If a user enters any of the bogus domain names in a browser, it will be redirected to a real URL shortening service: Bitly, Cuttly, or ShortUrl.at, which makes it look like they are just alternative domains for the well-known services.

The threat actor targets victims using phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub files with macros, or PDFs containing URLs that download dangerous JavaScript files.

Although it is still early in the investigation and the company has not released any information about the method used to breach its systems, the hackers may have used data collected by information-stealing malware to gain access to Indigo’s network.

A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), which allows easier abuse of sensitive permissions.

The initial stage of Enigma, Interview conditions.word.exe, is a downloader written in C++. Its primary objective is to download, deobfuscate, decompress, and launch the secondary stage payload.

Researchers at Cyble uncovered a new Medusa DDoS botnet version based on the leaked Mirai source code. With this, it has appropriated Mirai’s DDoS attack choices and Linux targeting capabilities. It comes with a ransomware module and Telnet brute-forcer. Additionally, a dedicated portal now advertises Medusa as a malware-as-a-service for DDoS or mining.

A large-scale QakNote campaign is ongoing that drops QBot banking trojan on systems via malicious Microsoft OneNote attachments. The phishing emails contain OneNote files that have an embedded HTML application (HTA file) that retrieves the QBot malware payload. The adoption signals “a much more automated, streamlined fashion” as opposed to previous small-scale malware attacks.

Of the externally reported bugs, three are rated ‘high severity’. These include a type confusion flaw in the V8 engine, an inappropriate implementation issue in full screen mode, and an out-of-bounds read vulnerability in WebRTC.

While the threat actor made it very easy to detect the bundled backdoor in the first game mode published on the Steam Store, the twenty lines of code malicious code included with the three newer game mods were much harder to spot.

The Graphiron malware allows operators to harvest a wide range of information from the infected systems, including system info, credentials, screenshots, and files. The malicious code is written in the Go programming language.