15-05-2025 |
Symantec Counters New DarkCloud Stealer Malware Targeting Government with AutoIt Obfuscation |
Cybersecurity |
A new DarkCloud Stealer variant, primarily targeting government organizations, uses phishing emails with RAR archives or PDFs to deliver AutoIt-obfuscated malware. It steals browser credentials, email passwords, and FTP logins while establishing C2 communication. Symantec’s protections, including Trojan.Malautoit!g7 and SONAR.Stealer!gen1, block this threat. Safeguard your systems with Symantec’s advanced cybersecurity solutions. |
|
14-05-2025 |
Symantec Cloud Sandbox Enhances Threat Protection with Real-Time Intelligence |
Cybersecurity |
Symantec Cloud Sandbox identifies evolving cyber threats daily, delivering robust protection against new malware techniques like GuLoader and MintsLoader. Integrated with Symantec’s Global Intelligence database, it provides actionable threat intelligence across web, email, and endpoint contexts. The platform’s advanced detection engines ensure rapid response, safeguarding businesses from sophisticated attacks. Explore how Symantec strengthens cybersecurity at Broadcom’s Security Center. |
|
14-05-2025 |
Symantec Bolsters Defenses Against PupkinStealer Malware Targeting Windows Users |
Cybersecurity |
PupkinStealer, a .NET-based infostealer, targets Windows systems, stealing browser credentials, Telegram and Discord data, and more via phishing emails. It exfiltrates compressed data using the Telegram Bot API. Symantec’s adaptive, behavior, and machine learning-based protections, including Trojan.Gen.2 and Heur.AdvML.B!200, block this threat. Strengthen your cybersecurity with Symantec’s solutions. |
|
14-05-2025 |
Symantec Shields Against Chihuahua Stealer Malware Targeting Sensitive Data |
Cybersecurity |
Chihuahua Stealer, a .NET-based infostealer, spreads via malicious Google Drive documents and PowerShell scripts, stealing browser data and crypto wallet info. It encrypts and exfiltrates data to attacker-controlled servers before wiping traces. Symantec’s protections, including Trojan.Gen.MBT and Heur.AdvML.B, block this threat. Secure your systems with Symantec’s robust cybersecurity solutions |
|
13-05-2025 |
Symantec Shields Users from Astryrean Stealer Malware, Broadcom Announces |
Cybersecurity |
Broadcom’s Symantec has identified and blocked Astryrean Stealer, a new Python-based infostealer targeting sensitive data like browser information and Discord tokens. Distributed via GitHub, the malware is countered by Symantec’s adaptive, behavior, and file-based protections. VMware Carbon Black also detects and blocks associated threats. |
|
13-05-2025 |
Symantec Stops BTMOB RAT Malware Targeting Alipay Credentials |
Cybersecurity |
Broadcom’s Symantec has blocked BTMOB RAT, a malicious Android app mimicking Alipay to steal payment PINs via phishing sites. The malware uses fake interfaces and accessibility permissions to capture sensitive data. Symantec’s mobile and web-based protections ensure user safety. |
|
12-05-2025 |
Symantec Shields Against Venom Spider’s More_eggs Malware in Phishing Scam |
What's New |
Broadcom’s Symantec Security Center reports a spear-phishing campaign by the Venom Spider threat actor targeting corporate recruiters with fake resumes that deploy the More_eggs backdoor malware. Symantec’s adaptive, email, file, and web-based protections, including Carbon Black and Email Threat Isolation, effectively block this threat. Users are advised to verify email attachments and links to avoid infection. Learn more about Symantec’s robust cybersecurity solutions on Broadcom’s official site. |
|
12-05-2025 |
Symantec IPS Blocks 50 Million Attacks in Week 19, 2025, Safeguarding Endpoints |
Cybersecurity |
Symantec’s Intrusion Prevention System (IPS) protected over 341,600 endpoints by blocking 50 million attacks last week, with 83.3% stopped pre-infection. Key defenses included thwarting 20.6 million web server vulnerability scans and 7.6 million malware command-and-control attempts. Broadcom advises enabling IPS on all desktops and servers for optimal security. Visit Broadcom’s Security Center for setup instructions and detailed insights. |
|
12-05-2025 |
Symantec Blocks Noodlophile Stealer Malware Posing as AI Video Tools |
Cybersecurity |
Symantec, part of Broadcom, has thwarted Noodlophile Stealer, an infostealer malware disguised as AI video generators on social media. The malware, distributed via fake .mp4 files, targets credentials, cookies, and app tokens, exfiltrating data through Telegram APIs. Symantec’s adaptive, file, and machine learning-based protections ensure robust defense. |
|
10-05-2025 |
Symantec Thwarts Mamona Ransomware with Advanced Threat Protection |
Cybersecurity |
