Issues

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud Via NFC Relay Attacks

SuperCard X is a new Android malware platform enabling NFC relay attacks, allowing criminals to commit ATM and PoS fraud by intercepting and relaying card details. Targeting Italian banking customers, it employs social engineering tactics through fake apps and deceptive messages that prompt victims to install malicious software. The malware captures card data and relays it to external servers for unauthorized transactions. SuperCard X utilizes sophisticated techniques, including custom app versions and secure communication methods, posing significant financial risks to payment systems. Users are urged to avoid unknown apps and enable protections against malware.

https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Apple Fixes Two Zero-days Exploited in Targeted iPhone Attacks

,

Apple patched two zero-day vulnerabilities in iPhones, affecting several operating systems, after reports of exploitation in targeted attacks. The flaws, found in CoreAudio and RPAC, allow remote code execution and bypass security features. Users are urged to update their devices immediately. This marks the fifth zero-day fix from Apple this year.

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/

The Rise of Slopsquatting: How AI Hallucinations Are Fueling…

Slopsquatting is a new supply chain attack using AI-generated nonexistent package names, making it easier for attackers to exploit developer trust in AI tools. Research shows significant hallucination rates in code generation models, with 19.7% of suggested packages being fake. This poses serious risks as developers may unknowingly install these malicious packages, especially with the growing trend of “vibe coding” where developers rely heavily on AI for code creation. Security measures must adapt to identify and mitigate these threats effectively to protect software ecosystems.

https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks

“The Girl Should Be Calling Men.” Leak Exposes Black Basta’s Influence Tactics.

Leak reveals Black Basta ransomware group's tactics, including social engineering strategies where women call men and men call women to exploit trust biases. The messages expose organization dynamics, workflows, and methods for exploiting vulnerabilities, showcasing a structured and efficient operation. The leak offers cybersecurity insights to defend against such tactics.

https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

Oracle Says “obsolete Servers” Hacked, Denies Cloud Breach

Oracle confirmed hacking of “obsolete servers,” denying any impact on its cloud services or customer data. Hackers accessed and leaked user credentials from outdated infrastructure, asserting no usability of exposed passwords. Cybersecurity experts question Oracle's terminology, suggesting the breach pertains to legacy systems still managed by the company, which has not clarified server specifics. Recent breaches include compromised patient data from Oracle Health.

https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/

Google Fixes Android Zero-days Exploited in Attacks, 60 Other Flaws

Google patched 62 Android vulnerabilities in April 2025, including two zero-days exploited in targeted attacks, one linked to a Serbian police operation using Cellebrite tools. The first zero-day (CVE-2024-53197) involved a privilege escalation in the Linux kernel's USB-audio driver. The second zero-day (CVE-2024-53150) allowed attackers access to sensitive information via an out-of-bounds read. The updates were shared with OEM partners in January, and additional security flaws were addressed in the monthly patches.

https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/

CISA and FBI Warn Fast Flux Is Powering Resilient Malware, C2, and Phishing Networks

,

CISA and FBI warn that “fast flux” technique aids malware, C2, and phishing networks by obscuring malicious server locations through rapid DNS record changes. It's a persistent network security threat, complicating tracking and blocking by authorities. Recommended countermeasures include blocking malicious IPs and domains and enhancing monitoring.

https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html

Malicious PyPI Package Targets E-commerce Sites With Automated Carding Script

Malicious Python package “disgrasya” on PyPI automates credit card fraud targeting WooCommerce sites. It mimics legitimate user behavior to bypass fraud detection, exfiltrating card data to attackers. With 34,000 downloads before removal, it highlights evolving cyber threats in e-commerce. Merchants are urged to enhance security against similar attacks.

https://gbhackers.com/malicious-pypi-package-targets-e-commerce-sites/

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

PoisonSeed is a phishing campaign targeting CRM and bulk email providers, using compromised credentials to send phishing emails aimed at stealing cryptocurrency funds. Attackers create fake login pages for popular platforms, steal credentials, export email lists, and send phishing emails promoting fake wallet setups. This method delays the theft of funds by using misleading seed phrases provided to victims during wallet creation. The campaign represents a new threat evolution, combining supply chain compromise with cryptocurrency scams. Organizations are advised to monitor for related indicators of compromise and reinforce email security.

https://gbhackers.com/poisonseed-targets-crm-and-bulk-email-providers/

If Einstein Was Your CISO: Cybersecurity Lessons From Words Of Wisdom

Einstein's wisdom can enhance cybersecurity strategies. Key lessons include:

  1. Innovate instead of using outdated methods to tackle evolving threats.
  2. Prevention is better than reaction; focus on proactive security measures.
  3. Simplifying complex security policies ensures understanding and compliance among all stakeholders.
  4. Metrics should measure meaningful aspects of cybersecurity, not merely incident counts.
  5. Learn from incidents to improve defenses; treat breaches as opportunities for growth.

These principles stress the importance of creativity, prevention, clarity, and continuous improvement in cybersecurity.

https://www.forbes.com/councils/forbestechcouncil/2025/04/03/if-einstein-was-your-ciso-cybersecurity-lessons-from-words-of-wisdom/

Oracle Privately Confirms Cloud Breach to Customers

Oracle confirmed to customers a breach involving the theft of old client credentials from a legacy system last used in 2017. Despite Oracle's claim that the data isn't sensitive, it appears the attacker accessed more current data and sold it online. Investigations are ongoing with the FBI and CrowdStrike. Additional data breaches at Oracle Health impacted U.S. healthcare organizations, with extortion threats against hospitals for acquired patient data. Oracle has consistently denied any breach in its current cloud services, focusing instead on older, legacy platforms.

https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/

Threat Actors Leverage Tax Season to Deploy Tax-themed Phishing Campaigns

Microsoft warns of tax-themed phishing campaigns as Tax Day approaches, where attackers use social engineering to steal credentials and deploy malware. Techniques include URL shorteners, QR codes, and fake IRS notifications leading to malicious downloads, such as BruteRatel and Latrodectus. Microsoft’s recommendations for protection emphasize user education, advanced anti-phishing solutions, and using tools like Microsoft Defender Office 365 to block suspicious emails.

https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

US, Australia, Canada Warn of ‘fast Flux’ Scheme Used by Ransomware Gangs

US, Australia, Canada warn ransomware gangs use ‘fast flux' to obscure cyberattack infrastructure. This technique rapidly changes DNS records, making detection harder, complicating law enforcement efforts. Two variants exist: single flux (multiple IPs for one domain) and double flux (changing DNS servers as well). Used for over a decade, its resurgence among nation-state actors raises alarms. Ransomware groups like Hive utilize it for resilience and anonymity, thwarting takedowns and assessments.

https://therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia

The Weaponization of PDFs : 68% of Cyber Attacks Begin in Your Inbox, With 22% of These Hiding in PDFs

68% of cyberattacks start via email; 22% involve malicious PDFs. With over 400 billion PDFs opened in a year, PDFs serve as effective delivery mechanisms for attacks due to their complexity and perceived safety. Attackers leverage social engineering and advanced evasion techniques, making it hard for security systems to detect threats. Typical PDF attacks include link-based campaigns leading to phishing sites, utilizing benign links and QR codes for obfuscation. Users are advised to verify senders, be cautious with unexpected attachments, and keep software updated to mitigate risks.

https://blog.checkpoint.com/research/the-weaponization-of-pdfs-68-of-cyberattacks-begin-in-your-inbox-with-22-of-these-hiding-in-pdfs/

Scroll to Top