Stealing user credentials with evilginx
A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope
Similar Posts
District of Arizona Clarifies Causes of Action Available for Breach of Health Data
Bys sNick Palmieri of Baker Botts writes: Healthcare providers wrestling with the legal fallout of cyber-attacks just received a fresh reminder from the District of Arizona: traditional tort and contract theories remain difficult to sustain after a breach, but consumer-fraud statutes can keep a case alive. In Johnson v. Yuma Regional Medical Center, fourteen patients sued the……
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
Bys sThe malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said…
Beyond the kill chain: What cybercriminals do with their money (Part 2)
Bys sIn the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks
Bys sCybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus. “This extensive campaign…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Bys sCybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below – CVE-2025-10643 (CVSS score: 9.1) – An authentication bypass vulnerability that
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Bys sThreat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which…