ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Google shows off a timeline for 2029 to protect the quantum era with post-quantum cryptography (PQC). GitHub adds AI-powered security detections to GitHub Code Security. Moderate confidence links the Russian hacker group Sandworm (also known as APT-C-13) to an attack campaign that uses pirated copies of real software like Microsoft Office.

It is believed that these attacks use Telegram to spread malware and use social engineering to trick Ukrainian users into looking for software cracks. Attackers are sending copyright-infringement notices in a fileless phishing campaign that is aimed at healthcare and government groups. Fake meeting invites for video conferencing apps like Zoom, Microsoft Teams, and Google Meet are being used in phishing campaigns. AhnLab says that the Larva-26002 threat actor is still going after MS-SQL servers that aren't being properly managed.

ShieldGuard was a cryptocurrency scam that said it was a security tool that would protect crypto wallets from phishing and bad smart contracts through a browser extension. A new study has found a serious security hole in ClawHub, an OpenClaw skills marketplace. Five new malicious npm packages have been found to typosquat a real cryptocurrency library.

Business-related lures like job interviews, project briefs, and financial documents are being used in a Google Forms campaign. Another campaign has been seen using hidden Visual Basic Script (VBScript) files to send PhantomVAI Loader through PNG image files on the Internet Archive to install Remcos RAT and XWorm.

Cloud phones are virtual phone systems that run on Android and work over the internet. They let users make and receive calls, send and receive messages, and use features just like a real phone. People who want to commit fraud can buy, sell, and move cloud phones that come with pre-loaded e-wallets and pre-verified bank cards and accounts.

They can then use these phones in Account TakeOver (ATO) and Authorized Push Payment (APP) scams. In this scheme, fraudsters pretend to be bank workers and trick people into giving them their personal banking information. North Korean hackers are thought to be behind the 2024 Polyfill[. ]io supply chain attack.

A judge in the United States agreed to throw out a case against tech giant Meta that was brought by a former WhatsApp employee.

Cybercriminals are selling a new Android RAT called Oblivion RAT on networks that offer malware as a service (MaaS) for $300 per month. The RAT takes advantage of Android's accessibility services API to get more permissions and steal private information. Tools that people are used to, normal processes, and things that people don't question anymore.

That space between "looks fine" and "definitely not fine" is still doing most of the work. Nothing here is surprising by itself. But when you put them all together, it's a little uncomfortable. To see the rest of the video, click on the gallery.

Back to the home page of Mail Online. Go back to the page you came from. Click here to see the video page you were looking at.