Tag: backdoor
-
Google says UK government has not demanded an encryption backdoor for its users’ data
Google refused to tell a U.S. senator whether the company had received a secret U.K. surveillance order demanding access to encrypted data, similar to an order served on Apple earlier this year. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/google-says-uk-government-not-demanded-encryption-backdoor-for-its-users-data/
-
Wyden asks White House to scrutinize UK surveillance laws
The senator’s letter follows revelations in February that the U.K. government had asked Apple for what critics have called a backdoor to view all content Apple users have uploaded to the cloud even when it has been stored using end-to-end encryption. First seen on therecord.media Jump to article: therecord.media/wyden-asks-white-house-scrutinize-uk-surveillance-laws-apple
-
Senator warns of new UK surveillance risks to US citizens following Apple ‘back door’ row
US lawmarker raises concerns that UK may have ordered Google to introduce ‘backdoors’ into end-to-end encrypted back-ups impacting billions of Android phone users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366628083/Senator-warns-of-new-UK-surveillance-risks-to-US-citizens-following-Apple-back-door-row
-
Google won’t say if UK secretly demanded a backdoor for user data
Google said it has “never built a backdoor” for its services, but would not explicitly say if the company had received a secret U.K. surveillance order demanding access. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/google-wont-say-if-uk-secretly-demanded-a-backdoor-for-user-data/
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm
Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. First seen on hackread.com Jump to article: hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
-
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
-
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/supply-chain-attacks-github-actions-gravity-forms-npm
-
Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning
Threat actors have been using trojanized versions of well-known IT tools like PuTTY and WinSCP to spread the Oyster backdoor, also known as Broomstick or CleanupLoader, in a sophisticated malvertising and SEO poisoning campaign that Arctic Wolf researchers first noticed in early June 2025. There have also been hints that KeyPass has been involved in…
-
Atomic macOS Stealer Upgraded with Remote Access Backdoor
The Atomic macOS Stealer (AMOS), a notorious infostealer malware targeting Apple’s macOS ecosystem, has undergone a significant upgrade by incorporating a sophisticated backdoor mechanism that facilitates persistent access and remote command execution on infected systems. This enhancement, detailed in a recent report by Moonlock Lab, a cybersecurity arm of MacPaw, transforms AMOS from a mere…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever […]…
-
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration.The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901).”The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO),…
-
Koske, a new AI-Generated Linux malware appears in the threat landscape
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions.Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the “wp-content/mu-plugins” First seen on…
-
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions.Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the “wp-content/mu-plugins” First seen on…
-
WhatsApp is refused right to intervene in Apple legal action on encryption ‘backdoors’
Investigatory Powers Tribunal to hear arguments in public over lawfulness of secret UK order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627911/WhatsApp-is-refused-right-to-intervene-in-Apple-legal-action-on-encryption-backdoors
-
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/
-
Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites
Security researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for >>must-use plugins,
-
New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia
Kaspersky’s SecureList reveals GhostContainer, a new, highly customized backdoor targeting government and high-tech organizations in Asia via Exchange server vulnerabilities. Learn how this APT malware operates and how to stay protected. First seen on hackread.com Jump to article: hackread.com/new-ghostcontainer-malware-ms-exchange-servers-asia/
-
Golden dMSA Flaw Exposes Firms to Major Credential Theft
Semperis Warns of Flaw in Windows Server 2025 Delegated Managed Service Accounts. A critical cryptographic flaw in Windows Server 2025’s delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found. First seen on govinfosecurity.com Jump to article:…
-
Ransomware actors target patched SonicWall SMA devices with rootkit
Tags: access, attack, backdoor, control, credentials, exploit, flaw, incident response, malware, mandiant, network, password, ransomware, security-incident, startup, vpn, vulnerabilitytemp.db and persist.db, that store sensitive information, including user account credentials, session tokens, and OTP seed values.Although the flaw has been publicly documented and analyzed in detail by researchers as potentially leading to the exposure of admin credentials, GTIG and Mandiant don’t have evidence this is the flaw that was exploited. It is also possible…
-
Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors
The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors.”Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment First seen on thehackernews.com…
-
UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations
UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit…
-
Google finds custom backdoor being installed on SonicWall network devices
Overstep backdoor nukes key log entries, making detection hard. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices/
-
Fully Patched SonicWall Gear Under Likely Zero-Day Attack
A threat actor with likely links to the Abyss ransomware group is leveraging an apparent zero-day vulnerability to deploy the Overstep backdoor on fully up-to-date appliances. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/fully-patched-sonicwall-gear-zero-day-attack
-
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/sonicwall-sma-devices-persistently-infected-with-stealthy-overstep-backdoor-rootkit/