Tag: backdoor
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
by
in SecurityNews
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH…
-
Florida bill requiring encryption backdoors for social media accounts has failed
by
in SecurityNewsThe bill would have required social media companies create encryption backdoors to allow access to users’ private information. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed/
-
Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors
by
in SecurityNewsA critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells, to unpatched servers, granting full system takeover capabilities. According to research from Forescout, exploitation has…
-
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
by
in SecurityNews
Tags: ai, api, apple, backdoor, credentials, cybersecurity, infrastructure, intelligence, macOS, malicious, threat, toolCybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.”Disguised as developer tools offering ‘the cheapest Cursor API,’ these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor’s First seen on thehackernews.com Jump…
-
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
by
in SecurityNewsThe nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan.The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called…
-
Activated Magento Backdoor Hits Up to 1,000 Online Stores
by
in SecurityNewsDormant PHP Backdoor Steals Payment Data. It took six years for a backdoor tucked in widely used Magento extensions for online stories to become apparent but it did so on April 20, affecting hunderds of digital storefronts. Security firm Sansec estimates between 500 to 1,000 stores run the software, including a $40 billion multinational. First…
-
BFDOOR Malware Targets Organizations to Establish Long-Term Persistence
by
in SecurityNewsThe BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly in the telecommunications sector. First identified by PwC in 2021, BPFDoor is a highly sophisticated backdoor malware designed to infiltrate Linux systems with an emphasis on long-term persistence and evasion. On April 25, 2025, the Korea Internet & Security Agency…
-
GhostWeaver backdoor deployed using MintsLoader malware
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ghostweaver-backdoor-deployed-using-mintsloader-malware
-
Chinese Group TheWizards Exploits IPv6 to Drop WizardNet Backdoor
ESET has discovered Spellbinder, a new tool used by the China-linked cyber espionage group TheWizards to conduct AitM… First seen on hackread.com Jump to article: hackread.com/chinese-thewizards-exploits-ipv6-wizardnet-backdoor/
-
Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers
by
in SecurityNews
Tags: attack, backdoor, control, cyber, cybersecurity, exploit, hacker, injection, malicious, software, supply-chain, vulnerabilityCybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular e-commerce applications, granting hackers full control over hundreds of online stores. This malicious campaign, which began with the injection of backdoors as early as six years ago, was activated this week, exposing vulnerabilities in software from vendors such as Tigren,…
-
Venom-Spider spinnt sein Netz für Personalabteilungen
by
in SecurityNewsArctic Wolf Labs, das Threat-Research-Team von Arctic Wolf, hat im Rahmen der fortlaufenden Beobachtung des Bedrohungsakteurs TA4557 (auch bekannt als Venom-Spider) eine neue Kampagne entdeckt, die auf Personalabteilungen und Recruiter in Unternehmen abzielt. Die Bedrohungsgruppe setzt Phishing-Techniken ein, um eine erweiterte Version einer leistungsstarken Backdoor namens More-eggs auf den Geräten der Opfer zu platzieren. Bisher…
-
âš¡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
by
in SecurityNewsWhat if attackers aren’t breaking in”, they’re already inside, watching, and adapting?This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the…
-
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
by
in SecurityNewsSupply chain attack via 21 backdoored Magento extensions hit 5001,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was…
-
Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications
Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy a stealthy NodeJS backdoor. The attack, part of the broader KongTuke campaign, leverages compromised websites to distribute malicious JavaScript that ultimately deploys advanced remote access trojans (RATs) capable of tunneling traffic through SOCKS5 proxies with XOR-based encryption. SpiderLabs researchers note…
-
Hackers Exploit New Eye Pyramid Offensive Tool With Python to Launch Cyber Attacks
by
in SecurityNews
Tags: attack, backdoor, control, cyber, exploit, group, hacker, infrastructure, network, open-source, ransomware, toolSecurity researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group, uncovered a network of interconnected command-and-control (C2) servers, bulletproof hosting providers, and shared toolsets fueling…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
by
in SecurityNews
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-disguised-as-a-security-tool-injects-backdoor/
-
TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack
A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/thewizards-apt-asian-gamblers-attack
-
Sneaky WordPress Malware Disguised as Anti-Malware Plugin
WordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides… First seen on hackread.com Jump to article: hackread.com/wordpress-malware-disguised-as-anti-malware-plugin/
-
Windows Backdoor Targets Members of Exiled Uyghur Community
by
in SecurityNewsA spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China’s continued cyber-espionage activity against the ethnic minority. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/windows-backdoor-targets-members-exhiled-uyghur-community
-
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
by
in SecurityNewsCybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead.WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach…
-
WooCommerce admins targeted by fake security patches that hijack sites
by
in SecurityNewsA large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/woocommerce-admins-targeted-by-fake-security-patches-that-hijack-sites/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43
by
in SecurityNews
Tags: attack, backdoor, botnet, china, crypto, fraud, infrastructure, international, malware, nfc, rust, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet >>RustoBot
-
Three-Year Go Module Mirror Backdoor Exposed: Supply Chain Attack
by
in SecurityNewsDiscover how a backdoored Go package exploited the module mirror for 3+ years. Learn vital security practices to safeguard your code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/three-year-go-module-mirror-backdoor-exposed-supply-chain-attack/
-
SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment
by
in SecurityNewsCybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of SAP NetWeaver, the widely deployed enterprise integration platform. Attackers have leveraged an unreported 0-day vulnerability to deploy web shells, which give them remote command execution capabilities and persistent backdoor access even on fully patched systems. CVE Details The exposure centers around…
-
Backdoor Found in Official XRP Ledger NPM Package
by
in SecurityNewsXRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update… First seen on hackread.com Jump to article: hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/