cybercriminals

Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
AppWizard
June 30, 2026
Google is opposing the European Union's proposed amendments to the Digital Markets Act (DMA), warning that these changes could jeopardize user privacy and security. The DMA aims to reduce the dominance of major tech platforms by requiring gatekeepers like Google to share more data with competitors. Google is particularly concerned about the implications of sharing search data and granting third-party AI services access to sensitive Android features, fearing that this could lead to increased fraud and cyberattacks. The European Commission is pushing for Google to provide rival search engines with access to anonymized search data to enhance competition, but Google argues that once this data leaves its infrastructure, it becomes difficult to protect. DuckDuckGo and some researchers believe the Commission's proposals adequately address privacy risks, while others acknowledge the risks but suggest they should be balanced against technical protections. Additionally, EU regulators are advocating for deeper integration of competing AI assistants with Android, which Google warns could compromise existing security measures. Apple has shown support for some of Google's concerns regarding access to operating systems.
Tech Optimizer
June 23, 2026
A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.
Tech Optimizer
June 21, 2026
Antivirus software is evolving from relying on static databases of known malware signatures to employing behavioral monitoring and machine learning for threat detection. Traditional antivirus solutions focused on recognizing known threats through unique signatures, but this approach has become inadequate due to the rapid evolution of malware, including polymorphic and metamorphic types. Modern antivirus systems now monitor program behavior, looking for suspicious activities such as unexpected file encryption or unusual network communication. Machine learning models analyze large datasets to identify patterns associated with malware, allowing for the classification of files as safe, potentially unwanted, or malicious. Techniques like sandboxing and dynamic analysis are used to preemptively neutralize threats. However, advancements in AI also present challenges, as cybercriminals can exploit these technologies to create sophisticated malware that evades detection. Despite improvements in antivirus effectiveness, modern cyberattacks increasingly target individuals through methods like phishing and social engineering, necessitating a combination of robust antivirus solutions and good cybersecurity practices.
Winsage
June 19, 2026
Microsoft released Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Two issues have been acknowledged: malfunctioning Office applications and complications with the Recycle Bin. In July 2025, Microsoft changed the default settings of Windows 11 to JScript9Legacy in versions 24H2 and later, continuing with version 25H2 in October 2025. This change aimed to enhance security by addressing vulnerabilities related to legacy scripting, particularly cross-site scripting (XSS). A support article details a compatibility issue arising from the transition from jscript9.dll to jscript9legacy.dll, which affects how JScript manages execution context. Functions and definitions established by one script are no longer accessible to subsequent scripts, leading to failures in legacy applications. To address this, Microsoft released the KB5077241 update, which requires manual activation of persistent JScript execution context through a Registry setting. The steps to implement this solution involve creating a feature control registry key and configuring a DWORD value for specific processes or all processes.
Search