SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. The fake software, which was discovered by SonicWall’s and Microsoft Threat Intelligence (MSTIC) researchers, mimics the legitimate NetExtender v10.3.2.27, the latest available version. The malicious installer file is hosted on a spoofed website
Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM)
This alert is relevant to large Australian businesses, organisations, and government. This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services. Background ASD’s ACSC is tracking 2 vulnerabilities in Ivanti EPMM: CVE-2025-4427: Medium severity Authentication Bypass CVE-2025-4428: High severity Remote Code Execution When chained
US Homeland Security warns of escalating Iranian cyberattack risks
The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. This warning was issued as a National Terrorism Advisory System bulletin on Sunday and cautions that the Iranian conflict is causing a “heightened threat environment” in the United States, with “low-level” cyberattacks targeting
Russian GRU targeting Western logistics entities and technology companies
Executive summary This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff
Malware on Google Play, Apple App Store stole your photos—and crypto
A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices.
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its
#StopRansomware: Play ransomware | Cyber.gov.au
Actions to take today to mitigate cyber threats from Play ransomware: Prioritize remediating known exploited vulnerabilities. Enable multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments. Summary Note:
Scammers impersonating the ASD’s ACSC
The ASD’s ACSC is aware of cybercriminals claiming to be us through emails and phone calls, as well as falsely claiming our endorsement of products or services. The content of the scam emails and phone calls vary, but typically ask you to give personal information (such as passwords or bank details), money or ask you
Critical vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products
Citrix have identified critical vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products (CVE-2025-5349 and CVE-2025-5777). ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Citrix Security Advisory This alert has been written primarily for; but is not limited to, business and government. This alert is intended