| 24-05-2025 |
Broadcom Thwarts Rhadamanthys Phishing Campaign |
Cybersecurity |
Broadcom’s Symantec Security Center reports a phishing campaign delivering the Rhadamanthys stealer via a copyright infringement lure. Victims are tricked into accessing a malicious PDF link that downloads an archive containing the malware, sideloaded through a legitimate PDF viewer. Symantec’s adaptive, email, file, and web-based protections, including Email Threat Isolation and VMware Carbon Black, effectively block this threat. Learn more about staying protected at Broadcom’s Security Center. |
|
| 24-05-2025 |
Symantec Shields Against TetraLoader Malware in UAT-6382 Attacks |
Cybersecurity |
Broadcom’s Symantec Security Center reports that the UAT-6382 campaign uses a Cityworks vulnerability to deploy TetraLoader, a Rust-based malware, alongside web shells like AntSword. TetraLoader facilitates additional payloads such as Cobalt Strike, targeting U.S. local government systems. Symantec’s multi-layered protection, including behavior-based SONAR and machine learning, effectively blocks this threat. Visit Broadcom’s Security Center for detailed threat insights. |
|
| 24-05-2025 |
Symantec Blocks Dero Cryptominer Targeting Docker Containers |
Cybersecurity |
Symantec reports a new campaign exploiting exposed Docker APIs to deploy a Dero cryptocurrency miner, using Golang-based components nginx and cloud. The malware operates autonomously, requiring no connection to command-and-control servers, posing a persistent threat. Symantec’s robust protection, including VMware Carbon Black and WebPulse, effectively detects and blocks this cryptominer. Explore detailed safeguards at Broadcom’s Security Center. |
|
| 24-05-2025 |
Symantec Counters Vidar and StealC Infostealers |
Cybersecurity |
Symantec reports a new social engineering campaign using TikTok videos to distribute Vidar and StealC infostealers, which steal sensitive user data via malicious PowerShell commands. Trend Micro researchers identified the threat, targeting unsuspecting users. Symantec’s multi-layered defenses, including behavior-based SONAR and machine learning, effectively block these malware variants. Visit Broadcom’s Security Center for comprehensive protection insights. |
|
| 23-05-2025 |
SideWinder APT Targets South Asia with StealerBot Malware |
Cybersecurity |
The SideWinder APT group has launched a sophisticated cyber-espionage campaign targeting government institutions in Bangladesh, Pakistan, and Sri Lanka, using spear-phishing emails to exploit vulnerabilities CVE-2017-0199 and CVE-2017-11882. These attacks deploy StealerBot, a credential-stealing malware, through malicious Office documents with geofenced payloads to ensure precise targeting. Symantec’s advanced threat protection, including VMware Carbon Black and Email Threat Isolation, effectively detects and blocks these attacks. Learn more about securing your systems at broadcom.com/support/security-center. |
|
| 22-05-2025 |
Phishing Campaign Targets Japan’s e-Tax Users |
Cybersecurity |
Cybercriminals are sending spoofed emails mimicking Japan’s e-Tax platform, urging users to update personal information via fraudulent links. These phishing emails lead to credential-harvesting webpages designed to steal sensitive data. Symantec’s email security products and Email Threat Isolation (ETI) technology, along with WebPulse-enabled solutions, effectively block these malicious URLs and domains. Users should verify email sources and avoid clicking suspicious links to protect their information. |
|
| 22-05-2025 |
Samsung MagicINFO Vulnerabilities Expose Servers to Attacks |
Cybersecurity |
Two critical vulnerabilities, CVE-2024-7399 and CVE-2025-4632, affect Samsung’s MagicINFO 9 Server, allowing unauthenticated remote code execution via malicious .jsp file uploads. Exploited in the wild, these flaws have enabled the spread of the Mirai botnet. Symantec’s Data Center Security (DCS) blocks these attacks by restricting file uploads and command execution, while network rules limit internet connectivity to reduce risks. Organizations should apply patches and verify server configurations to mitigate threats. |
|
| 22-05-2025 |
Symantec Shields ESXi from Fake KeePass Malware |
Company News |
Symantec, a Broadcom security solution, protects ESXi environments from fake KeePass installers spreading KeeLoader malware. This campaign targets credentials, deploys Cobalt Strike, and may deliver ransomware. Leveraging behavior-based, file-based, and machine learning detections, Symantec ensures robust threat protection. Learn more about securing your systems with Symantec’s industry-leading solutions. |
|
| 22-05-2025 |
Symantec Blocks GhostSpy Malware on Android Devices |
Company News |
