New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
Flaws in Solar Inverters Threaten Power Grid StabilityResearchers from Forescout's Vedere Labs detected security shortcomings in the world’s leading solar inverters that could enable hackers to hijack solar energy production and destabilize power grids. Flaws include unauthorized remote access, insecure authentication and remote code execution.
Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [...]
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...]
Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.…
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands
Researchers say 'proactive' approach is needed to combat global cybercrime Here's one you don't see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims.…
Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting FrayWhile the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.
Cybersecurity Firm Finds Rash of Apps Coded With Microsoft .NET MAUICybercriminals are using a Microsoft cross-platform app development framework to create Android malware that bypasses security measures, evades detection and steals user data. Malicious apps spotted by McAfee researchers aren't traditional Android malware.
Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage GroupA stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl.
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad