Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
Source: Infosecurity Magazine
Two local information-disclosure vulnerabilities have been identified in popular Linux crash-reporting tools, allowing attackers to access sensitive system data. The vulnerabilities impact Apport on Ubuntu and systemd-coredump on Red Hat Enterprise Linux (RHEL) and Fedora. Read more.
Crocodilus Mobile Malware: Evolving Fast, Going Global
Source: Threat Fabric
In March 2025, researchers discovered Crocodilus, a new device-takeover Android banking Trojan entering the threat landscape. The first observed samples were mostly related to test campaigns, with sporadic instances of live campaigns. Ongoing monitoring of the threat landscape revealed a growing number of campaigns and continuous development of the Trojan. Read more.
A mysterious leaker is exposing ransomware hackers to the world
Source: TechRadar
A mysterious leaker has been spotted unveiling the identities of some of the world’s most wanted cybercriminals, including the masterminds behind Conti and Trickbot ransomware, infamous groups responsible for some of the biggest extortions in modern history. Read more.
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
Source: The Record
BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently, with its own arsenal of tools and tactics, researchers at Russian cybersecurity firm Kaspersky said. Read more.
Cybercriminals camouflaging threats as AI tool installers
Source: Cisco Talos
Talos has recently uncovered multiple threats masquerading as AI solutions being circulated in the wild, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly discovered destructive malware, dubbed “Numero.” The legitimate versions of these AI tools are particularly popular within the B2B sales domain and the technology and marketing sectors. Read more.
Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
Source: Socket
Once imported, the malware monkey-patches Solana key-generation methods by modifying functions at runtime without altering the original source code. Each time a keypair is generated, the malware captures the private key. It then encrypts the key using a hardcoded RSA?2048 public key and encodes the result in Base64. Read more.
Your AI Notetaker Might Be a Liability: Insights from Stealer Logs
Source: SOCRadar
Using AI note-taking tools can be incredibly helpful but they also come with some serious legal and ethical responsibilities. Organizations need to think about how these tools collect, store, and use data, and how the output might influence decisions or impact privacy. If you’re choosing a transcription service, make sure it follows data privacy laws and uses secure, well-managed systems. Read more.
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
Source: Censys
A new, stealthy ASUS router botnet, dubbed AyySSHush, abuses trusted firmware features through a multi-stage attack sequence to backdoor routers and persist across firmware updates, evading traditional detection methods. Read more.
Police takes down AVCheck site used by cybercriminals to scan malware
Source: BLEEPING COMPUTER
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. The service’s official domain at avcheck.net now displays a seizure banner with the crests of the U.S. Department of Justice, the FBI, the U.S. Secret Service, and the Dutch police (Politie). Read more.
Russian-linked hackers target UK Defense Ministry while posing as journalists
Source: KYIV Independent
Russian-linked hackers targeted U.K. Defense Ministry staff in an espionage operation while posing as journalists, Sky News reported on May 29, citing the British government. The cyber attack was detected and thwarted, the government said. Read more.