Symantec, a leading Broadcom cybersecurity solution, safeguards Android users from GhostSpy, a dangerous mobile malware exploiting Accessibility Services. GhostSpy enables attackers to control devices, steal banking credentials, and record audio/video. Symantec’s robust detection, including Android.Reputation.2 and WebPulse, ensures comprehensive protection. Explore Symantec’s advanced security measures to protect your mobile devices. |
|
| 21-05-2025 |
Trojanized RVTools Installer Delivers Bumblebee Malware |
Cybersecurity |
A trojanized RVTools installer, briefly hosted on the official site, was found to deliver the Bumblebee malware loader, posing risks to VMware environments. Symantec’s protection bulletin highlights that the malicious installer contained a Bumblebee loader dll, attempting connections to randomized .life domains for further attack stages. VMware Carbon Black products block associated indicators, while WebPulse-enabled solutions cover malicious domains and IPs. Users should verify installer hashes and scan recent downloads to ensure system security. |
|
| 21-05-2025 |
Symantec Enhances Threat Detection with JA3 Fingerprinting |
Cybersecurity |
Symantec’s Intrusion Prevention System (IPS) Engine now leverages JA3 fingerprinting to bolster endpoint threat protection against evasive malware. By analyzing TLS/SSL handshake characteristics, JA3 identifies malicious patterns, even in polymorphic or encrypted threats like Dridex and Remcos. Integrated into Symantec Cloud Sandbox, this technology reduces false positives and enhances proactive defense without direct configuration. Organizations can strengthen their security posture by enabling IPS on desktops and servers. |
|
| 21-05-2025 |
Malvertising Targets Users with Fake Kling AI Website |
Cybersecurity |
Cybercriminals are using social media malvertising to lure users to a fraudulent Kling AI website, promising AI-generated images and videos. Instead, the site delivers disguised executable files that deploy infostealers, exfiltrating sensitive data like browser credentials and session tokens. Symantec’s advanced threat protection, including VMware Carbon Black and WebPulse-enabled products, blocks these malicious indicators across adaptive, behavior, file, and machine learning-based detections. Users should verify website authenticity and maintain robust cybersecurity measures to avoid such threats. |
|
| 19-05-2025 |
Broadcom’s Symantec IPS Blocks 48.7M Attacks in Week 20 |
Cybersecurity |
Broadcom’s Symantec IPS protected 328.9K endpoints by blocking 48.7 million attacks in Week 20 of 2025, with 81.3% stopped pre-infection. The deep packet inspection engine thwarted 19.8M web server vulnerability scans and 8.4M malware command-and-control attempts, safeguarding desktops and servers. Notably, Broadcom (AVGO) stock closed at $228.899, reflecting a steady performance with a market cap of $1.04 trillion. Visit broadcom.com to enable IPS and enhance your cybersecurity defenses. |
|
| 19-05-2025 |
Symantec Shields Users from Binance Phishing Wave |
Cybersecurity |
Symantec, a Broadcom division, has identified a phishing campaign targeting Binance users, exploiting the Russia-Ukraine conflict to lure victims with fake wallet-linking notifications. The emails, posing as Binance, prompt users to click malicious links designed to steal credentials, citing market volatility and a fabricated data breach. Symantec’s email security products and Email Threat Isolation technology effectively block these threats across email and web platforms. Visit broadcom.com to learn how Symantec can protect your digital assets from such scams. |
|
| 16-05-2025 |
Symantec Thwarts Sophisticated Remcos RAT Fileless Malware Attack |
Service |
Symantec’s advanced security solutions have identified and blocked a stealthy fileless malware campaign deploying the Remcos RAT via PowerShell, originating from malicious LNK files in ZIP archives. The attack uses obfuscated VBScript and process hollowing to evade detection, enabling keylogging, screen capturing, and credential theft. Leveraging adaptive, machine learning, and Carbon Black-based protections, Symantec ensures robust defense against this threat. Visit broadcom.com to learn more about securing your systems. |
|
| 15-05-2025 |
Symantec Counters New DarkCloud Stealer Malware Targeting Government with AutoIt Obfuscation |
Cybersecurity |
A new DarkCloud Stealer variant, primarily targeting government organizations, uses phishing emails with RAR archives or PDFs to deliver AutoIt-obfuscated malware. It steals browser credentials, email passwords, and FTP logins while establishing C2 communication. Symantec’s protections, including Trojan.Malautoit!g7 and SONAR.Stealer!gen1, block this threat. Safeguard your systems with Symantec’s advanced cybersecurity solutions. |
