We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

hacking group

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems
Tech Optimizer
August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.
Beware – Iran-linked fake VPN apps found to spy on Android users
AppWizard
July 22, 2025

Beware – Iran-linked fake VPN apps found to spy on Android users

Researchers have identified a new spyware campaign targeting Iranian users of Android VPN applications, specifically a revamped version of DCHSpy, which disguises itself as legitimate VPN services like Starlink. This campaign began shortly after the Israel-Iran conflict and coincided with increased VPN usage among Iranians facing internet restrictions. DCHSpy can collect sensitive user data, including WhatsApp messages, contacts, SMS, files, location information, call logs, and has the ability to record audio and capture images. The spyware is maintained by the hacking group MuddyWater, linked to Iran's Ministry of Intelligence and Security, and has been enhanced with new functionalities. Malicious VPN services EarthVPN and ComodoVPN are being used to spread the malware, following the previous use of HideVPN. Experts warn that hackers are distributing malicious APKs through trusted platforms like Telegram, increasing risks for Iranian citizens. Security analyst Azam Jangrevi advises caution when downloading apps, recommending verified app stores and mobile security solutions to detect threats like DCHSpy. For high-risk professionals, she suggests using hardware-based security keys and vetted encrypted messaging applications.
Novel Lyrix ransomware sets sights on Windows systems
Tech Optimizer
June 17, 2025

Novel Lyrix ransomware sets sights on Windows systems

Freedman HealthCare experienced a significant data breach involving 52.4 GB of sensitive data and 42,204 files, allegedly compromised by the hacking group World Leaks, also known as Hunters International. The group has threatened to release the compromised information by Tuesday morning.
Microsoft warns of 66 flaws to fix for this Patch Tuesday
Winsage
June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.
Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
Winsage
March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.
Signal is 'as safe as messaging apps get', but not for national security
AppWizard
March 25, 2025

Signal is ‘as safe as messaging apps get’, but not for national security

End-to-end encrypted messaging app Signal is recognized for its security features but is advised against for use by government officials discussing national security. A breach occurred when members of former President Donald Trump's national security team mistakenly included a journalist in a group chat sharing sensitive military information. Cybersecurity experts express concerns about the potential legal implications of using apps like Signal for classified communications, as it could violate the Espionage Act. High-ranking officials were involved in this incident, which exposed sensitive details, including air-strike targets and the identity of a CIA officer. Typically, government officials use Secure Compartmentalized Information Facilities (SCIFs) for classified information, and there are specific government-approved systems for transmitting such information that do not include Signal.
New Windows zero-day exploited by 11 state hacking groups since 2017
Winsage
March 18, 2025

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.
Not for the first time: North Korean hackers used fake apps to spread spyware on Android
AppWizard
March 12, 2025

Not for the first time: North Korean hackers used fake apps to spread spyware on Android

Malware, specifically a new spyware variant called KoSpy, has been linked to a North Korean hacking group known as ScarCruft (APT37). Researchers at Lookout Threat Lab discovered KoSpy concealed within deceptive applications like file managers and security software. Once installed, it can extract sensitive information such as SMS messages, call logs, device location, and access files. It can also record audio and video, capture screenshots, and log keystrokes. The data collected is transmitted to Command and Control servers encrypted with a hardcoded AES key and utilizes Firebase Firestore for configuration data. At least one malicious application associated with KoSpy was found on the Google Play Store, downloaded over ten times, and similar apps were also on third-party app store APKPure. Google has since removed the identified applications and deactivated the related Firebase projects.
Spyware in bogus Android apps is attributed to North Korean group
AppWizard
March 12, 2025

Spyware in bogus Android apps is attributed to North Korean group

Researchers from Lookout have identified a malware strain named KoSpy, linked to North Korean state-sponsored hackers, specifically the advanced persistent threat group ScarCruft (APT37). KoSpy targets Android devices to surveil Korean and English-speaking users and has been found on the Google Play Store and third-party app stores, disguised as utility applications. The malware can harvest sensitive information, including call logs, text messages, files, audio recordings, screenshots, and user location data. Google has removed all infected applications from its platform, confirming that the latest version was taken down before installations occurred. KoSpy first emerged in March 2022, with new samples appearing as recently as last year. The applications associated with KoSpy often have Korean titles and support both English and Korean languages. KoSpy shares infrastructure with another North Korean hacking group, Kimsuky (APT43), which has conducted spearphishing attacks. ScarCruft has targeted South Korean users and expanded its reach to countries including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and several Middle Eastern nations. In January, ScarCruft was linked to an espionage campaign against media organizations and academics, and in October, it was connected to a malware operation in Southeast Asia.
Search