A newly discovered vulnerability, Count(er) Strike, enables unauthorized users to extract sensitive data from the widely used ServiceNow service management suite.
Posted inCybersecurity News

A newly discovered vulnerability, Count(er) Strike, enables unauthorized users to extract sensitive data from the widely used ServiceNow service management suite.

A newly discovered vulnerability in ServiceNow, dubbed "Count(er) Strike, allows low-privileged—and in some cases, unauthenticated—users to extract sensitive data from ServiceNow tables, even when they should have no access to that information. With thousands of organizations relying on ServiceNow for workflow automation and sensitive business processes, the potential impact is especially concerning.
A New Android vulnerability, TapTrap, bypasses Android protections using an ingenious invisible user interface.
Posted inCybersecurity News

A New Android vulnerability, TapTrap, bypasses Android protections using an ingenious invisible user interface.

A newly uncovered Android vulnerability, dubbed TapTrap, is raising concerns among cybersecurity experts for its ability to bypass Android’s permission system using a highly deceptive invisible user interface (UI) technique. This attack, developed by researchers at TU Wien and the University of Bayreuth, leverages UI animations to trick users into performing sensitive actions—such as granting permissions or even wiping their devices—without their knowledge.
U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.
Posted inCybersecurity News

U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.

The U.S. Department of the Treasury recently imposed sanctions on Song Kum Hyok, a North Korean cyber operative linked to the notorious Andariel hacking group. This action targets his central role in orchestrating a fraudulent IT worker scheme that generated illicit revenue for the North Korean regime, supporting its weapons of mass destruction (WMD) and ballistic missile programs.
An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.
Posted inCybersecurity News

An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.

An Iranian ransomware-as-a-service (RaaS) operation with direct ties to a government-backed cyber group has reemerged after nearly five years of inactivity, posing a renewed threat to organizations in the United States and Israel. The group, operating under the name Pay2Key.I2P, is actively recruiting cybercriminals and offering substantial financial incentives to affiliates who successfully compromise high-value targets.
Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.
Posted inCybersecurity News

Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.

A recent investigation by the security team at Koi Security has brought to light a significant threat affecting millions of internet users. The team identified a coordinated campaign involving 18 malicious browser extensions that remain accessible on both the Google Chrome and Microsoft Edge web stores. These extensions have collectively impacted over 2.3 million users, making this one of the most extensive browser hijacking operations in recent years.
Malware researchers – here’s how to download a browser extension without installing it.
Posted inLabs and Lessons

Malware researchers – here’s how to download a browser extension without installing it.

Downloading a browser extension without immediately installing it can be useful for offline installation, security analysis, or archival purposes. While most users add extensions directly through their browser’s web store, there are several professional methods to obtain the extension package file—typically a .crx file for Chrome and Edge—without triggering installation. Below, we outline the most effective approaches.
The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.
Posted inCybersecurity News

The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.

The Anatsa banking trojan, also known as TeaBot, has once again breached the security of the Google Play Store, posing a significant threat to Android users—particularly those banking with US financial institutions. This sophisticated malware campaign underscores the evolving tactics of cybercriminals and the ongoing challenges facing mobile app marketplaces.
Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”
Posted inCybersecurity News

Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Microsoft Visual Studio Code (VS Code) extension “Ethcode,” a tool widely used by Ethereum smart contract developers. The malicious activity highlights the growing risks associated with third-party software components in modern development environments.