Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve DoS or send arbitrary files to a target's device without their approval.

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration.

VARGEIT offers the ability to load tools directly from its command-and-control (C&C) server to a newly spawned process of Microsoft Paint ("mspaint.exe") to facilitate reconnaissance, collection, and exfiltration.

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals.

Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls). The attack chain involves the use of a phishing email as a starting point.

FIN7 has been linked to a Python-based backdoor called Anubis that can grant them remote access to compromised Windows systems. This malware allows attackers to execute remote shell commands and other system operations.

The attack chains involve the use of provisioning packages (.ppkg), signed Microsoft Windows Installer files (.msi), and .msc files to deliver information stealers and backdoors that are capable of persistence and data theft.

As with other banking trojans of its kind, the malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions. An analysis of the source code and the debug messages revealed that the author is Turkish-speaking.

A Pakistan-linked APT group has been found creating a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of EDRKillShifter to disable endpoint security software, according to ESET.