A version of FMWhatsApp, a popular WhatsApp mod, was found to carry a trojan. Dubbed Triada, the trojan downloads malicious apps on victims’ devices and is found in version 16.80.0 of FMWhatsApp.

Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.

One of the most interesting trends over the past few months, according to a new report, is the rising demand for access to cloud accounts in the sale of admin credentials from Initial Access Brokers.

According to an advisory on GitHub, both TensorFlow and Keras, a wrapper library for TensorFlow, used an unsafe function to deserialize YAML-encoded machine learning models.

The operators of Ragnarok ransomware have called quits and released decryption keys in a recent announcement. Active since 2019, the group had claimed several victims globally. Ragnarok’s sudden disappearance doesn’t look like a planned one. A universal decryptor for Ragnarok ransomware has been released by Emsisoft.

OpenSea was targeted by an aggressive phishing attack. The attackers hid in the crypto platform’s Discord server and impersonated legit OpenSea employees to steal NFTs and cryptocurrency.

In late July, an ongoing spear-phishing campaign was discovered abusing two Russian language documents, which were laced with the same malicious macro to deliver Konni RAT.

Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a DeFi platform that allows users to loan and speculate on cryptocurrency price variations.

Check Point Software Technologies has agreed to buy email security solutions provider Avanan to deliver best-of-breed cloud email malware protection and expand security to SaaS collaboration suites.

The critical command injection vulnerability was discovered and patched in May 2021. A PoC was released and within a week, attackers exploited the vulnerability to deploy variants of Mirai.