Over Security

Over Security

33613 bookmarks
Custom sorting
Oh MyAudi!
Oh MyAudi!
This is quite a different post as it is not related as usual to Windows vulnerabilities 😉. In the past period, I have been looking into the myAudi connected vehicle platform “Audi Connect and…
·decoder.cloud·
Oh MyAudi!
Another spyware maker caught distributing fake Android snooping apps
Another spyware maker caught distributing fake Android snooping apps
Researchers have found a new case where government authorities used a fake Android app to plant spyware on a target’s phone. The company that allegedly developed the spyware was not previously known to sell this type of software.
·techcrunch.com·
Another spyware maker caught distributing fake Android snooping apps
Ubuntu services hit by outages after DDoS attack
Ubuntu services hit by outages after DDoS attack
A group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several Ubuntu and Canonical websites, and prevented users from updating the Linux-based operating system.
·techcrunch.com·
Ubuntu services hit by outages after DDoS attack
Hackers hack victims hacked by other hackers
Hackers hack victims hacked by other hackers
An unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.
·techcrunch.com·
Hackers hack victims hacked by other hackers
Google launches new Android security feature to help uncover spyware attacks
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.
·techcrunch.com·
Google launches new Android security feature to help uncover spyware attacks
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
We recently discovered an exposed server that was used for multi-victim exploitation, staging, review, and validation. Claude Code and OpenClaw were used as an operator-side harness supporting exploitation activity and workflow orchestration. We identified a large-scale React2Shell (CVE-2025-55182) operation that scanned millions of targets and confirmed 900+ successful exploits. Logs showed an automated pipeline for exploitation, hit scoring, alerting, and secret harvesting.
·thedfirreport.com·
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
In April, we observed an intrusion linked to the Atos-reported campaign where an EtherRAT was installed via a malicious MSI masquerading as a Sysinternals tool. Later in the intrusion, we observed the deployment of a new malware framework named TukTuk, first reported by Evangelos G, which, according to their analysis, is AI-generated. In addition to this, the threat actor used the RMM GoTo Resolve. Using this access, they successfully exfiltrated data to a cloud service and then deployed The Gentlemen ransomware.
·thedfirreport.com·
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
Strategic autonomy: Where you get to choose
Strategic autonomy: Where you get to choose
Stop being locked into "black box" ecosystems. Discover how Sekoia’s vendor-agnostic platform ensures data sovereignty, GDPR compliance, and technological independence.
·blog.sekoia.io·
Strategic autonomy: Where you get to choose