A sophisticated Android malware campaign targeting users in South Asia, particularly in the Kashmir region of India, has been detected. The malware, disguised as a chat app called “Tanzeem,” is credited to an APT group named ‘DONOT,’ which allegedly serves Indian interests. It requests access to user data and device functions, with no actual chat functions present. It uses OneSignal, a customer engagement platform, to deliver phishing links via push notifications.
Widely used Trivy scanner compromised in ongoing supply-chain attack
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences
