> ai://ti

autonomous threat intelligence feed

Top Stories

🚨 Intrusions
VolkLocker Ransomware Flaw Allows Free Decryption via Hard-Coded Keys
The CyberVolk group has launched VolkLocker ransomware, which contains a critical flaw allowing free decryption due to hard-coded master keys. This ransomware targets both Windows and Linux systems and employs various evasion techniques.

Key points:

  • VolkLocker, a ransomware-as-a-service by CyberVolk, has hard-coded master keys that allow victims to decrypt files without payment.
  • The ransomware targets Windows and Linux systems, using AES-256 encryption and custom file extensions.
  • A design flaw leaves the master key in a plaintext file, enabling self-recovery for victims.
  • CyberVolk's operations include Telegram-based automation for managing ransomware attacks and additional malware offerings.
  • The group has persisted despite account bans, reflecting a trend in politically-motivated cybercrime.
Sources: The Hacker News (1 articles)
🚨 Intrusions
Frogblight Android Banking Trojan Targets Turkish Users with Court Case Phishing
A new Android banking Trojan named Frogblight is targeting Turkish users through phishing SMS messages disguised as court case notifications. The malware collects sensitive information and has been observed evolving with new features, indicating ongoing development.

Key points:

  • Frogblight masquerades as an app for accessing court case files, leveraging smishing for distribution.
  • The malware can steal banking credentials and collect SMS messages, installed apps, and filesystem data.
  • It has been updated with new features, suggesting a potential MaaS (Malware as a Service) model.
  • Frogblight is detected by Kaspersky products under various heuristics.
  • The malware's control panel and phishing website source code were found publicly available.
Sources: Securelist (1 articles)
πŸ“° Abuse & Fraud
Memecoins Face Decline Amid High-Profile Token Failures and Market Criticism
Memecoins are predicted to return in a new form despite recent market downturns, according to MoonPay's Keith A. Grossman. The sector suffered significant losses in 2025 due to token collapses and criticisms of their value, leading to investor disillusionment.

Key points:

  • Keith A. Grossman of MoonPay believes memecoins will return, emphasizing the potential of tokenizing attention.
  • The memecoin market collapsed in Q1 2025, driven by high-profile token failures and accusations of fraud.
  • Donald Trump's memecoin peaked at $75 before plummeting over 90%, while Argentina's Javier Milei faced legal issues over his social token.
  • Critics argue that memecoins lack intrinsic value, contributing to a significant market decline.
  • Despite setbacks, memecoins were among the top-performing crypto assets in early 2024.
Sources: Cointelegraph (1 articles)
πŸ“° Abuse & Fraud
Scammers Exploit PayPal Subscriptions to Send Fake Purchase Emails
A new email scam is misusing PayPal's subscription feature to send fake purchase notifications. These emails, appearing to come from PayPal, trick recipients into believing they made expensive purchases, leading them to call a fraudulent support number.

Key points:

  • The scam emails contain fake purchase notifications and appear to originate from PayPal's official email address.
  • Recipients are misled into thinking they need to dispute large charges, prompting them to call a scammer's phone number.
  • The emails bypass security filters due to their legitimate appearance, raising concerns about account security.
  • Scammers may exploit a flaw in PayPal's subscription metadata handling to insert misleading information.
Sources: Bleeping Computer (1 articles)

Other Updates

πŸ’£ Exploits
CISA Identifies Critical RCE Vulnerability in Sierra Wireless Routers
CISA warns of active exploitation of a critical RCE vulnerability in Sierra Wireless routers.

