top of page

ALL POSTS

Nexcorium Mirai Variant Exploits TBK DVR Vulnerability to Build DDoS Botnet

Key Findings Fortinet's FortiGuard Labs discovered Nexcorium, a new Mirai variant targeting DVR devices globally to build a DDoS botnet Attackers exploit CVE-2024-3721, a command injection vulnerability in TBK DVR-4104 and DVR-4216 models, to gain remote access The malware displays a "NexusCorp has taken control" message, attributed to the Nexus Team based on code signatures Nexcorium supports multiple processor architectures and uses extensive persistence methods to survive

Four New Android Malware Families Target 800+ Apps Globally

Key Findings Four new Android malware families identified by Zimperium zLabs: RecruitRat, SaferRat, Astrinox, and Massiv Campaigns actively targeting over 800 banking and cryptocurrency applications Malware employs overlay attacks to steal credentials and sensitive data Capable of intercepting one-time passwords and recording screen activity Distribution methods include phishing, smishing, and fake job recruitment sites Background Zimperium zLabs cybersecurity researchers hav

The Global Race to Quantum-Proof Internet Infrastructure Intensifies

Key Findings Quantum computing threat has shifted from theoretical to immediate, with uncertainty about timing creating urgent need for action now "Harvest now, decrypt later" attacks mean sensitive data collected today could be retroactively exposed once quantum capabilities emerge Digital signature compromise could enable attackers to impersonate individuals, institutions, and blockchain wallets across entire systems Global cryptographic migration is the real bottleneck, no

Microsoft Defender Zero-Days Under Active Exploitation; Patches Released for Two Vulnerabilities

Key Findings Three Microsoft Defender zero-day vulnerabilities are being actively exploited in the wild by threat actors BlueHammer (CVE-2026-33825) has been patched as of April Patch Tuesday; RedSun and UnDefend remain unpatched All three flaws were released by researcher Chaotic Eclipse in response to Microsoft's vulnerability disclosure handling BlueHammer and RedSun enable local privilege escalation while UnDefend causes denial-of-service and blocks security definition up

Operation PowerOFF Takes Down 53 DDoS Domains, Reveals 3 Million Criminal Accounts

Key Findings 53 DDoS-for-hire domains seized across 21 countries in coordinated operation Four suspects arrested in connection with commercial DDoS services Databases containing over 3 million criminal user accounts accessed More than 75,000 cybercriminals identified and warned via email and letters 25 search warrants issued as part of ongoing investigation Operation PowerOFF demonstrates escalating law enforcement focus on dismantling DDoS infrastructure Background Operation

ZionSiphon: Critical Infrastructure Malware Targeting Israeli Water Systems

Key Findings New malware strain named ZionSiphon discovered targeting Israeli water treatment and desalination plants Malware designed to alter chlorine levels and water pressure in critical infrastructure systems Contains hardcoded targeting for specific Israeli facilities and IP ranges Includes political messaging supporting Iran, Yemen, and Palestine Critical flaw in targeting logic prevents malware from executing payload, rendering current sample ineffective Threat actors

Hidden Passenger: Taboola's Routing of Authenticated Banking Sessions to Temu Exposed

Key Findings A European bank's approved Taboola pixel silently redirected authenticated users to a Temu tracking endpoint without bank knowledge or user consent The redirect chain exploited "first-hop bias" — security tools validate the declared origin domain but not the runtime destination of 302 redirects Temu's tracking pixel included Access-Control-Allow-Credentials headers, enabling cross-origin cookie access to the banking session Standard security controls including WA

PowMix Botnet Targets Czech Workforce with Randomized Command-and-Control Traffic

Key Findings PowMix botnet has been actively targeting Czech workforce since at least December 2025 with previously undocumented malware Campaign uses randomized C2 beaconing intervals and encrypted heartbeat data embedded in REST API-mimicking URLs to evade detection Multi-stage attack chain initiated via phishing emails containing malicious ZIP files with Windows Shortcut (LNK) files PowerShell loader employs AMSI bypass techniques to execute botnet payload directly in memo

Cisco Patches Critical Vulnerabilities in Identity Services Engine and Webex Platforms

Key Findings Cisco patched four critical vulnerabilities in Identity Services Engine and Webex with CVSS scores ranging from 9.8 to 9.9 CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user through improper certificate validation CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186 enable authenticated attackers with admin credentials to execute arbitrary code and OS commands No evidence of active exploitation in the wild, but immediate patching is stron

Counterfeit Ledger Live App Drains $9.5M in Cryptocurrency from Apple App Store Users

Key Findings A counterfeit Ledger Live app on Apple's App Store stole approximately $9.5 million from over 50 users between April 7-13, 2024 The fake app was listed under "SAS Software Company" and "Leva Heal Limited," featuring convincing branding and fake positive reviews Victims lost funds across Bitcoin, Ethereum, Solana, Tron, and XRP networks, indicating a multi-chain attack Stolen assets were routed through 150+ KuCoin deposit addresses and then sent through a centrali

