IconAds ad fraud operation disrupts 352 Android apps, impacting global users with hidden ads and obfuscation.
Category: cybercrime/malcode
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.
“These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox,” Koi Security researcher Yuval Ronen said.
The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week.
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.
“A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing,” Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News.
An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.
Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the names CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu.
The company said it discovered UNK_GreenSec as part of its investigation into TA829, describing it as using an “unusual amount of similar infrastructure, delivery tactics, landing pages, and email lure themes.”
Switzerland says government data stolen in ransomware attack
The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix.
The hackers have stolen data from Radix systems and later leaked it on the dark web, the Swiss government says.
The exposed data is being analyzed with the help of the country’s National Cyber Security Centre (NCSC) to determine which government agencies are impacted and to what effect.
Dear readers, please see the latest issue of the Security & Tech Insights newsletter
Please see the latest issue of the Security & Tech Insights newsletter on the impact of artificial intelligence. Thanks!
Dear readers, please see the latest issue of the Security & Tech Insights newsletter. AI is impacting every aspect of our lives, and this issue provides a compendium of articles that address some of those topics, including cybersecurity. I believe it will be providing a useful resource for everyone interested in emerging tech and cybersecurity, and especially AI. Thanks, and stay safe! Best, Chuck Brooks.
(Kindly follow me on LinkedIn for regular posts on topics of emerging tech, cybersecurity, innovation, risk management, and govcon).
#artificialintelligence #cybersecurity #tech #innovation #future
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.
“Recent campaigns in June 2025 demonstrate GIFTEDCROOK’s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and browser secrets,” Arctic Wolf Labs said in a report published this week.
“This shift in functionality, combined with the content of its phishing lures, […] suggests a strategic focus on intelligence gathering from Ukrainian governmental and military entities.”
Surging Investments in AI Are Transforming Cybersecurity
Kindly see my recent Forbes article: “”
Thanks and have a great weekend!
#artificialintelligence #cybersecurity #tech #investments #futuretrends
AI is transforming cybersecurity, and investments are following in close concert with those trends. AI systems seek to replicate human traits and computational capabilities in a machine and surpass human limitations and speed. Elements of AI emergence consist of machine learning and natural language processing. Today, AI can understand, diagnose, and solve problems from both structured and unstructured data—and in some cases, without being specifically programmed.
AI is becoming integral in cybersecurity, and companies are logically investing in AI-based defenses against cyberattacks, and the demand for them is expected to grow in the next few years. AI offers a logical collection of tools and the best chance for defenders that work in an environment characterized by an uneven threat level and are already short on workforce and money. The demand for AI is growing due to expanded risks and threats to enterprises.
This is unambiguous evidence that AI is becoming increasingly important in cybersecurity, and organizations must capitalize on its potential to remain competitive.