HyperRat is a newly identified Android malware marketed as a ready-made spying tool, enabling attackers to covertly monitor infected devices. Although it is currently not known to be exploited in the wild, its availability as an off-the-shelf spyware increases the risk of widespread misuse. The malware targets Android devices, potentially compromising user confidentiality by accessing sensitive data and communications. European organizations with employees using Android devices are at risk of espionage and data leakage. Mitigation requires proactive mobile security measures, including app vetting, endpoint protection, and user awareness to detect and prevent installation of such spyware. Countries with high Android adoption and significant digital infrastructure, such as Germany, France, Italy, Spain, and the UK, are most likely to be affected. Given the malware’s spying capabilities, ease of distribution, and potential impact on confidentiality, the threat severity is assessed as high. Defenders should prioritize monitoring for suspicious app behavior and enforce strict mobile device management policies to reduce exposure.

HyperRat is a newly surfaced Android malware being sold as a ready-made spyware tool, allowing threat actors to remotely monitor and exfiltrate data from infected devices. This malware is designed to operate stealthily on Android platforms, potentially capturing sensitive information such as messages, call logs, location data, and possibly microphone or camera feeds. The availability of HyperRat as a commercial spyware lowers the barrier for less skilled attackers to conduct espionage or surveillance campaigns. Although there are no confirmed reports of active exploitation in the wild, the malware’s presence on underground markets suggests a high likelihood of future deployment. The malware’s technical details remain limited, but its classification as spyware implies capabilities for persistent device access and data exfiltration. The threat primarily targets Android devices, which are widely used in both personal and enterprise environments, increasing the risk of data compromise. The malware’s distribution vector is likely through malicious apps or phishing campaigns, exploiting user trust and social engineering. The lack of patches or CVEs indicates this is a new threat rather than an exploitation of a known vulnerability. The medium severity rating from the source is conservative; however, considering the potential impact on confidentiality and ease of deployment, a higher severity is justified. European organizations face significant risk due to high Android usage and the potential for targeted espionage against corporate and governmental personnel. The malware’s stealthy nature complicates detection, necessitating enhanced mobile security controls and user education.

Reddit InfoSec News

Detailed information about New HyperRat Android Malware Sold as Ready-Made Spy Tool. Get real-time updates, technical details, and mitigation strategies.

New HyperRat Android Malware Sold as Ready-Made Spy Tool - Live Threat Intelligence - Threat Radar | OffSeq.com

New HyperRat Android Malware Sold as Ready-Made Spy Tool

Reddit Discussion: New HyperRat Android Malware Sold as Ready-Made Spy Tool

A large-scale smishing campaign linked to Chinese threat actors exploited approximately 194,000 malicious domains to harvest sensitive personal information, including Social Security numbers. This campaign used fraudulent SMS messages to lure victims into interacting with these domains, leading to data theft. Although no direct software vulnerability is specified, the campaign represents a significant social engineering threat leveraging domain infrastructure at scale. The attack primarily targets individuals, but the stolen data can be used for identity theft, fraud, and further targeted attacks. European organizations and citizens may be impacted due to the widespread nature of SMS communications and potential cross-border targeting. Mitigation requires enhanced user awareness, SMS filtering, domain blacklisting, and monitoring for suspicious domain registrations. Countries with high mobile penetration and significant Chinese digital footprint are more likely to be affected. Given the medium severity rating and lack of direct exploitation of software vulnerabilities, the threat is assessed as medium severity overall.

This threat involves a massive smishing (SMS phishing) campaign attributed to Chinese-linked threat actors who registered and leveraged approximately 194,000 malicious domains, collectively referred to as the 'Smishing Triad.' These domains were used as landing pages or infrastructure to collect sensitive personal information from victims, including Social Security numbers, which are critical for identity verification and fraud. The campaign operates by sending fraudulent SMS messages that entice recipients to visit these malicious domains, often under the guise of legitimate services or urgent notifications. Although no specific software vulnerability or CVE is identified, the attack exploits human factors and the trust users place in SMS communications. The sheer scale of domain registrations indicates a highly automated and well-resourced operation designed to evade detection and takedown efforts. The absence of known exploits in the wild suggests this is primarily a social engineering threat rather than a technical exploit. The campaign's impact extends beyond individual victims, as stolen data can facilitate further cybercrime, including account takeovers, financial fraud, and targeted spear-phishing attacks. The use of a vast domain infrastructure complicates mitigation and requires coordinated efforts among registrars, telecom providers, and cybersecurity entities. This campaign highlights the evolving tactics of threat actors leveraging large-scale domain abuse combined with social engineering to compromise sensitive data.

