Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Kaspersky

343

Image Credit: Kaspersky

Update your VMware ESXi products now | Kaspersky official blog

Broadcom released emergency updates addressing vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 affecting VMware products.
The exploited CVE-2025-22224 enables virtual machine escape and direct code execution on ESX hypervisor.
Vulnerabilities affect various VMware products, potentially impacting more than 41,000 ESXi servers globally.
The most severe CVE-2025-22224 vulnerability in VMware ESXi allows code execution on the host.
CVE-2025-22225 permits arbitrary kernel write while CVE-2025-22226 allows information disclosure.
Exploitation requires administrative privileges on compromised virtual machines.
Attack scenarios involve compromising a single virtual machine to seize control of the computing cluster.
Recommendations include promptly updating VMware products and leveraging tools like vMotion for patch deployment.
Organizations should review settings, properly segment VMware infrastructures, and utilize cloud security tools.
Having an EDR agent installed on virtual machines is crucial for detection and prevention of initial infections.

Read Full Article

20 Likes

Siliconangle

178

Image Credit: Siliconangle

February sets record for highest number of ransomware attacks ever reported

February 2025 experienced the highest number of ransomware attacks ever reported, with 962 victims.
The surge in attacks highlights a growing ransomware crisis, with cybercriminals exploiting software vulnerabilities.
Clop ransomware group was responsible for 335 attacks, exploiting high-severity vulnerabilities in Cleo file transfer software.
Ransomware attackers are now targeting edge network devices and using a two-stage process to maximize impact and evade detection.

Read Full Article

10 Likes

Securityaffairs

Image Credit: Securityaffairs

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025.
The FBI, CISA, and MS-ISAC have issued a joint advisory on Medusa ransomware.
Medusa is a ransomware-as-a-service (RaaS) variant that has impacted various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing.
Medusa operators employ various techniques and tools to gain unauthorized access, move laterally, perform reconnaissance, encrypt files, and conduct double extortion schemes.

Read Full Article

1 Like

Cybersecurity-Insiders

344

Image Credit: Cybersecurity-Insiders

US populace should be wary of malware and digital arrest messages on iPhones

Residents in Hampden County, Massachusetts, are receiving fraudulent text messages claiming to be related to an investigation, redirecting them to a phishing website and prompting them to enter sensitive information.
Scammers are making digital arrest calls through WhatsApp and other video conferencing platforms, pretending to be law enforcement officers and demanding a substantial payment to avoid a criminal case.
Only a few individuals have fallen for these scams, suggesting increased public awareness and ability to distinguish between fraudulent calls and legitimate notifications.
The scams target iPhone users, possibly due to the misconception that they are wealthier, despite the popularity of Android devices among high-profile individuals.

Read Full Article

20 Likes

Discover more

Securityaffairs

135

Image Credit: Securityaffairs

China-linked APT UNC3886 targets EoL Juniper routers

China-linked APT UNC3886 deploys custom backdoors on Juniper Networks Junos OS MX routers.
Mandiant researchers discover TINYSHELL-based backdoors on Juniper MX routers targeting defense, technology, and telecommunications sectors in the US and Asia.
UNC3886 demonstrates in-depth knowledge of system internals and uses compromised credentials to access Junos OS CLI from terminal servers.
Mandiant provides Indicators of Compromise (IoCs) and Yara rules to detect the backdoors.

Read Full Article

8 Likes

TechCrunch

305

Image Credit: TechCrunch

North Korean government hackers snuck spyware on Android app store

A group of hackers with links to the North Korean regime uploaded Android spyware onto the Google Play app store.
The spyware app, known as KoSpy, was able to trick some people into downloading it.
The spyware collected a range of sensitive information, including SMS text messages, call logs, location data, and user-entered keystrokes.
The spyware campaign was likely targeting specific individuals, and the apps have been removed from Google Play.

Read Full Article

18 Likes

Securityaffairs

414

Image Credit: Securityaffairs

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers.
The botnet spreads automatically using a remote code execution (RCE) flaw.
The Ballista botnet has been linked to an Italian-based threat actor.
The botnet has affected manufacturing, healthcare, services, and tech sectors in multiple countries.

