Tag: backdoor
-
Hacker Deceives 18,000 Script Kiddies with Fake Malware Builder
A threat actor targeted low-skilled hackers, known as ‘script kiddies’ with a fake malware builder that secretly infected them with a backdoor to st First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/hacker-deceives-18000-script-kiddies-with-fake-malware-builder/
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Mustang Panda Uses SnakeDisk USB Worm and Toneshell Backdoor to Target Air-Gap Systems
IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that evades detection systems and a novel USB worm called SnakeDisk specifically targeting Thailand-based devices. Enhanced Toneshell Backdoor Evades Detection The latest iteration of Toneshell, dubbed…
-
New ToneShell Variant Uses Task Scheduler COM Service to Maintain Persistence
The latest ToneShell variant introduces a notable advancement in its persistence strategy by leveraging the Windows Task Scheduler COM service. This lightweight backdoor, traditionally delivered through DLL sideloading techniques, now incorporates enhanced persistence mechanisms and sophisticated anti-analysis capabilities that pose significant challenges to security teams. Cybersecurity researchers have identified a new variant of the ToneShell…
-
New ToneShell Variant Uses Task Scheduler COM Service to Maintain Persistence
The latest ToneShell variant introduces a notable advancement in its persistence strategy by leveraging the Windows Task Scheduler COM service. This lightweight backdoor, traditionally delivered through DLL sideloading techniques, now incorporates enhanced persistence mechanisms and sophisticated anti-analysis capabilities that pose significant challenges to security teams. Cybersecurity researchers have identified a new variant of the ToneShell…
-
ToneShell Backdoor Evolves With Anti-Analysis Tricks, Continues Targeting Myanmar
Tags: backdoorThe post ToneShell Backdoor Evolves With Anti-Analysis Tricks, Continues Targeting Myanmar appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/toneshell-backdoor-evolves-with-anti-analysis-tricks-continues-targeting-myanmar/
-
Breach Roundup: Vidar Strikes Back
Also, Akira Ransomware Resumes Attacks Via SonicWall Flaws. This week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn’t hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.…
-
EggStreme Malware Emerges With Fileless Techniques and DLL Sideloading Payloads
A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data…
-
Brussels faces privacy crossroads over encryption backdoors
Over 600 security boffins say planned surveillance crosses the line First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/eu_chat_control/
-
Dormant macOS Backdoor ChillyHell Resurfaces
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dormant-macos-backdoor-chillyhell-resurfaces
-
New Buterat Backdoor Malware Found in Enterprise and Government Networks
Meet Buterat, a new backdoor malware spreading through phishing and trojanized downloads, giving attackers persistent access to enterprise and government networks. First seen on hackread.com Jump to article: hackread.com/buterat-backdoor-malware-enterprise-govt-networks/
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
The importance of reviewing AI data centers’ policies
Tags: ai, attack, backdoor, corporate, cybersecurity, data, government, Hardware, jobs, monitoring, risk, side-channel, supply-chain, threat, tool, vulnerabilityWhat cybersecurity leaders need to consider: Given these expanded threats, cybersecurity leaders and decision makers must closely scrutinize whether their AI data center operators are implementing corporate policies that require technical measures to secure AI data centers across all layers of security, including hardware, data, and geopolitical. Examples of such policies include: closely inspecting hardware…
-
New Exploit Bypasses Code Integrity to Backdoor Signal, 1Password, Slack, and More
A new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Electron CVE-2025-55305, affects nearly every app built on the Chromium engine when they use Electron, a popular framework for making…
-
Neue Hacker-Gruppe GhostRedirector vergiftet Windows-Server
ESET Forscher haben eine neue Hackergruppe identifiziert, dieWindows-Server mit einer passiven C++-Backdoor und einem bösartigen IIS-Modul angreift. Ihr Ziel: die Manipulation von Google-Suchergebnissen First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/neue-hacker-gruppe-ghostredirector-vergiftet-windows-server/
-
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection. First seen on hackread.com Jump to article: hackread.com/russian-apt28-notdoor-backdoor-microsoft-outlook/
-
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploited-sitecore-zero-day-flaw-to-deploy-backdoors/
-
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries.NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said. “When…
-
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS)…
-
XWorm Malware Adopts New Infection Chain to Bypass Security Detection
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate move toward more deceptive and intricate infection methods designed to increase success rates while remaining…