| 08-05-2025 |
Symantec Counters NETXLOADER Malware Used by Agenda Ransomware Group |
Cybersecurity |
The Agenda ransomware group is deploying NETXLOADER, a highly obfuscated .NET-based malware loader, to deliver payloads like SmokeLoader and Agenda ransomware across various industries. NETXLOADER’s in-memory execution and obfuscation tactics aim to evade detection, but Symantec’s adaptive, behavior, and machine learning-based protections neutralize the threat. VMware Carbon Black further enhances defense against this malware. Learn how Symantec secures your systems at broadcom.com. |
|
| 08-05-2025 |
Symantec Neutralizes Bert Ransomware Targeting Healthcare and Tech Sectors |
Cybersecurity |
The emerging Bert ransomware group, active in the U.S. and Turkey, employs double-extortion tactics, encrypting files and threatening data exposure across healthcare, technology, and event services sectors. Using PowerShell-based loaders to disable defenses and escalate privileges, Bert leaves ransom notes and encrypted files with a .encryptedbybert extension. Symantec’s adaptive, behavior, and EDR-based protections, alongside VMware Carbon Black, effectively block this threat. Explore Symantec’s robust defense solutions at broadcom.com. |
|
| 08-05-2025 |
Symantec Mitigates CVE-2025-32433 Erlang/OTP SSH RCE Vulnerability |
Cybersecurity |
A critical Remote Code Execution vulnerability, CVE-2025-32433, in Erlang/OTP’s SSH libraries could allow unauthenticated attackers to execute arbitrary commands on affected servers. Patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.2, this flaw poses significant risks if unaddressed. Symantec’s network-based protections effectively detect and block exploits targeting this vulnerability. Visit broadcom.com to learn how Symantec secures your Erlang/OTP environments. |
|
| 08-05-2025 |
Symantec Shields Against Critical SAP NetWeaver CVE-2025-31324 Vulnerability |
Cybersecurity |
CVE-2025-31324, a critical unrestricted file upload flaw in SAP NetWeaver Visual Composer (CVSS 10), enables unauthenticated attackers to upload malicious JSP webshells, potentially compromising entire systems. Recently added to CISA’s Known Exploited Vulnerabilities Catalog, this flaw has been patched by SAP. Symantec’s network, file, and Carbon Black-based protections effectively block these exploits. Learn how Symantec secures SAP environments at broadcom.com. |
|
| 08-05-2025 |
Symantec Stops LZRD, the Latest Mirai Botnet Variant Targeting IoT Devices |
Cybersecurity |
The LZRD variant of the Mirai botnet exploits vulnerabilities CVE-2024-6047 and CVE-2024-11120 in GeoVision IoT devices to deploy ARM-based payloads for DDoS attacks. This new campaign highlights the persistent threat of Mirai-based malware. Symantec’s file, web, and Carbon Black-based protections effectively block this threat. |
|
| 08-05-2025 |
Symantec Blocks Java-Based Ratty RAT in Multi-Stage Malspam Campaign |
Feature |
A malicious email campaign targeting organizations in Italy, Portugal, and Spain uses a Spanish email provider to deliver a PDF attachment that triggers downloads from Dropbox, Google Drive, and Mediafire, ultimately deploying the Java-based Ratty RAT. This multi-stage attack aims to infiltrate systems covertly. Symantec’s adaptive, file, and Carbon Black-based protections neutralize this threat. |
|
| 07-05-2025 |
Symantec File Reputation Blocks 2.35M Malware Threats in Week 18, 2025 |
Cybersecurity |
Symantec’s File Reputation service, integrated across Symantec and Carbon Black products, blocked 2.25 million known malware files and 95,000 additional threats via machine learning on 355,000 unique devices in Week 18, 2025. Analyzing over 8 billion files and 4 billion IOCs daily, it ensures real-time protection by maintaining trust ratings and identifying clean system files to prevent operational disruptions. The service also stopped 600,000 risky downloads on 32,000 devices using Download Insight, safeguarding endpoints, web, and email gateways. Businesses can learn more about enabling this cloud-based protection to strengthen their cybersecurity defenses. |
|
| 07-05-2025 |
Critical CVE-2025-34028 Vulnerability in Commvault Command Center Exposes Systems to Remote Code Execution |
Service |
A newly identified path traversal vulnerability, CVE-2025-34028, in Commvault Command Center allows unauthenticated attackers to execute arbitrary code remotely via an exploited SSRF endpoint. The flaw enables privilege escalation using a malicious ZIP containing a .JSP file, risking full system compromise. Symantec provides advanced threat protection to detect and block this exploit. Review your security posture and apply necessary safeguards to reduce breach risk. |
|
| 07-05-2025 |
Symantec Thwarts FormBook Malware Spread via Malicious Word Documents |
Cybersecurity |
