Lakshmanan

Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it’s removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In).
“Rest assured, our users … Continue reading ExpressVPN Removes Servers in India After Refusing to Comply with Government Order→

A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be potentially weaponized to disrupt a smartphone’s radio communications through a malformed packet.
“Left unpatched, a hacker or a military unit can leverage such a… Continue reading Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones→

The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that’s being used in phishing attacks against Pakistani public and private sector entities.
“Phishing links in emails or posts that mimic legitimate notificatio… Continue reading SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities→

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service (DDoS) attacks for hire.
This includes weleakinfo[.]to, i… Continue reading DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services→

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim.
“Once the email is … Continue reading New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email→

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.
“This Android malware has been spreading aggressively through SMS, stealing passwords, online banking … Continue reading FluBot Android Spyware Taken Down in Global Law Enforcement Operation→

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues.
The findings come from a new tool called YODA that a… Continue reading YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites→

An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research.
“Now it is significantly harder to separate the wheat f… Continue reading New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers→

An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.
“TA413 CN APT spotted [in-the-wild] exploiting the Fo… Continue reading Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability→

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fra… Continue reading Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise→