Tag: backdoor
-
Threat actor targets endlife SonicWall SMA 100 appliances in ongoing campaign
The hacker has deployed a backdoor to modify the boot process and has exploited several different vulnerabilities during the attack spree. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-actor-targets-end-of-life-sonicwall-sma-100-appliances-in-ongoing-ca/753216/
-
Google spots tailored backdoor malware aimed at SonicWall appliances
Google researchers reported on a malware campaign against end-of-life SonicWall appliances, noting that the attackers were good at covering their tracks. First seen on therecord.media Jump to article: therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148
-
Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit
Someone’s OVERSTEPing the mark First seen on theregister.com Jump to article: www.theregister.com/2025/07/16/sonicwall_vpn_hijack/
-
Hackers Use Backdoor to Steal Data From SonicWall Appliance
Tags: backdoor, breach, credentials, cybercrime, data, google, group, hacker, hacking, intelligence, ransomware, threatHacking Group UNC6148 Steals Credentials With New OVERSTEP Rootkit, Google Says. A cybercrime group used a backdoor in a fully patched SonicWall appliance to steal credentials and may have sold the stolen data to ransomware groups as part of an ongoing campaign, Google Threat Intelligence Group found. The firm attributed the campaign to a cybercrime…
-
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP.The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks as…
-
Attackers Abuse AWS Cloud to Target Southeast Asian Governments
The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-abuse-aws-southeast-asian-governments-novel-rat
-
State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments
Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon.The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where “CL” stands for “cluster” and “STA” refers to “state-backed motivation.””The threat actors…
-
Exploit details released for Citrix Bleed 2 flaw affecting NetScaler
Tags: access, advisory, authentication, backdoor, backup, citrix, credentials, cve, data-breach, endpoint, exploit, flaw, leak, mitigation, password, theft, tool, vulnerability, zero-daySimilarities to the original Citrix Bleed: CVE-2025-5777 has been dubbed Citrix Bleed 2 due to its similarities to a zero-day information disclosure vulnerability fixed in October 2023 (CVE-2023-4966) that received the Citrix Bleed moniker because it enabled attackers to leak session tokens from memory, allowing for session takeover with multifactor authentication bypass.Similarly, CVE-2025-5777 can lead…
-
MacOS Infostealer AMOS Evolves with Backdoor for Persistent Access
The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-infostealer-amos-backdoor/
-
Atomic macOS Info-Stealer Updated with New Backdoor for Persistent Access
The Atomic macOS Stealer (AMOS), a notorious piece of info-stealing malware targeting Apple users, has undergone a significant update, introducing an embedded backdoor for the first time. This development, reported by Moonlock a cybersecurity division of MacPaw marks a critical escalation in the malware’s capabilities, allowing attackers to maintain persistent access to compromised macOS systems.…
-
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor, to attackers persistent access to compromised systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/cisco-fixes-maximum-severity-flaw-in-enterprise-unified-comms-platform-cve-2025-20309/
-
Backdoor in Unified CM: Fest kodierte Admin-Zugangsdaten in Cisco-Tool entdeckt
Die Zugangsdaten lassen sich laut Cisco nicht manuell entfernen, sondern ausschließlich per Patch. Angreifer können sich über SSH als Root anmelden. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-unified-cm-fest-kodierte-admin-zugangsdaten-in-cisco-tool-entdeckt-2507-197709.html
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
Cisco removed the backdoor account from its Unified Communications Manager
Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call…
-
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
-
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
Chained with a legacy flaw for RCE : Oligo demonstrated that the attack vector combines two independent flaws. Attackers could chain the legacy “0.0.0.0-day” browser flaw, which lets web pages send requests to 0.0.0.0 address that browsers treat like localhost, to a CSRF-style attack leveraging the Inspector proxy’s vulnerable “/sse” endpoint that accepts commands via query…
-
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection
The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
-
Chinesische Hacker haben über 1.000 SOHO-Geräte infiziert
Tags: backdoor, china, cisco, cyberattack, cybercrime, cyberespionage, hacker, iot, linux, malware, office, usa, vulnerability, windowsDutzende Cybercrime-Kampagnen mit Fokus auf Asien und die USA wurden als angebliche LAPD-Aktionen getarnt.Cybersecurity-Experten haben ein Netzwerk von mehr als 1.000 kompromittierten Small-Office- und Home-Office-Geräten (SOHO) entdeckt. Die Devices wurden laut den Experten dazu genutzt, eine langwierige Cyberspionage-Infrastrukturkampagne für chinesische Hacker-Gruppen zu ermöglichen. Das Strike-Team von SecurityScorecard entdeckte das dazugehörige Operational-Relay-Box (ORB)-Netzwerk und gab ihm…
-
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan
A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
-
OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors.”The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html
-
Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/29/week-in-review-backdoor-found-in-soho-devices-running-linux-high-risk-winrar-rce-flaw-patched/
-
OneClik APT campaign targets energy sector with stealthy backdoors
A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution remains cautious.…
-
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors.”The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html
-
China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures
The post China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-aligned-hive0154-apt-strikes-tibetan-community-pubload-backdoor-delivered-via-phishing-lures/
-
Breach Roundup: UK NHS Links Patient Death to Ransomware Attack
Also, O Canada, Oh Brother and More Probable Chinese Hacking. This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice. First…
-
Chinese Hackers Deploy Pubload Malware Using Tibetan Community Lures and Weaponized Filenames
IBM X-Force researchers have uncovered a series of targeted cyberattacks orchestrated by the China-aligned threat actor Hive0154. Throughout 2025, this group has been deploying the Pubload malware, a potent backdoor, through meticulously crafted phishing lures aimed at the Tibetan community. The timing of these campaigns is particularly notable, coinciding with significant events such as the…
-
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/