Mamona Ransomware, a new offline threat that encrypts files with a .HAes extension, is effectively neutralized by Symantec’s robust security solutions, as detailed in Broadcom’s latest Protection Bulletin. Utilizing behavior-based, machine learning, and EDR-based detections, Symantec and Carbon Black block this malware, which employs ping command obfuscation but does not exfiltrate data. A decryption tool is available for victims to recover files. Visit broadcom.com to explore Symantec’s comprehensive cybersecurity defenses. |
|
10-05-2025 |
Symantec Blocks Malicious RMM Tool Attacks Targeting Brazil |
Cybersecurity |
A new cybercampaign targeting Brazil exploits commercial Remote Monitoring and Management (RMM) tools like PDQ Connect via malicious installers on Dropbox, as reported by Cisco Talos. Symantec’s advanced protections, including behavior-based SONAR, email security, and Carbon Black policies, effectively detect and block these threats. The attack enables remote access for initial access brokers to sell to other threat actors. Learn more about Symantec’s robust cybersecurity solutions at broadcom.com. |
|
10-05-2025 |
Symantec Shields Taiwan and Japan from Earth Kasha’s Espionage Campaign |
Cybersecurity |
The Earth Kasha threat group, linked to APT10, targets Taiwan and Japan with a sophisticated espionage campaign using RoamingMouse dropper, ANELLDR loader, and NoopDoor backdoor, as reported by Trend Micro. Symantec’s robust defenses, including Carbon Black, file-based, and machine learning detections, effectively block this malware aimed at information theft. The campaign exploits macro-enabled Excel files for initial access. Visit broadcom.com to learn how Symantec safeguards against advanced cyber threats. |
|
08-05-2025 |
Symantec Counters NETXLOADER Malware Used by Agenda Ransomware Group |
Cybersecurity |
The Agenda ransomware group is deploying NETXLOADER, a highly obfuscated .NET-based malware loader, to deliver payloads like SmokeLoader and Agenda ransomware across various industries. NETXLOADER’s in-memory execution and obfuscation tactics aim to evade detection, but Symantec’s adaptive, behavior, and machine learning-based protections neutralize the threat. VMware Carbon Black further enhances defense against this malware. Learn how Symantec secures your systems at broadcom.com. |
|
08-05-2025 |
Symantec Neutralizes Bert Ransomware Targeting Healthcare and Tech Sectors |
Cybersecurity |
The emerging Bert ransomware group, active in the U.S. and Turkey, employs double-extortion tactics, encrypting files and threatening data exposure across healthcare, technology, and event services sectors. Using PowerShell-based loaders to disable defenses and escalate privileges, Bert leaves ransom notes and encrypted files with a .encryptedbybert extension. Symantec’s adaptive, behavior, and EDR-based protections, alongside VMware Carbon Black, effectively block this threat. Explore Symantec’s robust defense solutions at broadcom.com. |
|
08-05-2025 |
Symantec Mitigates CVE-2025-32433 Erlang/OTP SSH RCE Vulnerability |
Cybersecurity |
A critical Remote Code Execution vulnerability, CVE-2025-32433, in Erlang/OTP’s SSH libraries could allow unauthenticated attackers to execute arbitrary commands on affected servers. Patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.2, this flaw poses significant risks if unaddressed. Symantec’s network-based protections effectively detect and block exploits targeting this vulnerability. Visit broadcom.com to learn how Symantec secures your Erlang/OTP environments. |
|
08-05-2025 |
Symantec Shields Against Critical SAP NetWeaver CVE-2025-31324 Vulnerability |
Cybersecurity |
CVE-2025-31324, a critical unrestricted file upload flaw in SAP NetWeaver Visual Composer (CVSS 10), enables unauthenticated attackers to upload malicious JSP webshells, potentially compromising entire systems. Recently added to CISA’s Known Exploited Vulnerabilities Catalog, this flaw has been patched by SAP. Symantec’s network, file, and Carbon Black-based protections effectively block these exploits. Learn how Symantec secures SAP environments at broadcom.com. |
|
08-05-2025 |
Symantec Stops LZRD, the Latest Mirai Botnet Variant Targeting IoT Devices |
Cybersecurity |
The LZRD variant of the Mirai botnet exploits vulnerabilities CVE-2024-6047 and CVE-2024-11120 in GeoVision IoT devices to deploy ARM-based payloads for DDoS attacks. This new campaign highlights the persistent threat of Mirai-based malware. Symantec’s file, web, and Carbon Black-based protections effectively block this threat. |
|
08-05-2025 |
Symantec Blocks Java-Based Ratty RAT in Multi-Stage Malspam Campaign |
Feature |
