Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

ZenRAT: Malware Brings More Chaos Than Calm

Source: Proofpoint

Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. The malware is specifically targeting Windows users and will redirect people using other hosts to a benign webpage. Read more.

Sony Investigating After Hackers Offer to Sell Stolen Data


Sony has launched an investigation after a cybercrime group claimed to have compromised the company’s systems, offering to sell stolen data. Read more.

The Rhysida Ransomware Group Hit The Kuwait Ministry of Finance

Source: Security Affairs

This week the Rhysida ransomware group claimed responsibility for the attack and added the ministry to the list of victims on its Tor leak site. The group also published a set of documents as proof of the hack. Read more.

Pay Attention: Hackers Are Targeting LastPass Users With Phishing Emails

Source: PC Mag

If you’re a LastPass user, be on guard for phishing emails in your inbox. Hackers are launching waves of malicious messages impersonating the password manager. Read more.

Cisco Catalyst SD-WAN Manager flaw allows remote server access


The most severe of the disclosed flaws impacting the product is CVE-2023-20252 (CVSS v3.1: 9.8), which allows unauthorized access due to issues with the Security Assertion Markup Language (SAML) APIs. Read more.

Android Banking Trojan Zanubis Evolves to Target Peruvian Users

Source: Infosecurity Magazine

The Android banking Trojan Zanubis has taken on a new guise, posing as the official app for the Peruvian governmental organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria). Read more.

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Source: The Hacker News

A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. Read more.

Malicious ad served inside Bing’s AI chatbot

Source: Malwarebytes LABS

In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation. Read more.

Chinese Hackers Stole 60,000 US State Department Emails from Microsoft


Apart from stealing tens of thousands of emails from official accounts, the attackers obtained a list of all email accounts belonging to the State Department, Reuters reported. Read more.

PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign

Source: CYBLE

On September 25th, CRIL encountered an intriguing Microsoft Word document named “Invoice-891920.docx” on VirusTotal. Subsequent investigation revealed that it employs a novel approach to deliver the malware known as “PurpleFox.” Read more.

New Campaign Distributes Malicious npm and PyPI Packages to Pilfer Kubernetes Config, SSH Keys

Source: SOCRadar

Researchers have discovered a concerning surge in deceptive npm and PyPI packages distributed as part of a malicious campaign, aimed at extracting Kubernetes configurations and SSH keys from compromised systems. Read more.

Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org

Source: Symantec

Most recently, the Threat Hunter Team in Symantec, part of Broadcom, discovered Budworm using an updated version of one of its key tools to target a Middle Eastern telecommunications organization and an Asian government. Read more.

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Source: Krebs on Security

The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. Read more.

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Source: CISA

BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets. Read more.