Tag: backdoor
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-prolific-china-hacking/
-
New Dohdoor malware campaign targets education and health care
Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-dohdoor-malware-campaign/
-
Fake Next.js job interview tests backdoor developer’s devices
The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/
-
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications. First seen on thehackernews.com Jump…
-
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
-
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting”‘style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged command”‘and”‘control (C2) backdoor without relying on traditional malware installers. Attackers publish repositories that appear to…
-
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials
Malicious NuGet packages posing as legitimate developer utilities are targeting ASP.NET projects to steal identity credentials and silently backdoor applications through a localhost proxy. All four were published between August 1221, 2024, by a NuGet user named “hamzazaheer” and have collectively amassed a little over 4,500 downloads before takedown requests were submitted. The campaign’s core…
-
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities.The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week.”The group used several First seen…
-
Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign
A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The attackers registered huoronga[.]com adding a single “a” to the legitimate huorong.cn domain as part of a typosquatting strategy designed…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools
Researchers warn that thousands of instances may still be vulnerable to exploitation activity. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/beyondtrust-remote-support-exploitation-backdoors-remote-tools/812707/
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731, is being used in real-world attacks against multiple industries across the U.S., Europe, and Asia-Pacific. BeyondTrust is an identity and access management…
-
Crims create fake remote management vendor that actually sells a RAT
$300 a month buys you a backdoor that looks like legit software First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/rmm_rat_trustconnect/
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
NDSS 2025 Defending Against Backdoor Attacks On Graph Neural Networks Via Discrepancy Learning
Tags: attack, backdoor, conference, defense, framework, Internet, ml, network, risk, technology, threat, vulnerabilitySession 12D: ML Backdoors Authors, Creators & Presenters: Hao Yu (National University of Defense Technology), Chuan Ma (Chongqing University), Xinhang Wan (National University of Defense Technology), Jun Wang (National University of Defense Technology), Tao Xiang (Chongqing University), Meng Shen (Beijing Institute of Technology, Beijing, China), Xinwang Liu (National University of Defense Technology) PAPER DShield: Defending…
-
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
Tags: access, attack, backdoor, china, control, credentials, dns, espionage, exploit, group, infrastructure, intelligence, malicious, monitoring, network, risk, risk-management, service, software, supply-chain, threat, ukraine, update, vulnerabilityCSOonline, Ho said that no system can ever be declared absolutely unbreakable, “but the new design dramatically raises the bar.”An attacker must now compromise both the hosting infrastructure and the signing keys, he explained, adding that the updater now validates both the manifest and the installer, each with independent cryptographic signatures. And any mismatch, missing…
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
NDSS 2025 Try to Poison My Deep Learning Data? Nowhere To Hide Your Trajectory Spectrum!
Session 12D: ML Backdoors Authors, Creators & Presenters: Yansong Gao (The University of Western Australia), Huaibing Peng (Nanjing University of Science and Technology), Hua Ma (CSIRO’s Data61), Zhi Zhang (The University of Western Australia), Shuo Wang (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Anmin Fu (Nanjing University of Science and Technology), Minhui Xue (CSIRO’s…
-
NDSS 2025 CLIBE: Detecting Dynamic Backdoors In Transformer-based NLP Models
Session 12D: ML Backdoors Authors, Creators & Presenters: Rui Zeng (Zhejiang University), Xi Chen (Zhejiang University), Yuwen Pu (Zhejiang University), Xuhong Zhang (Zhejiang University), Tianyu Du (Zhejiang University), Shouling Ji (Zhejiang University) PAPER CLIBE: Detecting Dynamic Backdoors in Transformer-based NLP Models Backdoors can be injected into NLP models to induce misbehavior when the input text…
-
New backdoor found in Android tablets targeting users in Russia, Germany and Japan
In a report released this week, Russian cybersecurity firm Kaspersky said it uncovered a previously undocumented backdoor dubbed Keenadu that is built directly into a device’s core software, allowing it to load into every application launched on the tablet. First seen on therecord.media Jump to article: therecord.media/new-backdoor-found-in-android-russia-japan-brazil