Indian users face a cyber espionage campaign using tax phishing, Blackmoon malware, and abused SyncFuture TSM tools for persistence and data theft.
Category: cybercrime/malcode
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware.
The Microsoft App-V script acts as a living-off-the-land binary that proxies the execution of PowerShell through a trusted Microsoft component to disguise the malicious activity.
Microsoft Application Virtualization is an enterprise Windows feature that allows applications to be packaged and run in isolated virtual environments without being actually installed on the system.
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server.
The security flaw (CVE-2026–24061) impacts GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) through 2.7 and was patched in version 2.8 (released on January 20).
“The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” explained open-source contributor Simon Josefsson, who reported it.
CISA says critical VMware RCE flaw now actively exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers within three weeks.
Patched in June 2024, this security flaw (CVE-2024–37079) stems from a heap overflow weakness in the DCERPC protocol implementation of vCenter Server (a Broadcom VMware vSphere management platform that helps admins manage ESXi hosts and virtual machines).
Threat actors with network access to vCenter Server may exploit this vulnerability by sending a specially crafted network packet that can trigger remote code execution in low-complexity attacks that don’t require privileges on the targeted systems or user interaction.
Human-Centric Intelligence: A New Paradigm For AI Decision Making
In my latest Forbes article, I explore one of the most critical questions facing leaders today:
How do we use AI to augment human intelligence rather than diminish it?
AI’s true power isn’t about automation alone—it’s about amplifying human judgment, creativity, and decision-making.
#AI #HumanCentricAI #artificialintelligence #tech #AugmentedIntelligence #Forbes #Leadership #Cybersecurity #EmergingTechnology #DigitalTransformation
Human-centric AI is the new frontier; it is not AI against human intelligence, but AI with human intelligence.
INC ransomware opsec fail allowed data recovery for 12 US orgs
An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations.
A deep forensic examination of the artifacts left behind uncovered tooling that had not been used in the investigated attack, but exposed attacker infrastructure that stored data exfiltrated from multiple victims.
The operation was conducted by Cyber Centaurs, a digital forensics and incident response company that disclosed its success last November and now shared the full details with BleepingComputer.