Along with free smartphones, AT&T is offering eligible customers 50% off Google’s new PixelSnap accessories. This article has been indexed from Latest news Read the original article: AT&T will give you a free Google Pixel 10 Pro for a limited…
A new security flaw in TheTruthSpy phone spyware is putting victims at risk
Exclusive: Hackers can take over the accounts of TheTruthSpy spyware customers, putting their victims’ private phone data at risk thanks to a new security flaw. This article has been indexed from Security News | TechCrunch Read the original article: A…
OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance. The post OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail…
Fake Telegram Premium Website Spreads Lumma Stealer Malware
Cybersecurity researchers have uncovered a malicious campaign that uses a fraudulent Telegram Premium website to distribute a dangerous variant of the Lumma Stealer malware. According to a report by Cyfirma, the fake domain telegrampremium[.]app closely imitates the official Telegram…
Proxyware Malware Poses as YouTube Video Download Site, Delivering Malicious JavaScript
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages. This operation, which mimics legitimate video downloading services, tricks users into installing malicious executables disguised as…
Red teams and AI: 5 ways to use LLMs for penetration testing
<p>Large language models, such as ChatGPT, Gemini and Claude, are redefining how people obtain information and perform their daily tasks. The cybersecurity industry is no different. Teams are using LLMs for everything from security operations center automation to defending against…
New Android Spyware Disguised as an Antivirus Attacking Business Executives
In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward…
Hackers Using PUP Advertisements to Silently Drop Windows Malware
In recent weeks, cybersecurity investigators have uncovered a novel campaign in which hackers leverage seemingly benign potentially unwanted program (PUP) advertisements to deliver stealthy Windows malware. The lure typically begins with ads promoting free PDF tools or desktop assistants that…
Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts
Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download…
IT Security News Hourly Summary 2025-08-25 18h : 18 posts
18 posts were published in the last hour 16:4 : Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data 16:4 : How a Meta partnership with Midjourney could inject more AI into future products 16:4 : Need…
15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin
On June 5th, 2025, we received a submission for a Privilege Escalation vulnerability in Dokan Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for an authenticated attacker, with vendor-level permission, to change the password…
Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely…
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
Spoiler: VirusTotal Code Insight’s preliminary audit flagged nearly 8% of MCP (Model Context Protocol) servers on GitHub as potentially forged for evil, though the sad truth is, bad intentions aren’t required to follow bad practices and publish code with critical…
YARA-X 1.0.0: The Stable Release and Its Advantages
Short note for everyone who already lives and breathes YARA: Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/ Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. What changes…
Code Insight Expands to Uncover Risks Across the Software Supply Chain
When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover more file types. Today, we announce that Code Insight can now analyze a broader range of formats crucial…
Applying AI Analysis to PDF Threats
In our previous post we extended VirusTotal Code Insights to browser extensions and supply-chain artifacts. A key finding from that analysis was how our AI could apply contextual knowledge to its evaluation. It wasn’t just analyzing code in isolation, it…
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking…
How a Meta partnership with Midjourney could inject more AI into future products
The move could help Meta push ahead in the AI race. Here’s what you need to know about the partnership and its possible implications. This article has been indexed from Latest news Read the original article: How a Meta partnership…
Need an inexpensive back to school laptop? Get a refurbished MacBook Air for $116
Back Market is offering a refurbished 13-inch MacBook Air with the Intel Core i5 for as low as $116 – one of the lowest prices I’ve ever seen, ahead of Labor Day. This article has been indexed from Latest news…
ClickFix is Compromising Thousands of Devices Daily – Red Flags to Watch
Clever hackers are using ClickFix, a new social engineering technique, to deliver malicious payloads to unsuspecting users and devices around the globe. This article has been indexed from Security | TechRepublic Read the original article: ClickFix is Compromising Thousands of…
Google’s quantum computer just simulated the hidden strings of the Universe
Scientists using Google’s quantum processor have taken a major step toward unraveling the deepest mysteries of the universe. By simulating fundamental interactions described by gauge theories, the team showed how particles and the invisible “strings” connecting them behave, fluctuate, and…
The Apple AirTag just dropped to $17 each when you buy four – Here’s the deal
You can grab a four-pack of Apple AirTags to help monitor keys, wallets, luggage, and more for your summer travels for an all-time low price. This article has been indexed from Latest news Read the original article: The Apple AirTag…
Apple’s iPhone 17 event is right around the corner – here’s everything we know so far
Techtember is less than a week away, and kicking it off will likely be Apple’s iPhone 17 series launch event. This article has been indexed from Latest news Read the original article: Apple’s iPhone 17 event is right around the…