Aggregator

Rokarolla Android trojan targets banking and crypto users, enables device takeover

Help Net Security
4 days 14 hours ago

A newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium. Named after its command-and-control (C2) infrastructure, Rokarolla is primarily distributed through malicious websites that impersonate popular applications such as TikTok and Google Chrome, fooling users into downloading what appears to be a legitimate app. Banker malware impersonating a legitimate app and requesting accessibility service (Source: Zimperium) Zimperium said … More →

The post Rokarolla Android trojan targets banking and crypto users, enables device takeover appeared first on Help Net Security.

Sinisa Markovic

CVE-2026-45645 | Microsoft Office -/0.37.3 untrusted pointer dereference (Nessus ID 321311)

Vuldb Updates
4 days 14 hours ago
A vulnerability has been found in Microsoft Office -/0.37.3 and classified as critical. This affects an unknown function. Performing a manipulation results in untrusted pointer dereference. This vulnerability is cataloged as CVE-2026-45645. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.
vuldb.com

Flip expands platform with digital identity, no-code apps, and AI automation

Help Net Security
4 days 14 hours ago

Flip has announced Frontline Identity and Flip Fusion, two new offerings that help organizations securely connect frontline employees to enterprise systems, applications and AI-powered workflows. Flip’s new products expand the platform beyond employee communications, helping organizations provide secure digital identity, enterprise application access and AI-powered workflow automation through a single mobile experience. Frontline Identity brings secure digital identity to frontline workers Flip’s Frontline Identity is a digital identity and authentication platform purpose-built for frontline workers. … More →

The post Flip expands platform with digital identity, no-code apps, and AI automation appeared first on Help Net Security.

Industry News

Corelight enhances Open NDR to detect AI-driven threats and unknown assets

Help Net Security
4 days 14 hours ago

Corelight has expanded its Open NDR platform to include native network performance monitoring and passive asset classification capabilities. The release adds asset visibility to its existing anomaly detection foundation, helping security teams defend against AI-powered threats that can discover and weaponize vulnerabilities faster than patching programs can respond. This new AI-driven threat landscape renders strategies that rely on endpoint controls and patching alone insufficient. With this release, the same Zeek-based analysis engine that powers Corelight’s … More →

The post Corelight enhances Open NDR to detect AI-driven threats and unknown assets appeared first on Help Net Security.

Industry News

CVE-2022-36368 | IPFire up to 2.26 Web User Interface cross site scripting (EUVD-2022-39082)

Vuldb Updates
4 days 14 hours ago
A vulnerability labeled as problematic has been found in IPFire up to 2.26. This issue affects some unknown processing of the component Web User Interface. The manipulation results in cross site scripting. This vulnerability is known as CVE-2022-36368. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2022-36413 | Zoho ManageEngine ADSelfService Plus up to 6203 IDM Application password recovery (EUVD-2022-39125)

Vuldb Updates
4 days 14 hours ago
A vulnerability marked as problematic has been reported in Zoho ManageEngine ADSelfService Plus up to 6203. Affected by this vulnerability is an unknown functionality of the component IDM Application Handler. Performing a manipulation results in weak password recovery. This vulnerability was named CVE-2022-36413. The attack needs to be approached within the local network. There is no available exploit.
vuldb.com

Managed ad