New and evolving threats continue to surface across the cybersecurity landscape. The Android malware Albiriox, offered under a MaaS model, is targeting over 400 apps for on-device fraud, screen manipulation, and remote control. Meanwhile, Pakistan-linked APT36 has broadened its espionage operations with Python-based ELF malware aimed at Linux-based BOSS systems used in Indian government institutions. At the same time, cybercriminals are escalating holiday-season fraud by deploying tens of thousands of fake retail and holiday-themed domains and selling over 1.57 million stolen retailer credentials on the dark web. Keep reading for more.
01
A new Android malware named Albiriox has emerged under a malware-as-a-service (MaaS) model, targeting over 400 apps for on-device fraud (ODF), screen manipulation, and remote control.
02
Pakistan-linked APT36 group has expanded its cyberespionage campaign by deploying Python-based ELF malware targeting Linux-based BOSS operating systems in Indian government institutions.
03
A sophisticated cyber campaign has been uncovered in which attackers leveraged a private OAST service hosted on Google Cloud to exploit over 200 CVEs against Brazilian systems using custom tools and modified scanning templates.
04
Operation Hanoi Thief is targeting IT professionals and HR recruiters in Vietnam with fake-resume spear-phishing emails that use malicious shortcut files to trigger a multi-stage infection chain ending in the LOTUSHARVEST DLL implant, which steals browser credentials and history.
05
A new AI browser vulnerability, HashJack, has been exploiting the ‘#’ symbol in URLs to hide malicious commands, targeting AI assistants like Google’s Gemini, Microsoft’s Copilot, and Perplexity’s Comet.
06
The "Contagious Interview" campaign has infiltrated the npm ecosystem, adding 197 malicious packages and achieving over 31,000 downloads, targeting blockchain and Web3 developers.
07
Cybercriminals are ramping up holiday-season fraud by registering over 18,000 holiday-themed and 19,000 fake retail domains for phishing, typosquatting, SEO poisoning, and payment skimming, while more than 1.57 million stolen retailer credentials are being sold on the dark web alongside automated attack tools.
08
Over 2,000 fake shopping sites impersonating major brands like Amazon, Apple, and Samsung were uncovered ahead of Black Friday and Cyber Monday, using phishing kits, fake urgency tactics, and fraudulent payment pages to steal personal and financial information.
09
A critical remote code execution vulnerability in Microsoft Outlook, named "MonikerLink" (CVE-2024-21413), has been disclosed with a PoC exploit. The vulnerability allows attackers to execute arbitrary code through specially crafted emails.
10
CISA added CVE-2021-26829 to its KEV catalog after confirming active exploitation, including by pro-Russian group TwoNet, which abused the OpenPLC ScadaBR XSS flaw while mistakenly targeting a honeypot posing as a water treatment system.
