Search engines are turning into cyber minefields as attackers hijack ads to deploy malware. A recent Google ad campaign posed as Cisco AnyConnect, using a stolen webpage from a German university to appear credible. The Lazarus Group is back with another deceptive campaign, leveraging fake LinkedIn job offers to infiltrate victims' systems. The North Korea-linked threat actor is tricking professionals into downloading a cross-platform infostealer disguised as job-related documents. Cybercriminals are flooding India with fake banking apps, preying on users looking for trusted financial services. Read on for more.
01
A recent malicious Google ad campaign impersonated Cisco AnyConnect, using a stolen German university webpage as a decoy and redirecting real victims to a phishing site with NetSupport RAT.
02
The North Korea-linked Lazarus Group is conducting an active campaign using fake LinkedIn job offers to capture credentials and deliver a cross-platform infostealer.
03
North Korean hacking group Kimsuky has been spotted using spear-phishing attacks to deliver the forceCopy malware. The attacks involve various malware tools including PEBBLEDASH, RDP Wrapper, and a custom keylogger.
04
A campaign is distributing NOVA stealer, targeting Russian organizations. The malware is a new version of SnakeLogger and is offered as MaaS on underground forums.
05
A series of fake banking apps, designed to look like trusted financial institutions to steal personal information and money, is targeting India. Researchers identified nearly 900 types of malware connected to around 1,000 phone numbers to conduct this fraud.
06
A new Facebook-focused phishing campaign targeting hundreds of companies has been discovered, affecting over 12,000 email addresses primarily in the EU, the U.S., and Australia.
07
Ransomware payments decreased by 35% in 2024 despite increased attack frequency, totaling $812.55 million compared to $1.25 billion in 2023, as per Chainalysis.
08
Cisco has released updates to fix two critical security flaws in the Identity Services Engine (ISE), which could allow remote attackers to run commands and gain higher access on affected devices.
09
The FCC has proposed a $4.5 million fine against Telnyx for allegedly allowing robocalls impersonating an FCC Fraud Prevention Team due to inadequate KYC procedures.
10
AI-powered code security platform Semgrep raised $100 million in a Series D funding round led by Menlo Ventures, with participation from Felicis Ventures, Harpoon Ventures, and others.