SecurityWeek

Detailed information about Massive China-Linked Smishing Campaign Leveraged 194,000 Domains. Get real-time updates, technical details, and mitigation strategies

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

CVE-2025-12279 is a medium severity cross-site scripting (XSS) vulnerability found in version 1. 0 of the code-projects Client Details System, specifically in the /welcome. php file. The vulnerability allows remote attackers to inject malicious scripts without requiring authentication, but user interaction is necessary for exploitation. The CVSS 4. 0 score is 4. 8, reflecting limited impact on confidentiality and integrity, with no direct availability impact. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. European organizations using this software may face risks of session hijacking, phishing, or defacement if exploited. Mitigation should focus on input validation and output encoding in the affected file, alongside monitoring and restricting user input sources.

CVE-2025-12279 identifies a cross-site scripting (XSS) vulnerability in the code-projects Client Details System version 1.0, specifically within the /welcome.php file. This vulnerability arises from insufficient sanitization or encoding of user-supplied input, allowing an attacker to inject malicious JavaScript code that executes in the context of the victim's browser. The attack vector is remote and does not require authentication, but successful exploitation requires user interaction, such as clicking a crafted link or visiting a malicious page. The CVSS 4.0 vector indicates the attack complexity is low, no privileges are required, but user interaction is necessary. The impact on confidentiality and integrity is limited to low, with no availability impact. The vulnerability can lead to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of the user. Although no known exploits are currently active in the wild, the public disclosure increases the likelihood of exploitation attempts. The lack of available patches or official fixes necessitates immediate mitigation efforts by administrators. This vulnerability highlights the importance of secure coding practices, particularly input validation and output encoding to prevent XSS attacks.

CVE Database V5

Detailed information about CVE-2025-12279: Cross Site Scripting in code-projects Client Details System affecting code-projects Client Details System. Get real-t

CVE-2025-12279: Cross Site Scripting in code-projects Client Details System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-12279: Cross Site Scripting in code-projects Client Details System

CVE-2025-12277 is a medium severity SQL injection vulnerability found in the Abdullah-Hasan-Sajjad Online-School product, specifically in the /studentLogin. php file where the Email parameter is improperly sanitized. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands, potentially compromising confidentiality, integrity, and availability of the system. Although no known exploits are currently observed in the wild, a public exploit has been published, increasing the risk of exploitation. The vendor has not responded to disclosure attempts, and no patches are available yet. European educational institutions using this software are at risk of data breaches and service disruption. Mitigation requires immediate input validation, use of parameterized queries, and network-level protections. Countries with significant adoption of this platform or similar e-learning tools, such as Germany, France, and the UK, are most likely to be affected. Given the ease of exploitation and potential impact, organizations should prioritize remediation and monitoring to prevent compromise.

CVE-2025-12277 identifies a SQL injection vulnerability in the Abdullah-Hasan-Sajjad Online-School software, affecting versions up to commit f09dda77b4c29aa083ff57f4b1eb991b98b68883. The vulnerability resides in the /studentLogin.php script, where the Email parameter is not properly sanitized or validated, allowing attackers to inject malicious SQL code. This injection flaw can be exploited remotely without authentication or user interaction, enabling attackers to manipulate backend database queries. Potential consequences include unauthorized data access, data modification, or deletion, and possibly full system compromise depending on database privileges. The product uses a rolling release strategy, but the vendor has not responded to vulnerability disclosure, and no patches or mitigations have been published. The CVSS 4.0 score is 6.9 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and partial impact on confidentiality, integrity, and availability. While no active exploitation in the wild is reported, a public exploit exists, increasing the urgency for affected organizations to act. The vulnerability is critical for educational institutions relying on this platform for student login and data management, as it threatens sensitive personal and academic information.

Detailed information about CVE-2025-12277: SQL Injection in Abdullah-Hasan-Sajjad Online-School affecting Abdullah-Hasan-Sajjad Online-School. Get real-time upd

CVE-2025-12277: SQL Injection in Abdullah-Hasan-Sajjad Online-School - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-12277: SQL Injection in Abdullah-Hasan-Sajjad Online-School

An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations.

Detailed information about CVE-2025-60291: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60291: n/a

CVE-2025-60291: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-12279: Cross Site Scripting in code-projects Client Details System

CVE-2025-12277: SQL Injection in Abdullah-Hasan-Sajjad Online-School

CVE-2025-12276: Information Disclosure in LearnHouse

CVE-2025-11248: CWE-532 Insertion of Sensitive Information into Log File in Zohocorp ManageEngine Endpoint Central

CVE-2025-41068: CWE-617 Reachable Assertion in NewPlane Open5GS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility