Threats Affecting France

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]

MediumVulnerabilityFrance

We analyze how fake IPTV apps gain control of Android devices, abuse screen access features, and steal credentials, cash, and crypto assets.

MediumVulnerabilityPortugalSpainFrance+2#android

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

MediumCampaignUnited StatesAlbaniaArmenia+16#smishing#government impersonation#credential harvesting

European governments are transitioning from encrypted messaging applications like Signal and WhatsApp to sovereign Matrix-based solutions. This shift follows successful phishing campaigns, primarily attributed to Russian intelligence services, exploiting Signal's linked devices feature to gain persistent access to political communications. While Signal was initially recommended for external communications, scope creep led to its widespread use for sensitive statecraft discussions. Matrix-based systems offer advantages including federated architecture, government-controlled identity platforms, and customizable data retention policies. However, these homegrown solutions introduce new security vulnerabilities and implementation challenges. The walled-garden nature of current sovereign systems limits their utility for international diplomacy, suggesting Signal will continue to be used for communications with external parties despite the security concerns.

MediumMalwareUnited StatesBelgiumFrance+2#fast16#phishing attacks#sovereign messaging

Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ appeared first on SecurityWeek .

MediumMalwareUnited StatesFranceIndia+1

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

MediumMalwareFranceItalyAustria#ton network#trickmo#device takeover

Kaspersky experts have detected a supply chain attack using the popular DAEMON Tools software.

MediumVulnerabilityRussiaBrazilTurkey+7

The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek .

MediumExploitUnited StatesFranceNetherlands

A BTS comeback and world-tour announcement has resulted in a new wave of scam campaigns. Kaspersky experts have discovered fraudulent websites that sell fake BTS tickets to fans all around the world. We explain what those fake pages look like, and how you can avoid getting scammed.

MediumPhishingArgentinaBrazilChile+6#web

ThreatFox IOCs for 2026-04-02

MediumMalwareUnited StatesUnited KingdomGermany+7#type:osint#tlp:white