Symantec’s advanced security solutions effectively counter a new FormBook malware campaign distributed through phishing emails with weaponized Microsoft Word attachments. Leveraging social engineering, these attacks trigger a multi-stage deployment of the malware, which Symantec blocks using adaptive, email, file, and machine learning-based protections. VMware Carbon Black and Email Threat Isolation further enhance defense against this threat. Visit broadcom.com to learn how Symantec safeguards your systems. |
|
| 07-05-2025 |
Play Ransomware Exploits Windows Zero-Day CVE-2025-29824 to Deploy Grixba Infostealer |
Cybersecurity |
The Play ransomware group, also known as Balloonfly, exploited a Windows zero-day vulnerability, CVE-2025-29824, to target a U.S. organization, deploying the Grixba infostealer. This privilege escalation flaw in the Common Log File System driver was patched by Microsoft on April 8, 2025. Symantec’s Threat Hunter Team identified the attack, which used disguised tools mimicking Palo Alto software. Learn how Symantec protects against such threats at broadcom.com. |
|
| 07-05-2025 |
Symantec Blocks Malicious Campaign Exploiting Pahalgam Attack Targeting Indian Government |
Cybersecurity |
Threat actors are targeting Indian government personnel with phishing emails disguised as official communications, using decoy PDFs related to the Pahalgam attack to deliver malware. These malicious documents deploy macros that collect and exfiltrate sensitive data while attempting lateral network movement. Symantec’s comprehensive protections, including VMware Carbon Black and Email Threat Isolation, neutralize this threat. Discover how Symantec safeguards against such campaigns at broadcom.com. |
|
| 06-05-2025 |
New Malware Threats TerraStealerV2 and TerraLogger Detected by Symantec |
Company News |
Two emerging malware families—TerraStealerV2 and TerraLogger—are actively targeting sensitive user data, linked to the Golden Chickens threat group. TerraStealerV2 steals browser credentials and crypto wallet data, while TerraLogger functions as a keylogger without exfiltration. Symantec, supported by Carbon Black and WebPulse, provides layered protection against these evolving threats. Users should update their security tools and stay alert to new malware tactics. |
|
| 06-05-2025 |
StealC V2 Malware Adds Advanced Features and Payload Capabilities |
Cybersecurity |
The latest version of StealC infostealer introduces advanced features like multi-monitor screenshots, encrypted configuration, and customizable payload delivery using geolocation and hardware IDs. Enhanced with a new JSON-based C2 protocol and improved stealth, it poses a growing threat to systems and user data. Symantec, backed by Carbon Black and WebPulse, offers robust protection across behavior, file, and machine-learning layers. Users are urged to update security tools and remain alert to targeted attacks. |
|
| 06-05-2025 |
Symantec IPS Blocks 54.1M Attacks in Week 18, 2025, Safeguarding Endpoints |
Cybersecurity |
Broadcom’s Symantec Intrusion Prevention System (IPS) blocked 54.1 million attacks across 340,900 endpoints in Week 18, 2025, with 86.8% stopped before infection, protecting desktops and servers, including Fortune 500 clients. Key threats neutralized include 23.4 million web server vulnerability scans, 5.7 million Windows OS exploit attempts, and 6.4 million malware command-and-control connections. The IPS also thwarted 2 million application vulnerability exploits and 672,100 coin mining attempts, showcasing its robust deep packet inspection capabilities. Businesses are encouraged to enable IPS on all devices and review Broadcom’s setup guide for optimal endpoint security. |
|
| 06-05-2025 |
Symantec Endpoint Browser Extensions Block 6.7M Web Attacks |
Cybersecurity |
Symantec’s Endpoint Protection (SEP) and Endpoint Security (SES) browser extensions for Chrome and Edge thwarted 6.7 million web-based attacks across 153,600 endpoints, leveraging URL reputation and browser intrusion prevention technologies. The extensions blocked 6.3 million malicious website visits, 268,200 attempts to redirect users to attacker-controlled sites, and 94,200 browser notification scams. Powered by Symantec’s global threat intelligence and deep packet inspection, these tools effectively counter phishing, malware, and script-based threats. Businesses are encouraged to enable browser protection and explore Symantec Browser Protection for enhanced web security. |
|
| 05-05-2025 |
Stealerium Malware Targets Taxpayers via Phishing Emails and LNK Files |
Cybersecurity |
Cybercriminals are exploiting tax season by using modified Stealerium infostealer malware delivered through phishing emails and malicious LNK files. This threat captures browser data, crypto wallet info, and app credentials, putting users at risk. Symantec offers strong protection through email, file, and web-based security layers, including Carbon Black and Email Threat Isolation. Stay secure by using trusted security tools and staying alert to suspicious tax-related emails. |
