Category: News
-
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Threat actors misused the open source Velociraptor incident‑response tool and the Visual Studio Code editor to create a covert command‑and‑control tunnel in a recent attack. Learn how the attackers abused legitimate tools and what organisations can do to detect and defend against this novel abuse.
-
Google will verify all Android developers in four countries to combat malicious apps
Google announced that all Android developers in Brazil, Indonesia, Singapore and Thailand must verify their identity by 2026. This new requirement aims to prevent malicious actors from quickly distributing new apps after takedowns. Learn about the timeline and what it means for developers and users.
-
ShadowCaptcha campaign hijacks WordPress sites to deliver ransomware, info‑stealers and cryptominers
The ShadowCaptcha campaign uses compromised WordPress sites to redirect visitors to fake CAPTCHA pages that install information stealers, Epsilon Red ransomware and cryptocurrency miners. Learn how the attack works and how to defend your organization.
-
HOOK Android Trojan adds ransomware overlays and over 100 commands
A new variant of the HOOK Android banking trojan adds a full-screen ransomware overlay triggered by remote commands and expands its arsenal to 107 commands, enabling credential theft, fake overlays and device takeover. Learn about this threat and how to protect yourself.
-
Microsoft’s August 2025 Patch Tuesday fixes 111 flaws, including Kerberos ‘BadSuccessor’ zero day
Microsoft’s August 2025 Patch Tuesday addresses 111 vulnerabilities—16 critical and one Kerberos zero‑day called BadSuccessor. Discover what’s patched and why it matters.
-
77 malicious Android apps with 19 million downloads removed from Google Play
Zscaler researchers discovered 77 malicious apps on Google Play with more than 19 million downloads. These apps delivered Joker, Harly and Anatsa malware. Learn what they do and how to stay safe.
-
CISA adds Citrix and Git vulnerabilities to Known Exploited Vulnerabilities (KEV) catalog
CISA has added three vulnerabilities—two affecting Citrix Session Recording and one in Git—to its Known Exploited Vulnerabilities catalog. Learn why these flaws matter and how to patch them.
-
Allianz Life data breach exposes information of 1.1 million customers
A Salesforce-targeted attack by the ShinyHunters group led to the theft of personal data belonging to 1.1 million Allianz Life customers. Read about what happened and how to protect yourself.
-
Critical Docker Desktop vulnerability allows host hijacking (CVE-2025-9074)
A severe SSRF flaw in Docker Desktop for Windows and macOS (CVE-2025-9074) lets malicious containers hijack the host. Learn how the bug works, who discovered it and how to patch your systems.
-
AI‑Driven Malware PoC Shows How Reinforcement Learning Can Outsmart Microsoft Defender
Introduction Security researchers have long warned that large language models (LLMs) could enable the mass automation of malware development. Until recently those fears were hypothetical, because AI chatbots could only generate simple code or phishing emails【183109028965074†L173-L178】. At the 2025 Black Hat conference, Kyle Avery of Outflank unveiled a proof‑of‑concept (PoC) model that takes those concerns a…
redsec.ninja 