Tag: backdoor

Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials

Oct 13, 2025 3:24 PM

Tags: backdoor, control, credentials, cyber, ddos, exploit, group, russia, sql, technology

In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor accounts and defaced the human-machine interface (HMI), demonstrating a concerning pivot from pure DDoS to…
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Oct 13, 2025 1:23 PM

Tags: access, backdoor, exploit, hacker, Internet, microsoft, social-engineering, threat, unauthorized

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.”Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript First seen…
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs

Oct 13, 2025 8:23 AM

Tags: backdoor, cisco, control, credentials, cybersecurity, malware, rust, vpn

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.”Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, ‘serviceaccount,’” eSentire said in a technical report published First seen on thehackernews.com…
From infostealer to full RAT: dissecting the PureRAT attack chain

Oct 9, 2025 4:23 PM

Tags: attack, backdoor, cybersecurity, rat

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor, loaders, evasions, and TLS-pinned C2. Join Huntress Labs’ Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity

Oct 9, 2025 7:25 AM

Tags: access, ai, api, backdoor, control, cybersecurity, data, email, exploit, framework, hacker, intelligence, jobs, malicious, privacy, risk, software, technology, tool

The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity

Oct 9, 2025 7:25 AM

Tags: access, ai, api, backdoor, control, cybersecurity, data, email, exploit, framework, hacker, intelligence, jobs, malicious, privacy, risk, software, technology, tool

The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure

Oct 8, 2025 2:58 PM

Tags: access, ai, backdoor, cyber, data, exploit, infrastructure, risk, unauthorized

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to gain unauthorized access to critical systems. A compromised chatbot can morph from a helpful assistant…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure

Oct 8, 2025 2:58 PM

Tags: access, ai, backdoor, cyber, data, exploit, infrastructure, risk, unauthorized

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to gain unauthorized access to critical systems. A compromised chatbot can morph from a helpful assistant…
AVX ONE SSH: Comprehensive SSH Key Lifecycle Management for Enterprise Security

Oct 6, 2025 4:35 PM

Tags: backdoor, unauthorized

Every unmanaged SSH key is a potential backdoor for unauthorized access. In most enterprises, there are thousands”, and sometimes millions”, of keys no one is actively tracking. That’s why AppViewX is announcing the general availability of AVX ONE SSH, a purpose-built product that closes one of security’s most overlooked gaps: SSH key sprawl and lifecycle…
XWorm malware resurfaces with ransomware module, over 35 plugins

Oct 6, 2025 2:35 PM

Tags: backdoor, malware, phishing, ransomware

New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-with-ransomware-module-over-35-plugins/
TamperedChef Malware Disguised as PDF Editor Hijacks Browser Credentials and Opens Backdoors

Oct 6, 2025 2:35 PM

Tags: backdoor, credentials, cyber, group, intelligence, malware, strategy, threat

A sophisticated malware campaign dubbed TamperedChef has successfully compromised European organizations by masquerading as a legitimate PDF editor application, according to new research from WithSecure’s Strategic Threat Intelligence & Research Group (STINGR). The campaign demonstrates how threat actors can leverage convincing advertising strategies and fully functional decoy applications to harvest sensitive credentials and establish persistent…
WARMCOOKIE Malware Operators Introduce Advanced Capabilities

Oct 6, 2025 8:35 AM

Tags: backdoor, cyber, cybersecurity, law, malware, threat

The cybersecurity landscape continues to evolve as threat actors behind the WARMCOOKIE backdoor malware have significantly enhanced their capabilities, introducing new features and maintaining active development despite law enforcement disruptions. The latest WARMCOOKIE variants demonstrate the threat actors’ commitment to expanding their operational toolkit. Four new command handlers have been integrated into the malware’s architecture…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

Oct 5, 2025 2:35 PM

Tags: ai, backdoor, email, international, malicious, malware, ransomware, vpn

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails EvilAI Operators Use AI-Generated Code…
Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware

Oct 3, 2025 8:41 AM

Tags: attack, backdoor, cyber, email, espionage, group, hacker, hacking, malware, phishing, social-engineering, tactics, windows

The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated Confucius’ refined social engineering tactics, utilizing phishing emails with weaponized PowerPoint presentations (Document.ppsx) that displayed…
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor

