After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now worki...

NEW: I spoke to cybersecurity legend Mikko Hyppönen about his decades-long fight against computers viruses first, and then malware — and how computers have gotten safer over time.

Mikko also told me why he has decided to now turn his focus to fight another enemy: killer drones.

Bots are adding to the already obvious RAM scarcity problem.

datadome.co/threat-resea...

Specifically those related to web-bot-auth (Signature, Signature-Input and Signature-Agent).

Did you notice the lack of the Signature headers in Atlas?

Also, this seems like a small feature but much appreciated:

mitmproxy 12 is out! 🚀 It’s now possible to modify the prettified representation of binary protocols. Editing Protobufs is now as easy as editing YAML, no .proto schema needed. 🙌

mitmproxy.org/posts/releas...

Step 1: Search for bsc-dataseed.binance[.]org on URLscan (urlscan.io). You can sign up for a URLscan account for free. The search results should contain pages from legitimate sites that have been compromised for this campaign.

Step 2: Try one of the sites you found on the URLscan search in a web browser. It should return a fake CAPTCHA page, with a box to check/click. You have to click the box twice. It then shows instructions on how to copy and run script that's been injected into the viewer's clipboard. Note: Make sure you do this in a controlled lab environment on a Windows host specifically used for testing malware. Don't try this on your regular Windows computer!

Step 3: Run the script to infect a Windows host. To emphasize once again, this should be done in a controlled lab environment. This image shows network traffic from an infection filtered in Wireshark and it shows C2 traffic from the StealC infection.

2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the "ClickFix" style instructions trying to convince viewers to infect their computers with malware. Saw #StealC from an infection today. Indicators at github.com/malware-traf...

Crooks doing quality control the hard way 😂

console.log("!!!WORKING!!!")

#skimming #ecommerce

Attack Techniques: Trojaned Clipboard Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. The attacking website convinces the victim user …

“Attack techniques so stupid, they can’t possibly succeed… except they do!”,

The Unwitting Accomplice
textslashplain.com/2024/06/04/a...

Understanding SmartScreen and Network Protection The vast majority of cyberthreats arrive via one of two related sources: That means that combining network-level sensors and throttles with threat intelligence (which sites deliver attacks), securi…

Understanding (and debugging) SmartScreen/Network Protection

textslashplain.com/2025/04/07/u...

OSS...

Fake PuTTy, signed "Eptins Enterprises Llp"

Sets scheduled task "Security Updater" and checks into IP address: 185.196.10.127

Triage: tria.ge/250401-wnbad...

www.virustotal.com/gui/file/7ca...

@jeromesegura.com

GitHub - jeromesegura/fiddleitm: Your Swiss Army knife to analyze malicious web traffic based on mitmproxy. Your Swiss Army knife to analyze malicious web traffic based on mitmproxy. - jeromesegura/fiddleitm

I moved to mitmproxy, but I do miss certain features from Fiddler Classic. I've been working on an add-on that brings some of those back: github.com/jeromesegura...

Yes!

Alternatively, have you thought about existing OSS that you could fork/contribute to?

If you manage #wordpress sites using #managewp, watch out for this #phishing campaign via #googleads.

-> menagewp[.]com (ad URL and redirect)

-> orion[.]manaqewp[.]com (phishing page)

Malicious ads target Semrush users to steal Google account credentials - Help Net Security Cyber crooks are exploiting users' interest in Semrush, a popular SEO and market research SaaS platform, to steal Google account credentials.

Malicious ads target Semrush users to steal Google account credentials

📖 Read more: www.helpnetsecurity.com/2025/03/21/m...

#cybersecurity #cybersecuritynews #accountcredentials #SEO @malwarebytes.com @jeromesegura.com @semrushofficial.bsky.social

Scammers are happily abusing multiple platforms at once thanks to lack of controls.

Who's going to protect users here? Google? Facebook?

PayPal’s “no-code checkout” abused by scammers

www.malwarebytes.com/blog/scams/2...

#malvertising #techsupportscams

SecTopRAT bundled in Chrome installer distributed via Google Ads

📖
www.malwarebytes.com/blog/news/20...

⚠️
sites[.]google[.]com/view/gfbtechd/
chrome[.]browser[.]com[.]de/GoogleChrome.exe

#malvertising #SecTopRAT

If you are a developer and use #homebrew, beware of this fraudulent ad on Google.

⚠️
Fake site: brewsh[.]org
Malicious curl command: hxxps[://]raw[.]brewsh[.]org/Homebrew/install/HEAD/install[.]sh
Atomic Stealer (AMOS): www.virustotal.com/gui/file/389...
⚠️

#malvertising #atomicstealer

ClickFix vs. traditional download in new DarkGate campaign Social engineering methods are being put to the test to distribute malware.

ClickFix vs. traditional download in new DarkGate campaign

www.malwarebytes.com/blog/news/20...

#ClickFix #malvertising

Microsoft advertisers phished via malicious Google ads Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft...

Microsoft advertisers phished via malicious Google ads

www.malwarebytes.com/blog/news/20...

#malvertising #googleads #microsoft #bing

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.

Imagine for a moment that Google allowed a sponsored link to a phishing site for Google ads...

www.malwarebytes.com/blog/news/20...

#GoogleSearch #GoogleAds #malvertising #phishing

Malicious Google ad for Virtuals Protocol

⚠️ virtnals[.]com

#malvertising

Malicious Google ad for Aerodrome Finance

⚠️ aeroclrome[.]finance

#malvertising

Malicious Google ad for #Freecad

⚠️
freecad3dmodeling[.]com
freecad3d-download[.]com
hxxps[://]3d-digitals[.]org/downloads/guthub/FreeCAD_Setup_2[.]0[.]74_win_x64[.]zip

#malvertising

‘Fix It’ social-engineering scheme impersonates several brands

www.malwarebytes.com/blog/news/20...

Malicious Google ad for Netflix

⚠️ +1[-]877[-]906[-]4471

#malvertising

Malicious Google ad for onshape 3D

⚠️
onshapeservices[.]com

#malvertising

Malicious Google ad for Freecad

⚠️
freecad3design[.]com

#malvertising