BleepingComputer reports that numerous Android apps with over four billion downloads are susceptible to the novel Dirty Stream attack, which involves the exploitation of a flaw in Android's content provider system that could enable arbitrary code execution and secrets compromise.
Security Affairs reports that attacks with the novel Cuttlefish malware have been deployed against enterprise-grade small office/home office routers between October 2023 and April 2024 to facilitate the exfiltration of public cloud authentication information.
Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code, according to The Hacker News.
BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have already compromised thousands of Android devices.
Threat actors have leveraged Microsoft Azure and Cloudflare lures to facilitate phishing campaigns deploying the Latrodectus malware downloader, also known as IceNova and Unidentified 111, BleepingComputer reports.
Attacks deploying the Agent Tesla and Taskun malware strains have been launched against U.S. government agencies and educational institutions, reports Hackread.
Attacks deploying a malicious Python backdoor via fraudulent NPM packages spoofing as job interviews have been targeted at software developers by suspected North Korea-linked threat actors as part of the ongoing DEV#POPPER social engineering campaign, according to The Hacker News.