Read Full Article

24 Likes

Kaspersky

Image Credit: Kaspersky

Main vulnerabilities from Microsoft's March Patch Tuesday | Kaspersky official blog

Microsoft has released patches for six vulnerabilities actively exploited in the wild.
Four vulnerabilities are related to file systems and are potentially part of the same attack or used by the same actor.
Two file system vulnerabilities allow attackers to gain access to parts of the heap on the victim's computer, while the other two lead to remote code execution.
In addition to the actively exploited vulnerabilities, Microsoft also closed a zero-day vulnerability in Microsoft Access and several other critical vulnerabilities.

Read Full Article

3 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Ransomware gangs infiltrating through vulnerable Perimeter Security Appliances

Manufacturers of perimeter security appliances have shown a lack of attention to robust security features, making these products vulnerable to ransomware attacks.
58% of the claims handled by Coalition in 2024 were linked to security compromises stemming from vulnerabilities in perimeter security appliances.
The use of default logins and exposed credentials for remote management solutions and login panels are common mistakes leading to these vulnerabilities.
Both manufacturers and users have a shared responsibility in securing these devices and reducing the risks of cyberattacks.

Read Full Article

3 Likes

TechCrunch

318

Image Credit: TechCrunch

Tata Technologies’ data leaked by ransomware gang

A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies.
The leaked data includes personal details of employees, purchase orders, and contracts with customers in India and the United States.
The data set uploaded by the ransomware group totals about 1.4 terabytes in size.
Tata Technologies, a subsidiary of the Tata Group, provides product engineering and research services to automotive and aerospace companies worldwide.

Read Full Article

19 Likes

Krebsonsecurity

327

Alleged Co-Founder of Garantex Arrested in India

The alleged co-founder of Garantex, a sanctioned cryptocurrency exchange, has been arrested in India.
Aleksej Besciokov, a Lithuanian national, was apprehended while on vacation with his family on the coast of India.
Garantex was sanctioned by the US government in 2022 for facilitating money laundering activities.
Besciokov is charged with conspiracy to commit money laundering, violating the International Economic Emergency Powers Act, and operating an unlicensed money transmitting business.

Read Full Article

19 Likes

Securelist

161

Image Credit: Securelist

DCRat backdoor returns

A new wave of DCRat distribution has been detected in 2025.
The DCRat backdoor is distributed through YouTube, disguised as gaming software.
The backdoor has various modules for keystroke logging, webcam access, file grabbing, and password exfiltration.
Most victims of DCRat are in Russia, with some cases in Belarus, Kazakhstan, and China.

Read Full Article

9 Likes

Securityaffairs

166

Image Credit: Securityaffairs

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution.
Over 1,000 attacks detected globally.
The vulnerability tracked as CVE-2024-4577 allows for remote code execution on vulnerable servers using Apache and PHP-CGI.
GreyNoise researchers report a significant increase in attacks targeting multiple regions, including the US, UK, Singapore, and Japan.

Read Full Article

10 Likes

Securityaffairs

109

Image Credit: Securityaffairs

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

RansomHouse gang claims the hack of the Loretto Hospital in Chicago.
The RansomHouse gang claims to have stolen 1.5TB of sensitive data from Loretto Hospital.
RansomHouse is a data extortion group that focuses on data theft instead of encryption. Victims include AMD and Keralty.
Ransomware attacks on US healthcare providers have surged, with 98 attacks compromising 117 million records in 2024.

Read Full Article

6 Likes

Cybersafe

122

Image Credit: Cybersafe

SilentCryptoMiner infects 2,000 Russians via Fake VPN Tools

A new malware campaign, known as SilentCryptoMiner, has infected over 2,000 Russian users by disguising itself as a tool for bypassing internet restrictions.
Cybercriminals are spreading the malware by using Windows Packet Divert (WPD) tools to distribute malicious software.
The malware is concealed within booby-trapped archives and delivered in two stages, using Python scripts and process hollowing techniques.
The SilentCryptoMiner is built on the open-source XMRig, making it harder to be detected by antivirus tools, and can be controlled remotely via a web panel.

Read Full Article

7 Likes

For uninterrupted reading, download the app