Aggregator

Cybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, available in both PowerShell and .NET variants, has been linked with medium confidence to a nation-state threat actor operating through a likely supply chain attack […]

The post Airstalk Malware: Multi-Threaded C2 Steals Windows Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

You must login to view this content

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-24893 XWiki Platform Eval Injection Vulnerability
• CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors.

Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise. 

Best practices in this guide focus on hardening user authentication and access, ensuring strong network encryption, and minimizing application attack surfaces. CISA recommends organizations also decommission any remaining end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365, as retaining the “last Exchange server” can expose organizations to ongoing exploitation activity. 

CISA recommends organizations implement Microsoft Exchange Server Best Practices and take steps to decommission end-of-life on-premises Exchange servers in hybrid environments to significantly reduce their risk from cyber threats. 

CISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. 

• ICSA-25-303-01 International Standards Organization ISO 15118-2
• ICSA-25-303-02 Hitachi Energy TropOS 

CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.

A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilitate fraudulent transactions. What initially appeared as isolated incidents in April 2024 has evolved into a large-scale threat operation targeting financial institutions across Russia, Poland, […]

The post NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.