The constant threats that internet users face every day are still around. You and I can fall victim. That's why education and awareness can go a long way to ensure that we don't. What are these threats, you might ask? Malware, vulnerabilities, and scams.
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Tracked as CVE-2025-9491, threat actors have been abusing it since, wait for it, 2017! To complicate issues, at the time of writing, there is no patch from Microsoft.
From the article:
With no patch available, Windows users are left with a limited number of options for fending off attacks. The most effective countermeasure is locking down .lnk functions by blocking or restricting the usage of .lnk files from untrusted origins. This can be done by setting the Windows Explorer to disable the automatic resolution of such files. The severity rating for CVE-2025-9491 is 7 out of 10.
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
It's another day and another Android malware stealing financial data. Why would someone work hard to earn money while another will develop an application to steal it from them?
From the article:
Once installed, the malicious apps are designed to harvest device information and set the volume of various audio streams, such as music, ringtone, and notifications, to zero to prevent the affected victim from being alerted to incoming calls, messages, and other in-app notifications.
It also establishes communication with a remote server ("ping.ynrkone[.]top"), and upon receiving the "OPEN_ACCESSIBILITY" command, it urges the user to enable accessibility services so as to realize its goals, including gaining elevated privileges and performing malicious actions.
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The lengths to which attackers will go to just to compromise a system will not cease to amaze me. Malware in a Linux VM? That's a first for me.
From the article:
Based on the observations in these attacks, Bitdefender suggests that organizations should monitor for abnormal Hyper-V activation, LSASS access, or PowerShell scripts deployed via Group Policy that trigger local account password resets, or creating new ones.
Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming
This is the first time that I am learning about this. I mean, I am at unease when I read how people weaponize popular applications against their users. In this article, there is a screenshot from a Reddit post detailing how someone's mother lost money in this scam.
From the article:
The scam described above is another reminder that social engineering remains one of the most powerful weapons in a cybercriminal’s arsenal. It also reveals how a momentary lapse in judgment can wipe out your life savings. In cases like these, therefore, awareness is your first and strongest line of protection.
‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones
It appears to be a targeted attack targeting the following Samsung models: Galaxy S22, S23, S24, and some Z models. The excerpt below briefly explains the capabilities of the spyware. To be frank, I am not surprised.
Much like other government spyware, Landfall is capable of broad device surveillance, such as accessing the victim’s data, including photos, messages, contacts and call logs, as well as the tapping of the device’s microphone and tracking their precise location.
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
At the time of writing, it appears to be a test from whoever uploaded the VS Code extension. There is nothing more to say from my side.
From the article:
The disclosure comes as Datadog Security Labs unearthed 17 npm packages that masquerade as benign software development kits (SDKs) and provide the advertised functionality, but are engineered to stealthily execute Vidar Stealer on infected systems. The development marks the first time the information stealer has been distributed via the npm registry.
ClickFix Attacks Against macOS Users Evolving
The goal of this attack is to trick users into installing malware on their devices. Therefore, be careful if any website instructs you to copy a command and run it on your system. Also, tell your family and friends; if you're smart not to fall victim, they might not be so lucky.
From the article:
Targeting macOS users in a malware distribution campaign is in general more challenging compared to Windows, but the latest improvements in ClickFix attacks demonstrate that threat actors are rapidly adapting their tactics.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)