|
| 15-05-2025 |
Symantec Identifies TransferLoader Malware Threat |
Cybersecurity |
TransferLoader, a new malware loader active since February 2025, using advanced evasion techniques to deliver Morpheus ransomware. It employs anti-debugging, encrypted communications, and IPFS for resilient command-and-control, posing significant risks to organizations. Symantec’s adaptive, file-based, and machine learning protections effectively counter this threat. Visit Broadcom’s Security Center for comprehensive threat insights and protection details. |
|
| 15-05-2025 |
Symantec Counters Earth Ammit Cyber Espionage |
Cybersecurity |
Earth Ammit’s VENOM and TIDRONE cyber espionage campaigns targeting government and critical infrastructure in Central Asia, Southeast Asia, and Eastern Europe. These attacks use stealthy supply chain tactics, injecting malicious code to exploit high-value targets across multiple sectors. Symantec’s adaptive, file-based, and machine learning protections, including VMware Carbon Black, effectively block these threats. |
|
| 14-05-2025 |
Symantec Cloud Sandbox Enhances Threat Protection with Real-Time Intelligence |
Cybersecurity |
Symantec Cloud Sandbox identifies evolving cyber threats daily, delivering robust protection against new malware techniques like GuLoader and MintsLoader. Integrated with Symantec’s Global Intelligence database, it provides actionable threat intelligence across web, email, and endpoint contexts. The platform’s advanced detection engines ensure rapid response, safeguarding businesses from sophisticated attacks. Explore how Symantec strengthens cybersecurity at Broadcom’s Security Center. |
|
| 14-05-2025 |
Symantec Bolsters Defenses Against PupkinStealer Malware Targeting Windows Users |
Cybersecurity |
PupkinStealer, a .NET-based infostealer, targets Windows systems, stealing browser credentials, Telegram and Discord data, and more via phishing emails. It exfiltrates compressed data using the Telegram Bot API. Symantec’s adaptive, behavior, and machine learning-based protections, including Trojan.Gen.2 and Heur.AdvML.B!200, block this threat. Strengthen your cybersecurity with Symantec’s solutions. |
|
| 14-05-2025 |
Symantec Shields Against Chihuahua Stealer Malware Targeting Sensitive Data |
Cybersecurity |
Chihuahua Stealer, a .NET-based infostealer, spreads via malicious Google Drive documents and PowerShell scripts, stealing browser data and crypto wallet info. It encrypts and exfiltrates data to attacker-controlled servers before wiping traces. Symantec’s protections, including Trojan.Gen.MBT and Heur.AdvML.B, block this threat. Secure your systems with Symantec’s robust cybersecurity solutions |
|
| 13-05-2025 |
Symantec Shields Users from Astryrean Stealer Malware, Broadcom Announces |
Cybersecurity |
Broadcom’s Symantec has identified and blocked Astryrean Stealer, a new Python-based infostealer targeting sensitive data like browser information and Discord tokens. Distributed via GitHub, the malware is countered by Symantec’s adaptive, behavior, and file-based protections. VMware Carbon Black also detects and blocks associated threats. |
|
| 13-05-2025 |
Symantec Stops BTMOB RAT Malware Targeting Alipay Credentials |
Cybersecurity |
Broadcom’s Symantec has blocked BTMOB RAT, a malicious Android app mimicking Alipay to steal payment PINs via phishing sites. The malware uses fake interfaces and accessibility permissions to capture sensitive data. Symantec’s mobile and web-based protections ensure user safety. |
|
| 12-05-2025 |
Symantec Shields Against Venom Spider’s More_eggs Malware in Phishing Scam |
What's New |
Broadcom’s Symantec Security Center reports a spear-phishing campaign by the Venom Spider threat actor targeting corporate recruiters with fake resumes that deploy the More_eggs backdoor malware. Symantec’s adaptive, email, file, and web-based protections, including Carbon Black and Email Threat Isolation, effectively block this threat. Users are advised to verify email attachments and links to avoid infection. Learn more about Symantec’s robust cybersecurity solutions on Broadcom’s official site. |
|
| 12-05-2025 |
Symantec IPS Blocks 50 Million Attacks in Week 19, 2025, Safeguarding Endpoints |
Cybersecurity |
Symantec’s Intrusion Prevention System (IPS) protected over 341,600 endpoints by blocking 50 million attacks last week, with 83.3% stopped pre-infection. Key defenses included thwarting 20.6 million web server vulnerability scans and 7.6 million malware command-and-control attempts. Broadcom advises enabling IPS on all desktops and servers for optimal security. Visit Broadcom’s Security Center for setup instructions and detailed insights. |
|
