Dark Reading

Attackers Exploit 'EvilVideo' Telegram Zero-Day to Hide Malware

Telegram has patched a zero-day flaw found in older versions of its chat and media-sharing application for Android that allows attackers to hide malicious payloads in video files. "Using the exploit … ...
Bleeping Computer

Malvertising Attack Sneaks JavaScript Payload in Polyglot Images

A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page ...
Bleeping Computer

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. The first iteration of Gitpaste-12 shipped with reverse ...
SiliconANGLE

Google reports watering-hole attacks on Mongolian sites leveraged iOS and Android exploits

Google LLC’s Threat Analysis Group today shared details on multiple observed in-the-wild exploit campaigns that used watering-hole attacks on Mongolian government websites between November 2023 and ...