1. FBI Warns of Cybercriminals Exploiting Outdated Routers
The FBI has issued a warning that cybercriminals are increasingly targeting obsolete home and small business routers.
Attackers are leveraging unpatched vulnerabilities in end-of-life routers to create covert networks for launching further cyberattacks, including malware distribution and credential theft. The agency emphasized the importance of upgrading to supported devices and implementing strong password policies. Many of these devices no longer receive security updates, making them an easy target for attackers.
This warning underscores the critical need for timely hardware upgrades and ongoing security hygiene to reduce exposure to cyber threats.
🔗 Read the full article
2. Russian Threat Group Deploys New ‘LostKeys’ Malware in Attacks on Ukraine
A new malware dubbed “LostKeys” has been identified as part of a Russian APT campaign targeting Ukraine.
Researchers at Symantec found that the Russian group, tracked as APT28, used LostKeys alongside a PowerShell-based loader in targeted attacks, likely for espionage. The malware allows attackers to exfiltrate data and maintain persistent access to compromised networks. The campaign is believed to align with ongoing geopolitical tensions and cyber operations linked to the Russia-Ukraine conflict.
This discovery highlights the continuing use of custom malware by nation-state actors and the geopolitical dimensions of modern cyber warfare.
🔗 Read the full article
3. Majority of Browser Extensions Pose Critical Security Risks, Report Finds
A new study reveals that most browser extensions pose significant security risks to users.
Researchers analyzed over 180,000 browser extensions and found that more than 70% had access to sensitive permissions, including the ability to read and change data on all websites. Many extensions also lacked clear privacy policies or were tied to potentially malicious behavior. The findings raise concerns about the lax oversight and potential for abuse in popular browser ecosystems.
Given their widespread use, the report emphasizes the need for stricter extension vetting processes and user awareness of potential threats.
🔗 Read the full article
4. Fake AI Video Tools Spread New ‘Noodlophile’ Infostealer Malware
Cybercriminals are using fake AI video generation tools to distribute a new info-stealing malware called “Noodlophile.”
Victims are lured by fraudulent websites that claim to offer AI-powered video editing capabilities. Once downloaded, the installer drops the Noodlophile malware, which is designed to steal credentials, browser data, and system information. The campaign demonstrates how attackers exploit the growing interest in AI tools to socially engineer victims.
This trend illustrates how cybercriminals are adapting to current tech fads to spread malware more effectively.
🔗 Read the full article
5. Google to Pay $1.375 Billion to Settle Texas Privacy Lawsuit Over Location Tracking
Google has agreed to pay $1.375 billion to settle a lawsuit filed by the state of Texas over deceptive location tracking practices.
The case alleged that Google misled users about how their location data was collected, even when certain settings were disabled. The settlement, one of the largest of its kind, mandates increased transparency and changes in data handling practices by Google. This agreement follows similar cases brought by other U.S. states targeting Big Tech’s handling of user privacy.
This settlement marks a significant moment in ongoing legal efforts to hold major tech companies accountable for user data privacy.
🔗 Read the full article
6. SonicWall Patches Three Vulnerabilities in SMA 100 Series Appliances
SonicWall has released security updates to fix three vulnerabilities in its SMA 100 series appliances.
The flaws include a high-severity stack-based buffer overflow that could allow remote code execution, as well as two medium-severity issues related to command injection and configuration disclosure. These vulnerabilities affect versions prior to 10.2.1.8-37sv, and users are urged to update immediately. No active exploitation has been reported yet, but the flaws pose a serious risk if left unpatched.
Timely patching of network devices is crucial to preventing potential breaches in enterprise environments.
🔗 Read the full article
Stay Informed!
Sign Up for our Weekly Security Newsletter