UAC-0247's Expanding Cyber Campaign: Ukrainian Clinics and Government in Data-Theft Malware Crosshairs

Key Findings UAC-0247 conducted a targeted campaign against Ukrainian government agencies and municipal healthcare facilities between March and April 2026 Attack chain begins with phishing emails posing as humanitarian aid proposals, using either AI-generated fake sites or legitimate sites compromised via XSS vulnerabilities Malware payload steals sensitive data from Chromium-based browsers and WhatsApp through multiple custom and open-source tools Evidence suggests Ukrainian

n8n Webhooks Exploited Since October 2025 in Malware Distribution Campaign

Key Findings Threat actors have weaponized n8n webhooks since October 2025 to deliver malware and fingerprint devices through phishing campaigns Malicious emails containing n8n webhook URLs appear legitimate because they originate from trusted n8n domains Email volume containing these URLs increased 686% from January 2025 to March 2026 Two primary attack methods observed: malware delivery via fake document links and device fingerprinting using invisible tracking pixels Attack

Mirax Malware Campaign Compromises 220,000 Accounts With Complete Remote Access Capabilities

Key Findings Mirax, a new Android RAT, infected over 220,000 users primarily in Spanish-speaking regions through Meta platform advertisements The malware grants attackers full remote control of devices and converts them into SOCKS5 residential proxies for routing malicious traffic Distribution uses a multi-stage attack combining phishing sites, fake streaming apps, and GitHub-hosted droppers with strong obfuscation Mirax operates as an exclusive malware-as-a-service limited t

OpenAI Expands Cyber Defense Program: GPT-5.4-Cyber Now Available to Security Teams

Key Findings OpenAI unveiled GPT-5.4-Cyber, a cybersecurity-focused variant of its flagship GPT-5.4 model optimized for defensive security operations The company is expanding its Trusted Access for Cyber (TAC) program to thousands of individual defenders and hundreds of security teams GPT-5.4-Cyber has already contributed to over 3,000 critical and high-severity vulnerability fixes through the Codex Security application Access will be controlled through Know-Your-Customer ver

PHP Composer Vulnerabilities Allow Remote Code Execution Through Perforce Integration

Key Findings Two high-severity command injection vulnerabilities discovered in PHP Composer's Perforce VCS driver CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8) allow arbitrary command execution through malicious repository configs and crafted inputs Patches released: Composer 2.9.6 (mainline) and 2.2.27 (LTS) No active exploitation detected on Packagist.org or Private Packagist as of April 10, 2026 Perforce metadata publishing temporarily disabled as precaution Back

ShinyHunters Claims Responsibility for Rockstar Games Breach, Begins Data Leaks

Key Findings ShinyHunters claims to have breached Rockstar Games through third-party cloud provider Anodot, accessing 8.1GB of data Leaked files include anti-cheat source code, player analytics, game assets, support tickets, and financial information Group set April 14, 2026 deadline for ransom payment, threatening data release and "digital disruption" Rockstar minimized impact, stating only non-material corporate information was accessed with no effect on operations or playe

Microsoft Patch Tuesday April 2026 - Critical Vulnerabilities and Snort Detection Rules

Key Findings Microsoft released 165-167 critical and important security updates in April 2026, marking one of the largest Patch Tuesday releases on record Eight vulnerabilities marked critical, including remote code execution flaws in Windows TCP/IP, IKE, Active Directory, and multiple Office applications CVE-2026-32201 SharePoint spoofing vulnerability already exploited in the wild, enabling phishing and social engineering attacks CVE-2026-33825 BlueHammer Windows Defender p

Booking.com Data Breach: Hackers Accessed Customer Information, Systems Now Secured

Key Findings Booking.com confirmed a targeted data breach affecting reservation records Exposed data includes names, email addresses, phone numbers, postal addresses, and booking details Payment information was not accessed Company has not disclosed the number of affected users or attack methodology Reservation PIN codes have been reset as a precaution Over 100 million users accessed the mobile app in 2024, amplifying breach severity Attackers can now leverage booking data to

Attackers Exploiting Unpatched ShowDoc Servers Via CVE-2025-0520

Key Findings Critical remote code execution vulnerability CVE-2025-0520 in ShowDoc is under active exploitation in the wild with a CVSS score of 9.4 Unrestricted file upload flaw allows unauthenticated attackers to deploy web shells and execute arbitrary code on vulnerable servers Vulnerability affects all ShowDoc versions prior to 2.8.7, which was released in October 2020 Over 2,000 exposed ShowDoc instances remain online, with the majority located in China Threat actors hav

iPhone Forensics Reveal Recoverable Signal Messages Despite App Deletion

Key Findings FBI forensically recovered incoming Signal messages from an iPhone after the app was deleted, contradicting common privacy assumptions Messages were extracted from Apple's push notification database, not by breaking Signal's encryption Only incoming messages were recovered, not outgoing ones, due to how iOS processes notifications iOS maintains persistent notification databases that survive app removal and can be accessed through forensic tools Users commonly mis

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page