GitVenom attacks abuse hundreds of GitHub repos to steal crypto
A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials. According to Kaspersky, GitVenom has been active for at least two years, targeting users globally but with an elevated focus on Russia, Brazil, and Turkey. “Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code – for example, an automation instrument for interacting with Instagram accounts, a Telegram bot allowing to manage Bitcoin wallets, and a hacking tool for the video game Valorant,” describes Kaspersky’s Georgy Kucherin.
Botnet targets Basic Auth in Microsoft 365 password spray attacks
A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, targeting basic authentication to evade multi-factor authentication. According to a report by SecurityScorecard, the attackers are leveraging credentials stolen by infostealer malware to target the accounts at a large scale. The attacks rely on non-interactive sign-ins using Basic Authentication (Basic Auth) to bypass Multi-Factor Authentication (MFA) protections and gain unauthorized access without triggering security alerts.
DOGE must halt all ‘negligent cybersecurity practices,’ House Democrats tell Trump
Elon Musk’s Department of Government Efficiency group has “introduced negligent cybersecurity practices” into federal systems and should halt all risky activities, a group of House Democrats demanded on Tuesday. “This reckless disregard of critical cybersecurity practices creates opportunities for hostile actors to access sensitive information,” top Democrats on the House Oversight Committee wrote in a letter to President Donald Trump, echoing the widespread concerns of cybersecurity experts and privacy advocates.
UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution
Individuals in the United Kingdom who report cybersecurity vulnerabilities to the Home Office are at risk of facing prosecution for the simple act of discovering those vulnerabilities — even if they comply with new guidance the government department published on Monday. The Home Office — responsible for security, law and order — is the latest British government department to offer ethical hackers a way to help secure its systems using the vulnerability reporting platform HackerOne, although without receiving a “bug bounty” payment. The Ministry of Defence (MoD) first piloted the approach in 2021.
Signal threatens to leave Sweden over backdoor request
Signal Foundation president Meredith Whittaker says the secure messaging app will leave Sweden if the government there passes a new surveillance bill. The Swedish government is scheduled to discuss a bill next month that would force communication providers to allow police and security services access to message content. Whittaker told Swedish national public television SVT that adding such a backdoor would undermine its entire network and users across the world, not just in Sweden. This is the second time the Signal CEO has threatened to leave a country over backdoor demands. In 2023, Whittaker also threatened to leave the UK if the government mandated backdoors in its Online Safety Act.
Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail
A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the official app store. This is a great benefit for them since it lends a sense of legitimacy to the app, and they don’t have to convince users to sideload the app from an unofficial site. So, it gives them a much larger audience, they can lean on the trust we invest in the official app stores and users don’t have to do anything they might perceive as suspicious.
