Gootloader Malware Is Back With New Tricks After 7-month Break

Gootloader malware has returned after a 7-month hiatus, using SEO tricks to promote fake websites that distribute malicious files. It tricks users into downloading harmful documents, often disguised as legal templates, to install additional malware like ransomware. Researchers have discovered new techniques to evade detection, including obfuscating filenames and using malformed ZIP archives. Users are cautioned to avoid suspicious sites when searching for legal documents.

https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/

Malicious Infrastructure Finds Stability With Aurologic GmbH

,

TLDR: aurologic GmbH is a key German hosting provider supporting high-risk networks linked to cybercrime. Established in 2023, it provides services to many threat activity enablers like Aeza Group and Global-Data System, despite increasing scrutiny and sanctions. The company’s operational neutrality raises concerns about accountability in the internet hosting ecosystem, as it facilitates malicious activities while complying legally. Notable downstream customers have been linked to various malware and cybercrime infrastructures, indicating aurologic's significant role in the ongoing challenges of managing malicious online activities.

https://www.recordedfuture.com/research/malicious-infrastructure-finds-stability-with-aurologic-gmbh

Malicious Android Apps on Google Play Downloaded 42 Million Times

,

Malicious Android apps on Google Play were downloaded over 42 million times between June 2024 and May 2025, with a 67% rise in mobile malware, especially spyware and banking trojans. Shift in cybercriminal tactics towards social engineering-based attacks is noted. The report highlights three significant malware families affecting users: Anatsa (banking trojan), Android Void (backdoor for Android TV boxes), and Xnotice (RAT targeting job seekers). Key advice for users includes applying security updates and using reputable app sources.

https://www.bleepingcomputer.com/news/security/malicious-android-apps-on-google-play-downloaded-42-million-times/

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Extreme TLDR:
Google Threat Intelligence Group (GTIG) identifies increased malicious AI use: adversaries now deploy AI-enhanced malware like PROMPTFLUX and PROMPTSTEAL, capable of dynamic self-modification and command generation. Threat actors use social engineering to bypass AI safeguards and access capabilities for phishing, malware design, and data exfiltration. A mature underground marketplace offers AI tools for cybercrime, reflecting a shift towards greater sophistication in criminal operations. State-sponsored actors leverage AI throughout the attack lifecycle, including advancements in cryptocurrency-focused thefts.

https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools

AI-based Malware Makes Attacks Stealthier and More Adaptive

Google identifies five AI-powered malware families that adapt and evade detection, marking a new phase in cyber threats. These families—FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, and QUIETVAULT—utilize AI to dynamically alter their code and create attacks, complicating defense efforts. Recent findings suggest a technological arms race between attackers and defenders, highlighting the need for improved detection methods against such evolving threats.

https://www.cybersecuritydive.com/news/ai-powered-malware-google/804760/

Cops Cuff 18 Suspects Over $345M Credit Card Fraud Scheme

Eighteen people have been arrested in a global operation targeting three networks suspected of large-scale credit card fraud and money laundering. The criminals used stolen data from millions of cardholders worldwide to create fake online subscriptions for adult and streaming services, resulting in $345 million in losses. The scheme involved insiders at payment processing companies and relied on shell companies to conceal activity. Authorities coordinated across 30 countries, searched dozens of properties, and seized millions in assets. The fraudulent activity was halted in 2021, and investigations continue.

https://www.bankinfosecurity.com/cops-cuff-18-suspects-over-345m-credit-card-fraud-scheme-a-29935

Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

, ,

Tycoon 2FA Phishing Kit Overview:
Emerging in August 2023, Tycoon 2FA is a sophisticated phishing threat leveraging multi-factor authentication (MFA) bypass techniques, primarily targeting Microsoft 365 and Gmail users. With over 64,000 incidents reported in 2025, it employs a Phishing-as-a-Service platform to capture user credentials via a reverse proxy and deceptive login pages. The attack exploits various distribution methods, including PDFs, and evades detection with anti-research mechanisms and real-time MFA code capture. Enhanced security measures and user education are essential to mitigate risks associated with Tycoon 2FA.

