Even in the cyber underworld, betrayal thrives - hackers have turned on their own, weaponizing a trojanized XWorm RAT builder to exploit thousands of devices globally. A deceptive malware campaign is using fake CAPTCHA pages and clipboard hijacking to spread Lumma Stealer, targeting victims across industries globally. In another vein, academics uncovered 119 security vulnerabilities across LTE and 5G systems, including buffer overflows and memory corruption. Read on for the cybersecurity highlights from the weekend.
01
A trojanized version of the XWorm RAT builder was weaponized and spread primarily through a Github repo, targeting script kiddies. The malware compromised over 18,459 devices across Russia, the U.S., India, Ukraine, and Turkey.
02
A new malware campaign is spreading Lumma Stealer via social engineering tactics to trick victims into downloading and executing malware. The campaign uses fake CAPTCHA pages and clipboard hijacking to bypass traditional security defenses.
03
The Singapore-based cryptocurrency platform Phemex experienced a suspected cyberattack, leading to the theft of over $69 million in cryptocurrency.
04
A group of academics has revealed 119 vulnerabilities, linked to 97 unique CVE identifiers, involving seven LTE implementations and three 5G implementations.
05
Cybercriminals are selling access to a new malicious AI chatbot called GhostGPT, designed for activities like creating malware and phishing emails. It's being sold on Telegram.
06
A new threat actor named GamaCopy has been observed imitating the tactics of the Gamaredon hacking group in cyberattacks targeting Russian-speaking entities. GamaCopy drops UltraVNC.
07
A high-severity security flaw (CVE-2024-50050) has been discovered in Meta's Llama LLM framework, allowing attackers to run arbitrary code on the llama-stack inference server.
08
Security researchers found an arbitrary account takeover flaw in Subaru's Starlink service, allowing attackers to track, control, and hijack vehicles in the U.S., Canada, and Japan using just a license plate.
09
Ransomware actors are targeting VMware ESXi bare metal hypervisors by leveraging SSH tunneling to persist on the system undetected to establish persistence, move laterally, and deploy ransomware payloads.
10
AWS is launching a £5 million ($6.5 million) grant program to enhance cybersecurity capabilities in U.K educational institutions. The program aims to provide cloud-based cybersecurity solutions, training courses, and incident response support.
