Collecting Cyber-News from over 60 sources

Tag: backdoor

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware

Dec 1, 2025 8:49 PM

Tags: backdoor, browser, chrome, microsoft, spyware

And some are still active in the Microsoft Edge store First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/
Backdoor ‘VShell” – Chinesisches Spionage-Tool auf über 1.500 Servern

Nov 28, 2025 4:49 PM

Tags: backdoor, tool

First seen on security-insider.de Jump to article: www.security-insider.de/nviso-entdeckt-vshell-backdoor-cyberspionage-a-b7010d90febbea1bb70205078b4dd147/
Google-Antigravity-Lücke: KI-Coding-Tool anfällig für Angriffe

Nov 28, 2025 3:49 PM

Tags: access, ai, backdoor, bug, cyberattack, exploit, google, tool, update, vulnerability

Eine Sicherheitslücke in Googles KI-Coding-Tool Antigravity erlaubt es Angreifern, Schadcode einzuschleusen.Anfang November brachte Google sein KI-gestütztes Coding-Tool Antigravity an den Start. Doch bereits nach 24 Stunden sind Forscher des Security-Anbieters Mindgard auf eine schwerwiegende Schwachstelle gestoßen, über die eine dauerhafte Backdoor und Schadcode installiert werden kann.Der kürzlich veröffentlichte Forschungsbericht weist darauf hin, dass sich das…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
OpenAI admits data breach after analytics partner hit by phishing attack

Nov 27, 2025 4:49 PM

Tags: access, ai, api, attack, authentication, backdoor, breach, chatgpt, credentials, data, data-breach, email, governance, government, mfa, openai, password, phishing, risk

Name provided to OpenAI on the API account Email address associated with the API accountApproximate location based on API user browser (city, state, country)Operating system and browser used to access the API accountReferring websitesOrganization or User IDs associated with the API account”We proactively communicated with all impacted customers. If you have not heard from us directly,…
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an

Nov 27, 2025 2:49 PM

Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windows

Die APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks

Nov 27, 2025 1:49 AM

Tags: attack, backdoor, zero-day

The post Water Gamayun Weaponizes >>MSC EvilTwin
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks

Nov 27, 2025 1:49 AM

Tags: attack, backdoor, zero-day

The post Water Gamayun Weaponizes >>MSC EvilTwin
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
NDSS 2025 EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis

Nov 25, 2025 7:49 PM

Tags: access, attack, backdoor, computing, conference, defense, detection, firmware, injection, intelligence, Internet, iot, network, risk, threat, vulnerability, xss

Session4A: IoT Security Authors, Creators & Presenters: Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information…
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor

Nov 25, 2025 3:49 PM

Tags: access, backdoor, credentials, macOS, malware

A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flexibleferret-malware-macos-go/
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Nov 25, 2025 1:49 AM

Tags: apt, backdoor, china, exploit, flaw

The post China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-autumn-dragon-apt-exploits-winrar-flaw-to-deploy-telegram-c2-backdoor/
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor

Nov 25, 2025 1:49 AM

Tags: access, attack, backdoor, cyber, cyberattack, defense, detection, group, india, malware, tactics, threat

An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…