https://gbhackers.com/tycoon-2fa-phishing/

Inside the Rise of AI-Powered Pharmaceutical Scams

AI-driven scams in healthcare exploit trust by impersonating real doctors to sell counterfeit medications. Scammers use deepfake technology for false endorsements, creating fake social media accounts and websites that mimic legitimate clinics. These operations pose serious health risks by promoting unapproved drugs like fake GLP-1 products. The coordinated fraudulent networks leverage shared infrastructure, making scams scalable. Consumers are urged to verify pharmacy legitimacy and be cautious of online ads. A collaborative response involving cybersecurity experts and healthcare agencies is essential to combat these threats.

https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

, ,

Google's AI “Big Sleep” found five vulnerabilities in Apple's Safari WebKit, potentially leading to crashes or memory corruption. Apple released patches in iOS 26.1, iPadOS 26.1, and other systems to address these issues. Big Sleep is part of a Google initiative for automated vulnerability discovery, having previously identified risks in other software. Keeping devices updated is recommended for optimal security.

https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

Vulnerability Report

Extreme TLDR:

October 2025 Vulnerability Report highlights critical vulnerabilities impacting major software, including Oracle and Microsoft products. Key entries include CVE-2025-61882 and CVE-2025-59287. New Known Exploited Vulnerabilities catalog entries include VMware and Adobe issues. Unpublished vulnerabilities noted include critical flaws in Chrome and 7-Zip. Contributors discussed ongoing security threats linked to recent incidents and vulnerabilities. Continuous vigilance and timely patching are emphasized.

https://www.vulnerability-lookup.org/2025/11/04/vulnerability-report-october-2025/

Violent Cybercrime Surges in Europe Amid Big Payouts

, ,

Cybercriminals in Europe are increasingly engaging in violent tactics, with 18 reported incidents in 2025, predominantly in France. This surge, termed “violence as a service,” includes high-profile cases like the kidnapping of Ledger co-founders. The UK remains the most targeted country for cybercrime, with over 2,100 attacks recorded since 2024, primarily from ransomware and data theft groups. The rise in violence is linked to organized networks that facilitate traditional cybercrime and physical theft, especially concerning cryptocurrency.

https://www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/

Databroker Files: Targeting the EU

, , ,

Mobile phone location data of millions in the EU is being sold for advertising, posing serious privacy and security risks, including potential espionage. This data can reveal sensitive patterns of movement for EU officials, despite GDPR regulations meant to protect personal information. Investigations show that data brokers can easily target political figures, with significant implications for national security amid rising geopolitical tensions. EU leaders and NATO express concern over the situation but effective protective measures remain inadequate. Comprehensive regulation to curb data trading and enhance privacy rights is urgently needed, with calls for a ban on advertising tracking.

https://netzpolitik.org/2025/databroker-files-targeting-the-eu/

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

,

Extreme TLDR: Check Point Research uncovered vulnerabilities in Microsoft Teams allowing impersonation, message manipulation, and notification spoofing by both outsiders and insiders, risking trust and security for over 320 million users. Microsoft fixed these in 2024-2025 after responsible disclosure. Effective defense requires multi-layered security, user training, and awareness of social engineering threats.

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

New Prompt Injection Papers: Agents Rule of Two and The Attacker Moves Second

Two new papers on LLM security focus on prompt injection:

  1. Agents Rule of Two proposes that agents must not exceed two of these three criteria during a session: process untrustworthy inputs, access sensitive data, or change state/communicate externally. This framework addresses risks of prompt injection effectively, highlighting the need for cautious system design.

  2. The Attacker Moves Second critiques 12 defenses against prompt injections, revealing high success rates for adaptive attacks. These sophisticated attacks outperform simple defenses, underscoring the difficulty of establishing reliable protections.

Overall, the papers emphasize the inadequacy of current prompt injection defenses and advocate for a design-focused approach to enhance security.

https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/

OAuth Device Code Phishing: Azure Vs. Google Compared

, ,

Extreme TLDR: Microsoft and Google implement OAuth 2.0’s device code flow differently, affecting phishing attack vulnerabilities. Microsoft's setup allows attackers to gain significant access via device code phishing by utilizing legitimate API flows, leading to dangerous token generation. Google's implementation limits potential damages due to restricted scopes and client ID controls, making successful exploitation challenging.

https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/

Scroll to Top