Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection.

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.

we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.

Recent advances in voice synthesis, coupled with the ease with which speech can be harvested for millions of people, introduce new threats to applications that are enabled by devices such as voice assistants (e.g., Amazon Alexa, Google Home etc.). We explore if unrelated and limited amount of speech from a target can be used to synthesize commands for a voice assistant like Amazon Alexa. More specifically, we investigate attacks on voice assistants with synthetic commands when they match command sources to authorized users, and applications (e.g., Alexa Skills) process commands only when their source is an authorized user with a chosen confidence level. We demonstrate that even simple concatenative speech synthesis can be used by an attacker to command voice assistants to perform sensitive operations. We also show that such attacks, when launched by exploiting compromised devices in the vicinity of voice assistants, can have relatively small host and network footprint. Our results demonstrate the need for better defenses against synthetic malicious commands that could target voice assistants.

Workers with allegiances to the Democratic People's Republic of Korea (DPRK) have been infiltrating organizations worldwide through a fraudulent remote work scheme. This operation not only violates international sanctions but also poses cybersecurity risks to unwitting employers.

• Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.
• We discovered a new Python program called PXA Stealer that targets victims’ sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software.
• PXA Stealer has the capability to decrypt the victim’s browser master password and uses it to steal the stored credentials of various online accounts.
• The attacker has used complex obfuscation techniques for the batch scripts used in this campaign.
• We discovered the attacker selling credentials and tools in the Telegram channel “Mua Bán Scan MINI,” which is where the CoralRaider adversary operates, but we are not sure if the attacker belongs to the CoralRaider threat group or another Vietnamese cybercrime group.

Crimeware predictions for 2025

1. Upsurge in stealer activity
2. Attacks against central banks and open banking initiatives
3. Increase in supply chain attacks on open-source projects
4. New blockchain-based threats
5. Expansion of Chinese-speaking crimeware worldwide
6. Synthetic data poisoning through ransomware
7. Quantum-resistant ransomware
8. Weaponization of regulatory compliance by ransomware attackers
9. Ransomware-as-a-service proliferation
10. More AI and machine learning on the defense side
11. Upsurge in financial cyberattacks targeting smartphones