A malicious email campaign targeting organizations in Italy, Portugal, and Spain uses a Spanish email provider to deliver a PDF attachment that triggers downloads from Dropbox, Google Drive, and Mediafire, ultimately deploying the Java-based Ratty RAT. This multi-stage attack aims to infiltrate systems covertly. Symantec’s adaptive, file, and Carbon Black-based protections neutralize this threat. |
|
07-05-2025 |
Symantec File Reputation Blocks 2.35M Malware Threats in Week 18, 2025 |
Cybersecurity |
Symantec’s File Reputation service, integrated across Symantec and Carbon Black products, blocked 2.25 million known malware files and 95,000 additional threats via machine learning on 355,000 unique devices in Week 18, 2025. Analyzing over 8 billion files and 4 billion IOCs daily, it ensures real-time protection by maintaining trust ratings and identifying clean system files to prevent operational disruptions. The service also stopped 600,000 risky downloads on 32,000 devices using Download Insight, safeguarding endpoints, web, and email gateways. Businesses can learn more about enabling this cloud-based protection to strengthen their cybersecurity defenses. |
|
07-05-2025 |
Critical CVE-2025-34028 Vulnerability in Commvault Command Center Exposes Systems to Remote Code Execution |
Service |
A newly identified path traversal vulnerability, CVE-2025-34028, in Commvault Command Center allows unauthenticated attackers to execute arbitrary code remotely via an exploited SSRF endpoint. The flaw enables privilege escalation using a malicious ZIP containing a .JSP file, risking full system compromise. Symantec provides advanced threat protection to detect and block this exploit. Review your security posture and apply necessary safeguards to reduce breach risk. |
|
07-05-2025 |
Symantec Thwarts FormBook Malware Spread via Malicious Word Documents |
Cybersecurity |
Symantec’s advanced security solutions effectively counter a new FormBook malware campaign distributed through phishing emails with weaponized Microsoft Word attachments. Leveraging social engineering, these attacks trigger a multi-stage deployment of the malware, which Symantec blocks using adaptive, email, file, and machine learning-based protections. VMware Carbon Black and Email Threat Isolation further enhance defense against this threat. Visit broadcom.com to learn how Symantec safeguards your systems. |
|
07-05-2025 |
Play Ransomware Exploits Windows Zero-Day CVE-2025-29824 to Deploy Grixba Infostealer |
Cybersecurity |
The Play ransomware group, also known as Balloonfly, exploited a Windows zero-day vulnerability, CVE-2025-29824, to target a U.S. organization, deploying the Grixba infostealer. This privilege escalation flaw in the Common Log File System driver was patched by Microsoft on April 8, 2025. Symantec’s Threat Hunter Team identified the attack, which used disguised tools mimicking Palo Alto software. Learn how Symantec protects against such threats at broadcom.com. |
|
07-05-2025 |
Symantec Blocks Malicious Campaign Exploiting Pahalgam Attack Targeting Indian Government |
Cybersecurity |
Threat actors are targeting Indian government personnel with phishing emails disguised as official communications, using decoy PDFs related to the Pahalgam attack to deliver malware. These malicious documents deploy macros that collect and exfiltrate sensitive data while attempting lateral network movement. Symantec’s comprehensive protections, including VMware Carbon Black and Email Threat Isolation, neutralize this threat. Discover how Symantec safeguards against such campaigns at broadcom.com. |
|
06-05-2025 |
New Malware Threats TerraStealerV2 and TerraLogger Detected by Symantec |
Company News |
Two emerging malware families—TerraStealerV2 and TerraLogger—are actively targeting sensitive user data, linked to the Golden Chickens threat group. TerraStealerV2 steals browser credentials and crypto wallet data, while TerraLogger functions as a keylogger without exfiltration. Symantec, supported by Carbon Black and WebPulse, provides layered protection against these evolving threats. Users should update their security tools and stay alert to new malware tactics. |
|
06-05-2025 |
StealC V2 Malware Adds Advanced Features and Payload Capabilities |
Cybersecurity |
The latest version of StealC infostealer introduces advanced features like multi-monitor screenshots, encrypted configuration, and customizable payload delivery using geolocation and hardware IDs. Enhanced with a new JSON-based C2 protocol and improved stealth, it poses a growing threat to systems and user data. Symantec, backed by Carbon Black and WebPulse, offers robust protection across behavior, file, and machine-learning layers. Users are urged to update security tools and remain alert to targeted attacks. |
|