Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module…
Tag: EN
Iran-linked group Handala claims to have breached three major UAE organizations
Iran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major cyberattack against the UAE, targeting Dubai Courts Department, Dubai Land Department, and Dubai…
Fake Claude Website Distributes PlugX RAT
The malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself. The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fake…
Seized VerifTools servers expose 915,655 fake IDs, 8 arrested
On April 7 and 8, Dutch police arrested eight suspects in a nationwide operation targeting users of the VerifTools platform as part of an identity fraud investigation. The suspects, all men aged 20 to 34, are accused of identity fraud,…
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement NHS England is spending £46,000 on “benchmarking” as it gears up for what looks like the next round of negotiations behind one of the UK public sector’s biggest software deals.… This…
UK Cyber Security Council Launches Associate Cyber Security Professional Title
The UK Cyber Security Council has unveiled a new Associate Cyber Security Professional title aimed at supporting early‑career cybersecurity professionals This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Cyber Security Council Launches Associate Cyber Security Professional…
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
A critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score…
JanelaRAT: a financial threat targeting users in Latin America
Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates. This article has been indexed from Securelist Read the original article: JanelaRAT: a financial threat targeting users in Latin America
A week in security (April 6 – April 12)
A list of topics we covered in the week of April 6 to April 12 of 2026 The post A week in security (April 6 – April 12) appeared first on Security Boulevard. This article has been indexed from Security…
Operation Atlantic Seizes $12m in Crypto Losses
UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access This article has been indexed from www.infosecurity-magazine.com Read the original article: Operation Atlantic Seizes $12m in…
Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access
A critical security flaw found in a widely used WordPress plugin is putting thousands of websites at serious risk worldwide. Tracked as CVE-2026-1492, this vulnerability affects the User Registration & Membership plugin for WordPress and lets attackers completely bypass the…
Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset
Microsoft has officially acknowledged that recent security updates for Windows 11 are causing the “Reset this PC” (Push-button reset) recovery feature to fail. The issue was confirmed in the release notes for the March 2026 hotpatch updates, affecting systems running…
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices. The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek. This article has been indexed from…
APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack
APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continued evolution of APT37’s social engineering…
CPUID watering hole attack spreads STX RAT malware
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got…
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to…
Apache Tomcat Flaws Enable EncryptInterceptor Bypass
The Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The newly…
Adobe patches zero-day, Marimo flaw exploited, Venice flood threat
Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you…
Are scammers trying to profit from the 2028 Summer Olympics ticket sales?
Yes, they are. The 2028 Summer Olympics in Los Angeles tickets are now officially available for lucky users who registered for the draw and received… The post Are scammers trying to profit from the 2028 Summer Olympics ticket sales? appeared…
Uber Delivery Robots Defaced In Sheffield
Autonomous robots making food deliveries for Uber Eats in Sheffield suburb defaced only days after initial rollout This article has been indexed from Silicon UK Read the original article: Uber Delivery Robots Defaced In Sheffield