No recent events yet!
ngCERT is issuing an alert on the Android systems compromised by multiple malware families, including Android Backdoor, Prizmes (BADBOX-related), Hummer (HummingBad), Rootnik, Triada, and Uupay. These malwares leverage vulnerabilities The combined impact of these malware variants is severe, with consequences including loss of sensitive data, financial fraud, device instability, large-scale botnet participation, and erosion of user trust in mobile ecosystems. Given the widespread use of Android devices across the nation, ngCERT strongly urges government agencies, enterprises, and individuals to promptly apply the latest security patches and adopt proactive security measures to mitigate these threats.
ngCERT alerts organizations and users to an actively exploited zero-day vulnerability in Microsoft Windows Desktop Window Manager (DWM), tracked as CVE-2026-20805. The flaw arises from improper handling of Advanced Local Procedure Call (ALPC) messages, allowing attackers with local access to trigger memory disclosure and obtain internal pointers and heap/base address details. While it does not directly allow remote code execution or privilege escalation, it can be leveraged to bypass exploit mitigations like ASLR, increasing the reliability of subsequent attacks. Users and organizations are advised to apply recommended patches, monitor for suspicious activity, and follow security best practices to mitigate risks.
ngCERT is issuing an urgent advisory on the compromise of critical infrastructure by multiple variants of Remote Access Trojans (RAT). Particularly, variants such as Adwind, AsyncRAT, Firebird, Imminent Monitor, NetWire, Orcus, Remcos, Warzone, and WSH RATs are capable of enabling unauthorised remote control over infected systems. These have implications for data breaches, financial fraud and theft, cyber espionage and operational disruption. ngCERT strongly recommends conducting immediate vulnerability scans and deploying endpoint detection tools to mitigate the threats posed by these RATs.
ngCERT is issuing an alert on the infiltration of Pseudomanuscrypt malware, a sophisticated spyware campaign primarily impacting Windows OS. Notably, this mass-scale operation has infected over 35,000 systems globally, focusing mainly on industrial control systems (ICS) and government entities. Particularly, Pseudomanuscrypt infiltration can lead to theft of sensitive credentials and data, potentially enabling follow-on ransomware attacks, financial fraud, and possible sabotage of critical infrastructure across various sectors. This underscores the need for individuals and organisations to take proactive steps to safeguard against Pseudomanuscrypt infiltration.
ngCERT alerts stakeholders on M0yv malware infection detected in Nigeria’s cyberspace. M0yv is a sophisticated file-infector virus developed by Maze ransomware creators, which spreads by appending malicious code to executable files on infected systems and networks. The malware is often misidentified as Expiro by antivirus software and targets Windows environments, while enabling further attacks like ransomware deployment. The impacts range from file corruption to potential data loss, ransomware encryption, network-wide propagation and disruptions, as well as heightened risks of data exfiltration or persistent threats. Individuals and organisations are advised to take proactive steps to safeguard systems from the threats posed by M0yv malware.
