Collecting Cyber-News from over 60 sources

Tag: backdoor

Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 2:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
NDSS 2025 Explanation As A Watermark

Nov 22, 2025 7:49 PM

Tags: ai, backdoor, breach, conference, exploit, Internet, malicious, network

SESSION Session 3D: AI Safety ———– ———– Authors, Creators & Presenters: Shuo Shao (Zhejiang University), Yiming Li (Zhejiang University), Hongwei Yao (Zhejiang University), Yiling He (Zhejiang University), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University) ———– PAPER Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution Ownership verification is…
SesameOp: Neuartige Backdoor in OpenAI API für CC missbraucht

Nov 22, 2025 12:49 AM

Tags: api, backdoor, cyberattack, microsoft, openai

Sicherheitsforscher von Microsoft sind auf eine neuartige Backdoor in der OpenAI Assistant API gestoßen, und haben diese SesameOp genannt. Diese neuartige Backdoor, die von einem Angreifer verwendet wurde, nutzt die API des OpenAI Assistant, um Befehls- und Kontrollfunktionen für Cyberangriffe … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/22/sesameop-neuartige-backdoor-in-openai-api-fuer-cc-missbraucht/
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship

Nov 21, 2025 10:49 PM

Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, training

SESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship

Nov 21, 2025 10:49 PM

Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, training

SESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Nov 21, 2025 1:49 AM

Tags: backdoor, exploit, rce, remote-code-execution

The post Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/critical-wsus-rce-cve-2025-59287-actively-exploited-to-deploy-shadowpad-backdoor/
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
China”‘linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates

Nov 20, 2025 1:49 PM

Tags: access, backdoor, china, credentials, data, dns, endpoint, espionage, exploit, network, router, software, theft, tool, update

Hijacked update to backdoor deployment: With the network device serving as a stealthy redirect, PlushDaemon then exploits the hijacked update channel to gain access to end-systems. ESET observed how typical victim software (such as a Chinese input-method application) issues an HTTP GET to its update server, but because DNS was hijacked, the request lands at…
Fake-Softwareupdates: Cyberspione verteilen Malware über manipulierten DNS-Traffic

Nov 20, 2025 12:49 PM

Tags: apt, backdoor, dns, malware, router

Eine APT-Gruppe leitet gezielt DNS-Traffic kompromittierter Router um, um Anwendern falsche Softwareupdates mit einer Backdoor unterzuschieben. First seen on golem.de Jump to article: www.golem.de/news/dns-traffic-umgeleitet-cyberspione-verbreiten-malware-ueber-manipulierte-updates-2511-202397.html
PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns

Nov 19, 2025 2:23 PM

Tags: backdoor, china, cyber, espionage, group, hacker, malware, network, spy

The cyber espionage group uses a previously undocumented network implant to drop two downloaders, LittleDaemon and DaemonLogistics, which deliver a backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-new-malware-china-spy/
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Nov 19, 2025 11:49 AM

Tags: backdoor, dns, infrastructure, malicious, malware, network, software, threat, update

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure First seen on thehackernews.com Jump to article: thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html
Google Finds New Malware Backdoors Linked to Iran

Nov 18, 2025 11:49 PM

Tags: backdoor, defense, google, group, hacking, iran, malware, middle-east

Hacking Group Deploys Raft of Custom Malware Variants. An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps. First seen…
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Nov 18, 2025 4:49 PM

Tags: attack, backdoor, defense, espionage, google, hacker, iran, malware, mandiant, threat

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Nov 18, 2025 1:49 AM

Tags: apt, backdoor, defense, iran

The post Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-apt-spearspecter-uses-weeks-long-whatsapp-lures-and-fileless-tamecat-backdoor-to-hit-defense/
New Detection Methods Uncovered for Outlook NotDoor Backdoor Malware

Nov 17, 2025 2:49 PM

Tags: backdoor, control, cyber, cybersecurity, detection, email, group, malware, microsoft, russia, threat

Cybersecurity researchers have unveiled comprehensive detection methodologies for NotDoor, a sophisticated backdoor malware that leverages Microsoft Outlook macros for covert command and control operations. The malware, attributed to the Russian state-sponsored threat group APT28 (Fancy Bear), represents an evolution in email-based persistence techniques that can evade traditional security controls. NotDoor was first identified by Lab52,…
Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Nov 13, 2025 6:49 AM

Tags: attack, backdoor, cyber, cybersecurity, data, hacker, intelligence, malware, monitoring, software, theft, tool

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management (RMM) tools to deploy backdoor malware on unsuspecting users’ systems. The attacks abuse LogMeIn Resolve (GoTo Resolve) and PDQ Connect, transforming trusted administrative tools into weapons for data theft and remote system compromise. While the…
Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Nov 13, 2025 6:49 AM

Tags: attack, backdoor, cyber, cybersecurity, data, hacker, intelligence, malware, monitoring, software, theft, tool

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management (RMM) tools to deploy backdoor malware on unsuspecting users’ systems. The attacks abuse LogMeIn Resolve (GoTo Resolve) and PDQ Connect, transforming trusted administrative tools into weapons for data theft and remote system compromise. While the…
Lazarus Group Deploys Weaponized Documents Against Aerospace Defense

Nov 11, 2025 8:19 AM

Tags: backdoor, communications, cyber, defense, espionage, group, lazarus, malicious, phishing, threat

Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets. The threat actor has been actively conducting phishing operations since at least March 2025, distributing malicious documents disguised as legitimate communications from…
Threat Report: xHunt Targets Microsoft Exchange and IIS with Custom Backdoors

Nov 11, 2025 7:19 AM

Tags: attack, backdoor, cyber, cybersecurity, espionage, government, group, microsoft, risk, threat

The xHunt advanced persistent threat group continues to pose a significant cybersecurity risk through sophisticated attacks targeting Microsoft Exchange and IIS web servers with custom-built backdoors. This highly focused cyber-espionage operation has maintained persistent, multi-year campaigns primarily aimed at organizations in Kuwait, with particular emphasis on the shipping, transportation, and government sectors. First identified in…
Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

Nov 11, 2025 5:19 AM

Tags: attack, backdoor, group, lazarus

The post Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-attacks-aerospace-defense-with-new-chacha20-encrypted-comebacker-backdoor/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

Nov 9, 2025 12:20 PM

Tags: api, backdoor, control, defense, international, malware, military, openai

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants API for command and control Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector Gootloader Returns: What Goodies Did They Bring? Ransomvibing appears in VS Code extensions…
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

Nov 7, 2025 11:20 AM

Tags: apt, attack, backdoor, email, group, phishing, russia, software, ukraine

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

Nov 7, 2025 11:20 AM

Tags: apt, attack, backdoor, email, group, phishing, russia, software, ukraine

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
Cavalry Werewolf Launches Cyberattack on Government Agencies to Deploy Network Backdoor

Nov 7, 2025 8:19 AM

Tags: attack, backdoor, corporate, cyber, cyberattack, email, government, network, russia, spam, virus

In July 2025, Doctor Web’s anti-virus laboratory received a critical alert from a government-owned organization within the Russian Federation. The institution suspected a network compromise after discovering spam emails originating from one of their corporate email addresses. What began as a routine investigation quickly escalated into the discovery of a sophisticated targeted attack orchestrated by…
Breach Roundup: UPenn Hit by Email Breach

Nov 6, 2025 10:19 PM

Tags: backdoor, breach, email, hacker, ransomware, risk, scam, supply-chain, ukraine

Also, Australian Police Arrest 55 in New Round of Anom App Sting. This week: UPenn hit by email breach, Australian police arrested 55, ‘SesameOp’ backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer…