Malware researchers – here’s how to download a browser extension without installing it.
Posted inLabs and Lessons

Malware researchers – here’s how to download a browser extension without installing it.

Downloading a browser extension without immediately installing it can be useful for offline installation, security analysis, or archival purposes. While most users add extensions directly through their browser’s web store, there are several professional methods to obtain the extension package file—typically a .crx file for Chrome and Edge—without triggering installation. Below, we outline the most effective approaches.
The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.
Posted inCybersecurity News

The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.

The Anatsa banking trojan, also known as TeaBot, has once again breached the security of the Google Play Store, posing a significant threat to Android users—particularly those banking with US financial institutions. This sophisticated malware campaign underscores the evolving tactics of cybercriminals and the ongoing challenges facing mobile app marketplaces.
Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”
Posted inCybersecurity News

Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Microsoft Visual Studio Code (VS Code) extension “Ethcode,” a tool widely used by Ethereum smart contract developers. The malicious activity highlights the growing risks associated with third-party software components in modern development environments.
Computer hacker holding a large metal lock and key
Posted inCybersecurity News

Researchers reveal attack vectors, tools, and infrastructure used by the Gold Melody group, who are exploiting leaked cryptographic Machine Keys from ASP.NET web applications.

A recent threat intelligence report, TGR-CRI-0045, has shed light on the advanced tactics and infrastructure used by a sophisticated initial access broker (IAB) group. This group, tracked as TGR-CRI-0045 and linked to the threat actor known as Gold Melody (also called UNC961 or Prophet Spider), has been implicated in a series of attacks targeting organizations across Europe and the United States. The main sectors affected include financial services, manufacturing, wholesale and retail, high technology, and transportation and logistics.
Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.
Posted inCybersecurity News

Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.

The cyber threat landscape is undergoing a seismic shift, with identity-based attacks reaching unprecedented levels, according to a new report from cybersecurity firm eSentire. The study reveals that the proliferation of Infostealers-as-a-Service (IaaS) and Phishing-as-a-Service (PhaaS) platforms is fueling a dramatic increase in credential theft and subsequent cyber incidents across organizations of all sizes.
SAP releases 27 new security updates, including 6 that address critical vulnerabilities.
Posted inCybersecurity News

SAP releases 27 new security updates, including 6 that address critical vulnerabilities.

SAP announced the release of 27 new and four updated security notes as part of its July 2025 Security Patch Day on Tuesday, July 8, 2025. This comprehensive update addresses a range of vulnerabilities across SAP’s product portfolio, including six critical flaws that could have significant security implications for organizations worldwide.
Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.
Posted inCybersecurity News

Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.

A new report from cybersecurity firm CTM360 has uncovered a vast and sophisticated network of more than 17,000 fake news websites fueling investment fraud on a global scale. The findings, detailed in CTM360’s “BaitTrap” report, highlight the growing threat posed by these so-called Baiting News Sites (BNS), which have been identified in over 50 countries.
Italian authorities have apprehended a suspected key member of China’s state-sponsored cyberespionage group, Silk Typhoon.
Posted inCybersecurity News

Italian authorities have apprehended a suspected key member of China’s state-sponsored cyberespionage group, Silk Typhoon.

Italian authorities have detained Xu Zewei, a 33-year-old Chinese national, at Milan Malpensa Airport on July 3, 2025, following an international warrant issued by the United States. Xu, also known by the aliases Zavier Xu and David Xu, is suspected of being a key member of Silk Typhoon—also known as Hafnium—a notorious Chinese state-sponsored cyberespionage group.
Cybersecurity community raises alarms over RondoDox and its sophisticated exploitation of TKB DVRs and Four-Faith routers.
Posted inCybersecurity News

Cybersecurity community raises alarms over RondoDox and its sophisticated exploitation of TKB DVRs and Four-Faith routers.

A newly discovered botnet, dubbed RondoDox, is raising alarms across the cybersecurity community due to its sophisticated exploitation of vulnerabilities in TBK digital video recorders (DVRs) and Four-Faith routers. By targeting these often-overlooked devices, RondoDox is able to conscript large numbers of endpoints into its network, using them to launch powerful distributed denial-of-service (DDoS) attacks. Researchers say the botnet’s advanced evasion techniques and destructive persistence mechanisms mark a significant escalation in the threat landscape for IoT and networked device security.
Decade-old critical buffer overflow vulnerability in open-source Multi-Router Looking Glass (MRLG) is being actively exploited in the wild.
Posted inCybersecurity News

Decade-old critical buffer overflow vulnerability in open-source Multi-Router Looking Glass (MRLG) is being actively exploited in the wild.

A critical buffer overflow vulnerability, identified as CVE-2014-3931, was discovered in Multi-Router Looking Glass (MRLG), a widely used network diagnostic tool, more than a decade ago. This flaw affects MRLG versions prior to 5.5.0 and poses a significant security risk, as it allows remote attackers to execute arbitrary code, potentially compromising the integrity and security of affected systems. CISA today added it to the CISA Known Exploited Vulnerabilities (KEV) Catalog indicating widespread exploitation is taking place.