Cybercriminals are continuing to refine both delivery tactics and evasion techniques to infiltrate systems more effectively. One recent campaign involves the BeatBanker Android banking trojan being disguised as a fake Starlink mobile application, allowing attackers to take control of infected devices and steal sensitive banking credentials. In parallel, researchers uncovered the Zombie ZIP technique that hides malicious payloads within specially crafted ZIP files to slip past security scanners. Moreover, the A0Backdoor malware has been observed spreading through Microsoft Teams impersonation combined with Quick Assist social engineering, enabling attackers to trick victims into granting remote access to their systems. Keep reading for more.
01
The BeatBanker Android banking trojan is being distributed as a fake Starlink mobile app, enabling attackers to hijack devices, intercept banking credentials, and perform fraudulent transactions.
02
The Zombie ZIP technique is a novel archive-based evasion method that allows malware to bypass security tools by embedding malicious files inside specially crafted ZIP archives.
03
ESET detailed renewed activity from the Sednit (APT28) threat group, which has resumed targeted espionage operations using updated malware toolsets and phishing campaigns.
04
The A0Backdoor malware has been found spreading through Microsoft Teams impersonation and Quick Assist social engineering, allowing attackers to gain remote access to compromised systems.
05
Security analysts discovered path traversal and authentication vulnerabilities in Navtor NavBox maritime navigation systems, which could expose sensitive vessel network data and potentially allow unauthorized access to onboard systems.
06
A SQL injection (SQLi) vulnerability in the Elementor Ally plugin is impacting more than 250,000 WordPress sites, enabling attackers to extract sensitive database information.
07
Researchers reported the resurgence of the PhantomRaven campaign, which targets open-source software ecosystems to compromise developer environments through malicious package dependencies.
08
Google released a Chrome security update addressing 29 vulnerabilities, including several high-severity flaws that could lead to memory corruption and potential exploitation.
09
Cisco addressed two high-severity vulnerabilities (CVE-2026-20040 and CVE-2026-20046) in IOS XR Software that allow privilege escalation and root command execution.
10
Threat actors are abusing Cloudflare’s infrastructure to mask phishing sites, using its security features to evade detection and prolong malicious campaigns.
