Tag: backdoor
-
Nvidia Denies Presence of Backdoors, Kill Switches, or Spyware in Its Chips
Nvidia has issued a comprehensive denial regarding allegations that its graphics processing units contain backdoors, kill switches, or spyware, emphasizing that such features would fundamentally undermine global digital infrastructure and cybersecurity principles. The chipmaker’s statement comes amid growing discussions among policymakers and industry observers about potential hardware-level controls that could remotely disable GPUs without user…
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
NVIDIA Takes Firm Stance Against Kill Switches Backdoors in AI Chips
The statement comes as both US and Chinese authorities probe the lucrative global AI chip business, which NVIDIA dominates. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-nvidia-ai-chips-backdoors-kill-switches/
-
Forscher warnen: Bisher unbekannte Linux-Backdoor ist seit Monaten aktiv
Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-bisher-unbekannte-linux-backdoor-ist-seit-monaten-aktiv-2508-198822.html
-
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
‘Plague’ malware has been around for months without tripping alarms First seen on theregister.com Jump to article: www.theregister.com/2025/08/05/plague_linux_backdoor/
-
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy the REMCOS backdoor, a potent remote access trojan capable of full system compromise. This fingerprint…
-
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/backdoors-breaches-how-talos-is-helping-humanitarian-aid-ngos-prepare-for-cyber-attacks/
-
Nextron findet bisher unbekannte Plague-Backdoor in Linux
Sicherheitsforscher von Nextron Research sind bei der Suche nach unbekannten Bedrohungen mit YARA-Regeln auf eine bisher undokumentierte PAM-basierte Backdoor identifiziert. Diese von den Sicherheitsforschern Plague getaufte Backdoor kann von Angreifern persistent auf Linux-Systemen installiert werden und gewährt einen dauerhaften SSH-Zugriff, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/04/nextron-findet-bisher-unbekannte-plague-backdoor-in-linux/
-
âš¡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
Malware isn’t just trying to hide anymore”, it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just…
-
APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government
The post APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt36-escalates-cyber-espionage-on-india-poseidon-backdoor-targets-railways-oil-government/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Endgame Gear mouse config tool infected users with malware Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal Decrypted: FunkSec Ransomware Threat actor uses…
-
Security Affairs newsletter Round 535 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors…
-
New Linux backdoor Plague bypasses auth via malicious PAM module
A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…
-
China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions
China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing. China’s internet watchdog has summoned Nvidia over concerns that its H20 AI chips may contain hidden backdoors. Nvidia H20 chips are AI GPUs tailored for the Chinese market, based on Hopper architecture.…
-
New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor
Security firm Point Wild has exposed a new malware campaign using malicious LNK files to install the REMCOS backdoor. This report details how attackers disguise files to gain full system control. First seen on hackread.com Jump to article: hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/
-
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theftCybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
-
New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access
Security researchers have discovered a sophisticated Linux backdoor dubbed >>Plague
-
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations.The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS,…
-
Seeing Your APIs Through an Attacker’s Eyes: Introducing Salt Surface
Tags: api, attack, backdoor, breach, cloud, data-breach, endpoint, firewall, Internet, monitoring, risk, tool, vulnerability, wafYour API attack surface is larger and more exposed than you realize. In today’s complex, cloud-native environment, APIs are deployed at an astonishing rate. While this rapid pace fuels innovation, it also creates a significant visibility gap. The APIs you are aware of and manage are only the tip of the iceberg. Your actual risk…
-
Beijing summons Nvidia over alleged backdoors in China-bound AI chips
H20 silicon under the microscope after slipping through US export bans First seen on theregister.com Jump to article: www.theregister.com/2025/07/31/beijing_nvidia_backdoors/
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
China Summons Nvidia Over Alleged Backdoor Risks in AI Chips
China’s top cybersecurity authority, the Cyberspace Administration of China (CAC), has officially summoned representatives from Nvidia to address alleged security vulnerabilities in its AI chips sold in the country. The specific focus is on Nvidia H20 chips, a custom version designed for the Chinese market amid strict U.S. export controls. First seen on thecyberexpress.com Jump…
-
Hidden Backdoor Found in ATM Network via Raspberry Pi
A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/backdoor-atm-network-raspberry-pi/
-
Auto-Color Backdoor Targets U.S. Chemical Firm via CVE-2025-31324
Tags: access, backdoor, cve, cyberattack, cybersecurity, exploit, hacker, linux, malware, sap, vulnerabilityIn a three-day cyberattack this April, hackers exploited a newly disclosed SAP vulnerability to infiltrate a U.S.-based chemicals company, deploying a stealthy Linux malware known as Auto-Color backdoor. Cybersecurity firm Darktrace says the attackers gained access through a critical flaw… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/auto-color-backdoor-cve-2025-31324/
-
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. >>In April 2025, Darktrace identified an Auto-Color backdoor malware attack…
-
Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware
Cybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred over three days in April 2025, demonstrates an alarming evolution in cyber attack tactics combining enterprise software exploitation with advanced…
-
Senator warns of new UK surveillance risks to US citizens following Apple ‘backdoor’ row
US lawmaker calls for the US to publish an assessment of the risks posed by UK surveillance laws to US citizens in the wake of disclosures that the UK has ordered Apple to introduce ‘backdoors’ in Apple encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366628083/Senator-warns-of-new-UK-surveillance-risks-to-US-citizens-following-Apple-back-door-row
-
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.”Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to…