CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
Description: A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,
Source: TheHackerNews
February 19th, 2025 (5 months ago)
Written by: Dan Black Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to...
Description: Written by: Dan Black Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal's popularity among common targets of surveillance and espionage activity—such as military personnel, politicians, journalists, activists, and other at-risk communities—has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are g...
Source: Google Threat Intelligence
February 19th, 2025 (5 months ago)
Russian phishing campaigns exploit Signal's device-linking feature
Description: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. [...]
Source: BleepingComputer
February 19th, 2025 (5 months ago)
Russian Hackers Exploit Signal’s Linked Devices to Spy on Users
Description: Google’s Threat Intelligence Group (GTIG) has uncovered a series of cyber-espionage campaigns by Russian state-aligned hackers targeting Signal Messenger accounts. These operations, attributed to groups such as APT44 (Sandworm), UNC5792, UNC4221, and Turla, aim to compromise secure communications used by military personnel, politicians, and activists. By abusing Signal’s “linked devices” feature, these actors gain persistent … The post Russian Hackers Exploit Signal’s Linked Devices to Spy on Users appeared first on CyberInsider.
Source: CyberInsider
February 19th, 2025 (5 months ago)
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Description: Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and
Source: TheHackerNews
February 19th, 2025 (5 months ago)
Insight Partners Investigates Data Breach Following Cyberattack
Description: Venture capital and private equity firm Insight Partners has confirmed a cyberattack that exposed its internal systems to an unauthorized third party. The attack, which occurred on January 16, 2025, was executed through a sophisticated social engineering scheme. While the firm is still investigating the full impact, concerns remain over the potential exposure of sensitive … The post Insight Partners Investigates Data Breach Following Cyberattack appeared first on CyberInsider.
Source: CyberInsider
February 19th, 2025 (5 months ago)
London celebrity talent agency reports itself to ICO following Rhysida attack claims
Source: TheRegister
February 19th, 2025 (5 months ago)
Multiple cross-site scripting vulnerabilities in Movable Type
Description: Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities.
Source: Japan Vulnerability Notes (JVN)
February 19th, 2025 (5 months ago)
RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
Description: RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. contain an incorrect resource transfer between spheres vulnerability.
Source: Japan Vulnerability Notes (JVN)
February 19th, 2025 (5 months ago)
North Korea's Kimsuky Taps Trusted Platforms to Attack South Korea
Description: The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
Source: Dark Reading
February 19th, 2025 (5 months ago)