Key points:

  • CVE-2018-4063 has a CVSS score of 8.8/9.9 and allows remote code execution through file uploads.
  • The vulnerability affects the ACEManager 'upload.cgi' function in Sierra Wireless AirLink ALEOS routers.
  • Attackers can exploit this flaw to run malicious code with elevated privileges due to the ACEManager running as root.
  • Forescout's analysis indicates industrial routers are frequently targeted in operational technology environments.
  • Federal agencies are urged to update devices or discontinue use by January 2, 2026, due to end-of-support status.
Sources: The Hacker News (1 articles)
πŸ’£ Exploits
CISA Updates KEV Catalog with New Exploited Vulnerability
CISA adds CVE-2025-14174 to its Known Exploited Vulnerabilities Catalog due to active exploitation evidence.

Key points:

  • CISA's KEV Catalog now includes CVE-2025-14174, highlighting its active exploitation.
  • The vulnerability is an out-of-bounds memory access issue in Google Chromium.
  • BOD 22-01 mandates remediation of identified vulnerabilities for federal agencies.
  • CISA encourages all organizations to prioritize remediation of KEV vulnerabilities.
  • The catalog aims to protect federal networks from significant cyber threats.
Sources: CISA Cybersecurity Advisories (1 articles)
πŸ“° Abuse & Fraud
Venezuelans Increasingly Rely on Stablecoins Amid Economic Crisis
Stablecoin usage in Venezuela is expected to rise as economic conditions worsen.

Key points:

  • Venezuelans are heavily reliant on blockchain technology for banking amid ongoing economic pressures.
  • TRM Labs forecasts increased demand for stablecoins as a store of value and medium of exchange.
  • Regulatory ambiguity and distrust in traditional banking are driving the population's dependence on digital assets.
  • Peer-to-peer transactions and USDT conversions are key services in the absence of reliable banking.
  • Venezuela's crypto ecosystem has emerged from a decade of economic collapse and international sanctions.
Sources: Cointelegraph (1 articles)
πŸ“° Policy & Enforcement
SEC Releases Crypto Custody Guide for Investors
The SEC's new guide educates investors on crypto custody practices and risks.

Key points:

  • The SEC's bulletin outlines the benefits and risks of self-custody versus third-party custody of crypto assets.
  • Investors are advised to understand custodians' policies, including asset rehypothecation and asset commingling.
  • The guide discusses the risks associated with hot wallets and cold wallets, emphasizing cybersecurity threats and potential permanent loss.
  • This publication reflects a regulatory shift at the SEC towards a more supportive stance on digital assets.
  • Industry leaders view the guide as a valuable resource for educating crypto investors.
Sources: Cointelegraph (1 articles)
πŸ’£ Exploits
Apple addresses two zero-day vulnerabilities exploited in targeted attacks
Apple patches two zero-day vulnerabilities exploited in targeted attacks against specific individuals.

Key points:

  • CVE-2025-43529 is a WebKit use-after-free RCE flaw, while CVE-2025-14174 is a memory corruption issue.
  • Both vulnerabilities were discovered by Google’s Threat Analysis Group and are linked to targeted spyware attacks.
  • Affected devices include iPhone 11 and later, various iPad models, and older iOS versions.
  • This marks the seventh zero-day vulnerability patched by Apple in 2025.
  • Users are urged to install the latest updates to mitigate risks of exploitation.
Sources: Bleeping Computer (1 articles)
πŸ’£ Exploits
Metasploit Wrap-Up Highlights Critical RCE Vulnerabilities and New Exploit Modules
Metasploit's recent update addresses critical RCE vulnerabilities and introduces new exploit modules.

Key points:

  • CVE-2025-55182, a critical RCE vulnerability in React, has been added to Metasploit with an exploit module.
  • New MSSQL attack capabilities include an NTLM relay module and improved encryption support.
  • New exploit modules for Magento and WordPress address critical vulnerabilities allowing unauthenticated RCE.
  • Support for a new architecture, LoongArch64, has been added with a reboot payload.
Sources: Rapid7 Research Blog (1 articles)

Read More by Category

All πŸ’£ Exploits 🚨 Intrusions 🎯 Campaigns ☁️ Cloud πŸ€– AI πŸͺ™ Blockchain πŸ›οΈ Policy

Additional Signals