Tag: backdoor

TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 Likely via Trivy CI/CD Compromise

Mar 24, 2026 8:47 PM

Tags: backdoor, credentials, kubernetes, malicious, threat

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
Country that put backdoors into Cisco routers to spy on world bans foreign routers

Mar 24, 2026 3:47 PM

Tags: backdoor, cisco, country, router, spy

Unfortunately, there aren’t many options unless you’re Starlink First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/fcc_foreign_routers/
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper

Mar 24, 2026 1:47 PM

Tags: backdoor, cloud, computer, cyber, infrastructure, Internet, iran, kubernetes

CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure seen in the earlier Trivy and NPM CanisterWorm incidents. However, it now adds selective destruction…
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mar 23, 2026 3:47 PM

Tags: attack, backdoor, data, exploit, Internet, iot, malware, supply-chain

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mar 23, 2026 3:47 PM

Tags: attack, backdoor, data, exploit, Internet, iot, malware, supply-chain

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
Supply-Chain-Attacke: Trivy-Scanner und 140 NPM-Pakete kompromittiert

Mar 23, 2026 2:47 PM

Tags: backdoor, malware, supply-chain

Ein Angreifer hat Malware in den Schwachstellenscanner Trivy sowie über 140 NPM-Pakete eingeschleust. Er sammelt Daten und richtet Backdoors ein. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-attacke-trivy-scanner-und-140-npm-pakete-kompromittiert-2603-206808.html
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens

Mar 23, 2026 8:47 AM

Tags: access, backdoor, cyber, group, supply-chain, threat

A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK versions that silently deploy a persistent backdoor and then self-spread across every package the victim…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Mar 22, 2026 12:09 PM

Tags: ai, backdoor, international, malicious, malware, ransomware, tool, ukraine, wordpress

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
Texas Gov. Orders State Review of Chinese-Made Medtech

Mar 20, 2026 10:10 PM

Tags: backdoor, china, cybersecurity, healthcare, privacy, risk

Contec and Epsimed Monitors Containing ‘Backdoors’ Are at the Center of Order. Texas Gov. Abbott has ordered agencies to review foreign-made connected medical devices – especially those from Chinese manufacturers – used in state-owned facilities for cybersecurity issues that could pose security and privacy risks to patients and healthcare infrastructure. First seen on govinfosecurity.com Jump…
That cheap KVM device could expose your network to remote compromise

Mar 20, 2026 1:10 AM

Tags: access, authentication, backdoor, control, corporate, detection, edr, encryption, endpoint, exploit, firewall, firmware, Internet, linux, malware, mfa, network, technology, tool, update, vpn, vulnerability

Stealthy backdoors: A compromised KVM device can become a powerful backdoor in any environment. An attacker can inject keystrokes to execute commands or access UEFI settings to disable security features such as disk encryption and Secure Boot.Because the device operates outside the controlled system’s OS, endpoint detection tools and host firewalls cannot see it. These…
Pyronut Package Backdoors Telegram Bots With RCE

Mar 19, 2026 12:10 PM

Tags: api, backdoor, cyber, framework, malicious, pypi, rce, remote-code-execution

Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system.”‹ The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyrogram, a widely used Telegram MTProto API framework with around 370,000 monthly downloads. Instead of…
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos

Mar 18, 2026 1:09 PM

Tags: backdoor, blockchain, cyber, detection, github, software

ForceMemo is an active software supply”‘chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force”‘pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen”‘token ecosystem and uses the Solana blockchain as a resilient command”‘and”‘control (C2) channel, making detection and takedown significantly harder. The attacker targets a wide range of…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

Mar 17, 2026 5:10 AM

Tags: access, backdoor, china, cyberespionage, hacker, military

Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-nexus-hackers-southeast-asian-military-orgs
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Mar 16, 2026 10:10 PM

Tags: apt, backdoor, group, malware, microsoft, russia, spy, threat, ukraine

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Mar 16, 2026 12:10 PM

Tags: backdoor, defense, espionage, intelligence, malware, microsoft, russia, threat, ukraine

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed…
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor

Mar 16, 2026 8:09 AM

Tags: backdoor, cyber, email, exploit, group, microsoft, ransomware, social-engineering

Attackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm”‘1811), a financially motivated group tied to Black Basta and Cactus ransomware operations. The intrusion begins with email bombing, where victims’ inboxes are…
Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

Mar 13, 2026 10:11 PM

Tags: backdoor, login, penetration-testing, vulnerability

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen……
Even primitive AI-coded malware helps hackers move faster, thwart attribution

Mar 13, 2026 5:10 PM

Tags: ai, backdoor, hacker, ibm, malware

IBM researchers discovered an autonomously coded backdoor that they called unsophisticated but nonetheless ominous. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-ransomware-backdoor-ibm-attribution/814671/
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News

Mar 10, 2026 7:49 PM

Tags: backdoor, china, hacker, malware, military, spy

China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors. First seen on hackread.com Jump to article: hackread.com/china-hackers-qatar-backdoor-fake-war-news/
Signed malware posing as Teams and Zoom apps drops RMM backdoors

Mar 10, 2026 8:47 AM

Tags: access, adobe, backdoor, cyber, malware, microsoft, monitoring, phishing, threat

A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in…
Microsoft Teams phishing targets employees with backdoors

Mar 10, 2026 12:47 AM

Tags: access, backdoor, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
State-linked actors targeted US networks in lead-up to Iran war

Mar 9, 2026 5:47 PM

Tags: backdoor, iran, network

Researchers found backdoors installed on U.S. company networks in the weeks prior to the U.S. and Israeli bombing campaign. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/state-linked-actors-targeted-us-networks-in-lead-up-to-iran-war/814190/
Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor

Mar 9, 2026 3:48 PM

Tags: backdoor, cyber, hacker, iran, malware, software

Researchers say Iran’s MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware – All this amid the ongoing conflict. First seen on hackread.com Jump to article: hackread.com/iran-muddywater-hackers-us-dindoor-backdoor/
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats

Mar 9, 2026 1:47 PM

Tags: apt, backdoor, cyber, group, hacker, infrastructure, iran, network, threat

Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been observed on the networks of multiple U.S. organizations since early…