|
| 02-05-2025 |
Symantec Counters ClickFix Social Engineering Tactic Used by Global APT Groups |
Company News |
Advanced persistent threat (APT) groups from North Korea, Iran, and Russia are deploying the ClickFix social engineering tactic, using fake error messages on malicious websites to trick users into running malware via PowerShell scripts. Symantec’s adaptive, email, and web-based protections, including Carbon Black and Email Threat Isolation, effectively block these attacks. This tactic highlights the evolving sophistication of cyber espionage. |
|
| 02-05-2025 |
Discovery Bank Targeted in South Africa Smishing Scam Using FICA Compliance Lure |
What's New |
Cybercriminals are impersonating Discovery Bank in a smishing campaign targeting South African mobile users, using FICA compliance as a pretext to steal banking credentials via malicious SMS links. The phishing pages, hosted on a German cloud server, mimic the bank’s login portal. Symantec Endpoint Protection Mobile and WebPulse technology detect and block these threats, safeguarding users. |
|
| 02-05-2025 |
Symantec Blocks MintsLoader in TAG-124 Cyber Attacks |
Service |
Symantec counters MintsLoader, a loader used by TAG-124 to target industrial, legal, and energy sectors with phishing and malicious payloads. Its obfuscated scripts and anti-VM tactics are thwarted by Symantec’s adaptive and machine learning protections. |
|
| 01-05-2025 |
Symantec IPS Audit Signatures Detect Over 811 Million Threats in April 2025 |
Feature |
Symantec’s Intrusion Prevention System (IPS) audit signatures identified 811.5 million attacks across 2.1 million endpoints in April 2025, targeting vulnerabilities in web servers, Windows OS, and ransomware tools. These signatures monitor suspicious network traffic without blocking by default, allowing administrators to review logs and enable blocking for enhanced protection. Key detections included 311.7 million Windows OS vulnerability scans and 34.6 million ransomware-related attacks. |
|
| 01-05-2025 |
Iranian APT Targets Middle Eastern Critical Infrastructure with Sophisticated Malware |
Company News |
An Iranian advanced persistent threat (APT) actor attacked critical Middle Eastern infrastructure, using backdoors, web shells, and living-off-the-land binaries (lolbins) to establish persistence and execute operations. Fortinet’s investigation revealed the attacker’s tactics, while Symantec’s adaptive and machine learning-based protections, including SONAR and Carbon Black, effectively block these threats. The campaign underscores the growing cyber risks to regional infrastructure. |
|
| 30-04-2025 |
Symantec Thwarts TypeLib Hijacking in Microsoft Teams Phishing Campaign |
Company News |
Symantec has identified and neutralized a sophisticated Microsoft Teams phishing campaign by the Storm-1811 threat actor, deploying a PowerShell backdoor via TypeLib hijacking. The attack uses social engineering, posing as IT support to trick employees into enabling Windows Quick Assist for malware deployment. Symantec’s adaptive, file-based, and machine learning protections, including VMware Carbon Black, block associated malicious indicators. |
|
| 30-04-2025 |
Symantec Blocks Hannibal Infostealer Targeting Browsers and Crypto Wallets |
Service |
Symantec has detected and neutralized Hannibal Infostealer, a C#-based malware rebranded from Sharp and TX stealers, actively sold on dark web forums. It targets Chromium and Gecko-based browsers, cryptocurrency wallets, FTP clients, and VPNs, using a crypto clipper to hijack transactions. Symantec’s adaptive, behavior, and network-based protections, including VMware Carbon Black, effectively block this threat. |
|
| 30-04-2025 |
Symantec Neutralizes Pentagon Stealer Malware Targeting Crypto and App Credentials |
Cybersecurity |
Symantec has identified and blocked Pentagon Stealer, a new Python and Golang-based malware, also known as Acab and BLX Stealer, spreading through typosquatting campaigns. It targets browser credentials, cookies, cryptocurrency wallets, and app tokens from platforms like Discord and Telegram, using HTTP requests for stealthy data exfiltration. Symantec’s adaptive, behavior, and machine learning-based protections, including VMware Carbon Black, effectively counter this threat. |
|
| 30-04-2025 |
Symantec Thwarts Spear Phishing Attack on World Uyghur Congress Using Trojanized Text Editor |
Company News |
A sophisticated spear phishing campaign targeted World Uyghur Congress members with a trojanized Uyghur text editor, deploying surveillance malware via spoofed domains. Symantec’s advanced protection, including SONAR, Carbon Black, and machine learning, effectively detects and blocks this threat. The attack highlights the growing risk of culturally tailored cyberattacks. |
|
