Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.

The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.

The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.

Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.

A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.

"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.

The vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.

Siemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.

A notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.

The GuptiMiner malware campaign, discovered by Avast, involved hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The campaign was orchestrated by a threat actor with possible ties to Kimsuky.