The phishing emails, sent under the name “Binance,” urge recipients to claim newly launched Trump-themed cryptocurrency. A link directs users to a counterfeit Binance website that mimics official branding.

According to SlashNext’s research, the Astaroth phishing kit is designed to bypass two-factor authentication (2FA) through a combination of session hijacking and real-time credential interception.

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

Cybersecurity researchers at Morphisec Threat Lab discovered a new version of the sophisticated ValleyRAT malware distributed through various channels including phishing emails, instant messaging platforms, and compromised websites.

Interestingly, unlike typical skimmers that target checkout pages, this one targeted the cart page. It intercepted the checkout button click and presented users with a fake, multi-step payment form within a pop-up window.

Researchers revealed a network of malicious repositories offering seemingly legitimate content such as game hacks, cracked software, and free cryptocurrency tools, all designed to lure unsuspecting users into downloading and executing harmful code.

This campaign resulted in compromising over 18,459 devices globally. The stolen data included sensitive information like browser credentials, Discord tokens, Telegram data, and system information from the compromised devices.

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version.

Cybercriminals use eBPF rootkits to conceal their presence and drop remote access trojans capable of tunnelling traffic and maintaining communication within private networks.

A high-severity access control flaw in Dell Power Manager allows privilege escalation. Attackers with local access can execute arbitrary code, bypass security measures, and compromise system confidentiality, integrity, and availability.