safety Archives - Security Pulse

GootLoader returns with web-font obfuscation on WordPress and SEO-poisoned downloads

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

yohanmanuja4 hours ago4 hours ago03 mins

GootLoader reappeared with custom WOFF2 web-fonts that swap glyph shapes, so a gibberish string in source renders as a harmless-looking filename in the browser. Consequently, victims on SEO-poisoned WordPress sites download ZIP archives carrying JavaScript loaders that trigger rapid, hands-on compromises. Therefore, block risky downloads, hunt for loader execution, and harden WordPress and endpoints to cut dwell time and prevent domain-wide impact within hours.

npm typosquat “@acitons/artifact” exfiltrating GitHub Actions tokens during postinstall in CI

npm typosquat targets GitHub Actions to steal tokens and artifacts

yohanmanuja4 hours ago4 hours ago04 mins

A malicious npm package named “@acitons/artifact” impersonates @actions/artifact, hijacks GitHub Actions tokens via postinstall scripts, and attempts to publish artifacts as GitHub showcasing a precise software supply chain attack.

Russia 24-hour SIM cooling-off after roaming or 72h inactivity, data and SMS paused

Russia Adds 24-Hour SIM Cooling-Off After Roaming

yohanmanuja4 hours ago4 hours ago04 mins

Russia introduced a 24-hour SIM cooling-off period after roaming or 72 hours of inactivity. Consequently, data and SMS pause while operators run anti-abuse checks, verify identity, and restore access in stages.

Zoom for Windows security update blocks DLL hijacking and privilege escalation (CVE-2025-49457)

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

yohanmanuja18 hours ago18 hours ago04 mins

Zoom delivered security fixes for Windows clients after investigators identified CVE-2025-49457, an untrusted DLL search path that can enable local privilege escalation and broader compromise. Because attackers chain DLL hijacking with lateral movement, admins should update Windows endpoints to version 6.3.10 and validate explicit path loading. This analysis explains affected apps, exploitation flow, high-signal detection, and quick remediation steps so defenders can reduce risk without adding noise.

Threat actor KONNI misusing Google Find Hub to geolocate targets and trigger remote Android wipes

KONNI abuses Google Find Hub for Android remote wipes

yohanmanuja18 hours ago18 hours ago05 mins

KONNI operators hijack Google accounts, pivot into Find Hub, track target locations, and trigger remote resets on Android blending valid features with malicious intent while evading conventional controls.

APT37 abusing Google Find Hub to remotely wipe an Android phone

APT37 exploits Google Find Hub to wipe Android phones

yohanmanuja18 hours ago18 hours ago05 mins

APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.

Firefox update reduces browser fingerprinting signals to limit covert tracking

Firefox hardens privacy: expanded fingerprint protections

yohanmanuja18 hours ago18 hours ago04 mins

Firefox now narrows high-entropy signals used for browser fingerprinting, so fewer users appear unique across sessions. Consequently, trackers lose stable identifiers while sites keep working. For enterprises, the update simplifies privacy baselines and reduces covert tracking surfaces without heavy configuration or breakage.

Ludwigshafen city IT offline after suspected cyberattack, incident response in progress

Ludwigshafen Shuts Down City IT After Cyberattack

yohanmanuja18 hours ago18 hours ago04 mins

Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.

Gemini Deep Research report view with toggles for Gmail, Drive, and Chat sources and a visible consent banner

Gemini in Gmail and Drive: Admin Playbook for a Safe Rollout

yohanmanuja2 days ago2 days ago04 mins

Gemini’s Deep Research now taps Gmail, Drive, and Chat when users allow it. Because the agent can fuse internal messages and files with web context, output quality rises along with privacy risk. This guide shows how to roll out safely: set consent norms, restrict high-risk teams, validate audit coverage, and keep DLP and labels active so Deep Research never reads more than policy permits.

ClickFix phishing page coaching a user to paste a command that steals M365 access

ClickFix Lures Coach Users to Self-Infect and Bypass Filters

yohanmanuja2 days ago2 days ago04 mins

ClickFix campaigns scale by coaching users to “fix” access issues with copy-paste commands. After the click, actors steal Microsoft 365 tokens or credentials and, in some cases, drop PureRAT for persistence. Break the flow by enforcing admin-only app consent, requiring phishing-resistant MFA, and blocking browser-to-shell chains. Investigate mailbox rules, token reuse, and OAuth grants whenever ClickFix pages appear in referral logs.

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

npm typosquat targets GitHub Actions to steal tokens and artifacts

Rhadamanthys disruption derails credential-theft campaigns

Windows admins: prioritize November zero-day and RCE

Russia Adds 24-Hour SIM Cooling-Off After Roaming

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

Tag: safety

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

npm typosquat targets GitHub Actions to steal tokens and artifacts

Russia Adds 24-Hour SIM Cooling-Off After Roaming

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

KONNI abuses Google Find Hub for Android remote wipes

APT37 exploits Google Find Hub to wipe Android phones

Firefox hardens privacy: expanded fingerprint protections

Ludwigshafen Shuts Down City IT After Cyberattack

Gemini in Gmail and Drive: Admin Playbook for a Safe Rollout

ClickFix Lures Coach Users to Self-Infect and Bypass Filters