Endpoint Security

Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Application Security
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
Cybersecurity
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
Blog
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
Cybersecurity
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
Cybersecurity
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to evade detection.
Cybersecurity
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.