Tag: backdoor
-
Supermicro: Unzählige Server-Mainboards anfällig für Firmware-Backdoors
Angreifer können in die BMC-Firmware zahlreicher Mainboards von Supermicro Malware einschleusen und damit dauerhaft die Kontrolle übernehmen. First seen on golem.de Jump to article: www.golem.de/news/supermicro-unzaehlige-server-mainboards-anfaellig-fuer-firmware-backdoors-2509-200484.html
-
Supermicro: Unzählige Server-Mainboards anfällig für Firmware-Backdoors
Angreifer können in die BMC-Firmware zahlreicher Mainboards von Supermicro Malware einschleusen und damit dauerhaft die Kontrolle übernehmen. First seen on golem.de Jump to article: www.golem.de/news/supermicro-unzaehlige-server-mainboards-anfaellig-fuer-firmware-backdoors-2509-200484.html
-
Hackers Deploy Stealthy Malware on WordPress Sites to Gain Admin Access
Attackers have stepped up their tactics by deploying stealthy backdoors disguised as legitimate WordPress components, ensuring persistent administrative access even after other malware is discovered and removed. Their deceptive appearances belied their dangerous functions: one impersonated a plugin, the other camouflaged itself as a core file. Together, they formed a resilient system that gave hackers…
-
Supermicro BMC: Schwachstelle ermöglicht persistente Backdoor
Setzt jemand Rechner mit Boards von Supermicro (speziell im Server-Bereich verbreitet) ein? In der Firmware des auf den Board verwendeten BMC wurden im Januar 2025 zwar Schwachstellen gefixt. Diese ermöglichten Angreifern potentiell eine persistente Backdoor auf den betreffenden Systemen einzurichten. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/25/supermicro-bmc-schwachstelle-ermoeglicht-persistente-backdoor/
-
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign
Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked by Google Threat Intelligence Group (GTIG) and investigated by Mandiant Consulting, BRICKSTORM campaigns have maintained undetected access for an average of 393 days, targeting legal services firms, SaaS providers, BPOs, and technology companies to harvest…
-
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign
Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked by Google Threat Intelligence Group (GTIG) and investigated by Mandiant Consulting, BRICKSTORM campaigns have maintained undetected access for an average of 393 days, targeting legal services firms, SaaS providers, BPOs, and technology companies to harvest…
-
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices
SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
-
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices
SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
-
New “YiBackdoor” Malware Lets Hackers Run Commands and Steal Data
Cybersecurity researchers at Zscaler ThreatLabz have identified a sophisticated new malware strain dubbed YiBackdoor, first detected in June 2025. This emerging threat represents a significant evolution in backdoor technology, sharing substantial code similarities with established malware families IcedID and Latrodectus. The discovery highlighted the continuous adaptation of cybercriminal tools, as YiBackdoor demonstrates capabilities that enable…
-
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
The post Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/cisco-uncovers-new-plugx-backdoor-linked-to-chinese-apts/
-
Iran Targets Job-Seeking European Aerospace Engineers
Iranian Hackers Impersonate Online Recruiters. Western Europeans working in aerospace, defense manufacturing or telecoms are receiving waves of emails from putative job recruiters who actually are Iranian state hackers ready to unleash a backdoor and an infostealer. Check Point tracks the threat actor as Nimbus Manticore. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-targets-job-seeking-european-aerospace-engineers-a-29517
-
How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking
Tags: backdoorTalos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/
-
Suspected Iran-backed attackers targeting European aerospace sector with novel malware
Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/iran_targeting_european_aerospace/
-
APT37 nutzt Rust-basierte Hintertür – Neue Backdoor in Windows-Systemen Angriffe laufen
First seen on security-insider.de Jump to article: www.security-insider.de/apt37-angriff-windows-systeme-rust-backdoor-rustonotto-a-99c3ae320d6ec45af493195af352652c/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SmokeLoader Rises From the Ashes Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Self-replicating Shai-hulud worm spreads…
-
Russian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor
Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations. Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated cyberattacks targeting Ukrainian organizations to deploy the advanced Kazuar backdoor. New evidence reveals an unprecedented level of coordination between these Federal Security Service (FSB)…
-
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities.Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group’s Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
APT37 greift Windows Systeme mit Rust-Backdoor und Python-Loader an
Das Sicherheitsteam von Zscaler ThreatLabz hat aktuelle Aktivitäten der Hackergruppe APT37 untersucht. Dabei wurde erstmals eine neue Backdoor identifiziert, die auf Windows-Systeme abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt37-windows-system-rust-backdoor-python-loader
-
Threat Actors and Code Assistants: The Hidden Risks of Backdoor Injections
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and produce harmful code. Indirect prompt injection attacks exploit context-attachment features by contaminating public data sources with hidden instructions. When unsuspecting developers feed…
-
APT37 greift Windows-Systeme mit Rust-Backdoor und Python-Loader an
Das Zscaler-ThreatLabz-Team hat APT37 (auch bekannt als Scarcruft, Ruby-Sleet und Velvet-Chollima) unter die Lupe genommen, da über die Backdoor Rustonotto erstmals auch Windows-Systeme angegriffen werden. APT37 zielt in erster Linie auf südkoreanische Aktivisten ab, die mit dem nordkoreanischen Regime in Verbindung stehen oder sich für Menschenrechte engagieren, und nutzt dabei speziell entwickelte Malware und neue…
-
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze President) has been spotted using an updated version of the TONESHELL backdoor and a previously undocumented USB worm called SnakeDisk. Mustang Panda has been active since…
-
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.”The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published…
-
Samsung’s image library flaw opens a zero-click backdoor
Patch now or risk a backdoor: A September 2025 Release 1 patch addresses the flaw that affects devices running Android versions 13 through 16. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in the disclosure.For enterprises, CVE-2025-21043 is more than a personal device issueit…
-
Hacker Deceives 18,000 Script Kiddies with Fake Malware Builder
A threat actor targeted low-skilled hackers, known as ‘script kiddies’ with a fake malware builder that secretly infected them with a backdoor to st First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/hacker-deceives-18000-script-kiddies-with-fake-malware-builder/
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Mustang Panda Uses SnakeDisk USB Worm and Toneshell Backdoor to Target Air-Gap Systems
IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that evades detection systems and a novel USB worm called SnakeDisk specifically targeting Thailand-based devices. Enhanced Toneshell Backdoor Evades Detection The latest iteration of Toneshell, dubbed…