Zeljka Zorz
The magnitude of Android’s “master key” bug
The Android flaw whose existence was revealed last week by Bluebox Security is as bad as they come. “Blowing hash and signing functions so that the underlying code can …
Mass login attempts compromise 24,000 Nintendo site accounts
Some 24,000 user accounts – but luckily no user financial information – were compromised in mass login attempts to the Club Nintendo website. The global website is …
Multi-platform Java RAT targeting government agencies
A new spear-phishing campaign targeting government agencies mostly in the US, Canada, Australia, a few European countries and the Russian Federation has been spotted by …
“Pinterest Tool” scam aimed at stealing login credentials
Last week we warned about fake “Password changed” emails targeting users of the popular photo-sharing website, but there has been a general uptick in …
Critical Cryptocat group chat bug fixed
A critical security vulnerability in Cryptocat versions older than 2.0.42 has been patched and developers are urging users to update to the latest available version of the …
Trojanized Android app collects info, comments on NSA surveillance
An unusual Android Trojan has been recently unearthed by McAfee’s researchers, embedded in a pirated version of a legitimate music app. The app in question is Jay Z …
Fake Pinterest “Password changed” email leads to malware
Pinterest users beware: an email purportedly coming from the popular pinboard-style photo-sharing website and notifying you of a successful password reset is fake: If you …
Android bug allows app code change without breaking signatures
Researchers from Bluebox Security have discovered a critical Android flaw that allows attackers to modify the code of any app without breaking its cryptographic signature, and …
Aggressive Android adware masquerading as Wi-Fi password cracking app
Statistics say that Android malware and aggressive adware is on the rise, so the fact that researchers occasionally find some of it on legitimate online app markets should not …
Darkleech Apache module injection campaign delivers malware
One of the most successful malware infection campaigns ever is still going strong, and researchers have not come closer to discovering how the attackers are compromising web …
System Doctor 2014: A fake AV for the upcoming year
In an effort to keep one step ahead of security solutions and attentive users, peddlers of fake AV solutions often change the name of the malware they are trying to sell. …
“Blizzard Entertainment IP Restrictions” phishing email doing rounds
Blizzard Entertainment has acknowledged that the notification email that has been hitting users’ inboxes and has been purportedly sent by the company is, in fact, a …
Featured news
Resources
Don't miss
- Why risk alone doesn’t get you to yes
- ShipSec Studio brings open-source workflow orchestration to security operations
- Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
- TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
- CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation