Tag: backdoor
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud
The post China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-warp-panda-apt-deploys-brickstorm-backdoor-to-hijack-vmware-vcenter-esxi-and-azure-cloud/
-
China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud
The post China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-warp-panda-apt-deploys-brickstorm-backdoor-to-hijack-vmware-vcenter-esxi-and-azure-cloud/
-
China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud
The post China’s WARP PANDA APT Deploys BRICKSTORM Backdoor to Hijack VMware vCenter/ESXi and Azure Cloud appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-warp-panda-apt-deploys-brickstorm-backdoor-to-hijack-vmware-vcenter-esxi-and-azure-cloud/
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks In Split Learning
Session 5C: Federated Learning 1 Authors, Creators & Presenters: Phillip Rieger (Technical University of Darmstadt), Alessandro Pegoraro (Technical University of Darmstadt), Kavita Kumari (Technical University of Darmstadt), Tigist Abera (Technical University of Darmstadt), Jonathan Knauer (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt) PAPER SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in…
-
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress.This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based First seen on…
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
Über Telegram: Student finanziert sein Studium durch Verkauf von Backdoors
Tags: backdoorEin Student aus Bangladesch verkauft auf Telegram Zugänge zu kompromittierten Servern. Er behauptet, das Geld für seine Bildung zu brauchen. First seen on golem.de Jump to article: www.golem.de/news/ueber-telegram-student-finanziert-sein-studium-durch-verkauf-von-backdoors-2512-203014.html
-
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.”This malware enables remote control of compromised systems by allowing First…
-
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. First seen on hackread.com Jump to article: hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
-
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices. First seen on securityboulevard.com Jump to article:…
-
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Tags: apt, backdoor, china, cisa, cyber, cybersecurity, data-breach, espionage, infrastructure, threatCISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. >>The Cybersecurity…
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
Behörden warnen: Chinesische Hacker attackieren VMware-Systeme
Die Angreifer schleusen eine Backdoor-Malware namens Brickstorm ein, um sich dauerhaft einzunisten. IT-Verantwortliche sollten dringend handeln. First seen on golem.de Jump to article: www.golem.de/news/behoerden-warnen-chinesische-hacker-attackieren-vmware-systeme-2512-202940.html
-
Brickstorm Malware Hits US Critical Systems, CISA Warns
Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring. U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/brickstorm-malware-hits-us-critical-systems-cisa-warns-a-30195
-
CISA Warns of ‘Ongoing’ Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-ongoing-brickstorm-backdoor-attacks
-
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments
Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerabilityMultiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
-
4.3M Users Exposed in ShadyPanda’s Long-Running Browser Hack
ShadyPanda spent years hiding inside Google-verified extensions before unleashing an RCE backdoor that compromised 4.3 million users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3m-users-exposed-in-shadypandas-long-running-browser-hack/
-
MuddyWater strikes Israel with advanced MuddyViper malware
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…
-
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango First seen…