Oct 3, 2025 5:41 AM

Tags: apt, backdoor, espionage, group

The post Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/confucius-apt-evolves-espionage-group-shifts-from-wooperstealer-to-advanced-python-backdoor-anondoor/
Humanoid Robots are Walking Trojan Horses, And They’re Already in the Workplace

Oct 2, 2025 8:41 PM

Tags: backdoor, cyberattack, data, exploit, flaw, privacy, risk

A new study reveals severe security flaws in the Unitree G1 humanoid robot, exposing risks from Bluetooth backdoors to hidden data exfiltration. Researchers warn that humanoid robots could be exploited as surveillance devices and active cyberattack platforms, raising urgent concerns for robotics security and privacy compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/humanoid-robots-are-walking-trojan-horses-and-theyre-already-in-the-workplace/
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

Oct 2, 2025 8:41 PM

Tags: backdoor, computer, cyberattack, group, malicious, software, tool, ukraine

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by the group UAC-0245 using the CABINETRAT backdoor. The campaign, seen in September 2025, involved malicious Excel XLL add-ins posing as software tools (e.g. >>UBD Request.xllrecept_ruslana_nekitenko.xll
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Confucius Shifts from Document Stealers to Python Backdoors

Oct 2, 2025 4:41 PM

Tags: backdoor, cyber, espionage, group, tactics

The Confucius cyber-espionage group has shifted its tactics from document-focused stealers to Python-based backdoors like AnonDoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/confucius-shifts-doc-stealers/
‘Confucius’ Cyberspy Evolves From Stealers to Backdoors in Pakistan

Oct 2, 2025 3:41 PM

Tags: backdoor, group, threat

The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/south-asian-cyberspy-evolves-stealers-backdoors
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

Oct 2, 2025 2:41 PM

Tags: ai, attack, backdoor, browser, chrome, cloud, defense, exploit, firewall, flaw, malicious, ransomware, sql, tactics, technology, vulnerability

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing, no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.On the defense side, AI is stepping…
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

Oct 2, 2025 2:41 PM

Tags: ai, attack, backdoor, browser, chrome, cloud, defense, exploit, firewall, flaw, malicious, ransomware, sql, tactics, technology, vulnerability

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing, no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.On the defense side, AI is stepping…
Großbritannien drängt weiter auf Backdoor für die iCloud

Oct 2, 2025 1:41 PM

Tags: access, apple, backdoor

Apple soll den Zugriff auf verschlüsselte iCloud-Daten britischer Bürger ermöglichen. Die Backdoor könnte bei allen Nutzern missbraucht werden. First seen on golem.de Jump to article: www.golem.de/news/apple-grossbritannien-draengt-weiter-auf-backdoor-fuer-die-icloud-2510-200749.html
Intel- und AMD-Chips physisch angreifbar

Oct 2, 2025 11:41 AM

Tags: access, backdoor, cloud, cyberattack, encryption, Hardware, supply-chain

Chips von Intel und AMD sind laut Forschern anfällig für physische Cyberattacken. Mit ‘Battering RAM” und ‘Wiretrap” haben Forscher zwei mögliche Angriffsvektoren auf Chips von Intel und AMD entdeckt, wie sie etwa in Servern von Rechenzentren und Cloud-Anbietern verbaut werden. Wie das Nachrichtenportal Ars Technica berichtet, umgehen die Attacken Sicherheitsmaßnahmen der Hersteller auf der Hardware,…
Home Office issues new ‘backdoor’ order over Apple encryption

Oct 2, 2025 11:41 AM

Tags: access, apple, backdoor, data, encryption, office, service

A second Home Office technical capability notice requires Apple to provide access to encrypted data and messages of British users stored on its iCloud service First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632159/Home-Office-issues-new-back-door-order-over-Apple-encryption
Chinese APT group Phantom Taurus targets gov and telecom organizations

Oct 2, 2025 12:41 AM

Tags: antivirus, apt, backdoor, china, detection, group, infrastructure, malware, password, sql, threat, tool, windows

mssq.bat that connects to an SQL database using the sa (system administrator) ID with a password previously obtained by the attackers. It then performs a dynamic search for specific keywords specified in the script, saving the results as a CSV file.”The threat actor used this method to search for documents of interest and information related…