Tag: backdoor

Malicious Code in Fake Postmark MCP Server Steals Thousands of Emails

Sep 30, 2025 10:10 AM

Tags: attack, backdoor, cyber, data-breach, email, malicious, threat

A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line of code. Over the course of 15 incremental releases, the threat actor behind postmark-mcp built…
Hackers Distribute Malicious Microsoft Teams Build to Steal Remote Access

Sep 30, 2025 8:08 AM

Tags: access, backdoor, cyber, cybersecurity, hacker, malicious, microsoft, threat

Cybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware. The campaign targets users searching for legitimate Microsoft Teams downloads through search engines. When users search for terms like >>teams download,
Chinese hackers breached critical infrastructure globally using enterprise network gear

Sep 29, 2025 3:08 PM

Tags: access, backdoor, breach, business, china, communications, control, cve, defense, exploit, framework, germany, government, group, hacker, infrastructure, Internet, korea, law, malware, military, monitoring, network, open-source, penetration-testing, programming, service, threat, tool, update, vpn, vulnerability

72-hour vulnerability exploitation window: RedNovember demonstrated the ability to weaponize newly disclosed vulnerabilities faster than most organizations could deploy patches, researchers found. When researchers published proof-of-concept code for Check Point VPN vulnerability CVE-2024-24919 on May 30, 2024, RedNovember was attacking vulnerable systems by June 3.That campaign hit at least 60 organizations across Brazil, Germany, Japan,…
Fake Microsoft Teams installers push Oyster malware via malvertising

Sep 27, 2025 10:08 PM

Tags: access, backdoor, corporate, hacker, malware, microsoft, windows

Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-microsoft-teams-installers-push-oyster-malware-via-malvertising/
Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333 and CVE-2025-20362

Sep 27, 2025 4:08 PM

Tags: access, advisory, ai, attack, authentication, awareness, backdoor, best-practice, breach, china, cisa, cisco, cloud, compliance, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, endpoint, espionage, exploit, firewall, firmware, flaw, group, Hardware, identity, infrastructure, Internet, Intruder, login, malicious, malware, mfa, mitigation, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, service, software, technology, theft, threat, training, unauthorized, update, vpn, vulnerability, zero-day, zero-trust

IntroductionOn September 25, 2025, Cisco released a security advisory to patch three security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software, which have been exploited in the wild. These three vulnerabilities are tracked as CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363. The sophisticated state-sponsored campaign has been…
China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

Sep 27, 2025 3:08 PM

Tags: attack, backdoor, china, malware, network

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU).”The new variant’s features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the…
North Korea Fake Job Recruiters Up Their Backdoor Game

Sep 27, 2025 5:08 AM

Tags: access, backdoor, group, hacker, jobs, korea, lazarus, north-korea, scam, threat

Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat Actor. A gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-fake-job-recruiters-up-their-backdoor-game-a-29586
Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

Sep 26, 2025 10:09 AM

Tags: backdoor, business, china, data, google, intelligence, malware, service, software, spy, threat

China-linked actors used Brickstorm malware to spy on U.S. tech and legal firms, stealing data undetected for over a year, Google warns. Google Threat Intelligence Group (GTIG) observed the use of the Go-based backdoor BRICKSTORM to maintain persistence in U.S. organizations since March 2025. Targets include legal, Software as a Service (SaaS) providers, Business Process Outsourcers…
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices

Sep 25, 2025 10:16 PM

Tags: apt, backdoor, china, cyber, edr, espionage, group, network

The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor

Sep 25, 2025 5:16 PM

Tags: backdoor, china, cyber, data-breach, espionage, government, group, hacker, threat

In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between June 2024 and July 2025, RedNovember”, overlapping with Storm-2077″, has expanded its operations to target…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Sep 25, 2025 5:16 PM

Tags: backdoor, crypto, cybersecurity, hacker, korea, north-korea, software, threat, tool, windows

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor.Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, First seen on thehackernews.com…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Sep 25, 2025 5:16 PM

Tags: backdoor, crypto, cybersecurity, hacker, korea, north-korea, software, threat, tool, windows

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor.Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, First seen on thehackernews.com…
Chinese Hackers Use ‘BRICKSTORM’ Backdoor to Breach US Firms

Sep 25, 2025 5:16 PM

Tags: backdoor, breach, china, data, exploit, google, hacker, zero-day

The hackers are likely trying to collect data to feed the development of zero-day exploits, said Google researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-brickstorm/
Supermicro: Unzählige Server-Mainboards anfällig für Firmware-Backdoors

Sep 25, 2025 5:16 PM

Tags: backdoor, firmware, malware

Angreifer können in die BMC-Firmware zahlreicher Mainboards von Supermicro Malware einschleusen und damit dauerhaft die Kontrolle übernehmen. First seen on golem.de Jump to article: www.golem.de/news/supermicro-unzaehlige-server-mainboards-anfaellig-fuer-firmware-backdoors-2509-200484.html
Supermicro: Unzählige Server-Mainboards anfällig für Firmware-Backdoors

Sep 25, 2025 5:16 PM

Tags: backdoor, firmware, malware

Angreifer können in die BMC-Firmware zahlreicher Mainboards von Supermicro Malware einschleusen und damit dauerhaft die Kontrolle übernehmen. First seen on golem.de Jump to article: www.golem.de/news/supermicro-unzaehlige-server-mainboards-anfaellig-fuer-firmware-backdoors-2509-200484.html
Hackers Deploy Stealthy Malware on WordPress Sites to Gain Admin Access

Sep 25, 2025 10:49 AM

Tags: access, backdoor, cyber, hacker, malware, tactics, wordpress

Attackers have stepped up their tactics by deploying stealthy backdoors disguised as legitimate WordPress components, ensuring persistent administrative access even after other malware is discovered and removed. Their deceptive appearances belied their dangerous functions: one impersonated a plugin, the other camouflaged itself as a core file. Together, they formed a resilient system that gave hackers…
Supermicro BMC: Schwachstelle ermöglicht persistente Backdoor

Sep 25, 2025 9:49 AM

Tags: backdoor, firmware, vulnerability

Setzt jemand Rechner mit Boards von Supermicro (speziell im Server-Bereich verbreitet) ein? In der Firmware des auf den Board verwendeten BMC wurden im Januar 2025 zwar Schwachstellen gefixt. Diese ermöglichten Angreifern potentiell eine persistente Backdoor auf den betreffenden Systemen einzurichten. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/25/supermicro-bmc-schwachstelle-ermoeglicht-persistente-backdoor/
Hackers Exploit Hikvision Camera Flaw to Steal Sensitive Data

Sep 25, 2025 9:49 AM

Tags: backdoor, cctv, cyber, data, exploit, firmware, flaw, hacker, unauthorized

Security researchers have observed renewed exploit campaigns targeting an eight-year-old backdoor in Hikvision cameras to harvest configuration files, user lists, and snapshots. Attackers automate scans across IP ranges, appending a base64-encoded “auth” parameter to management URLs. When decoded, the string commonly reveals “admin:11,” enabling unauthorized access. Organizations relying on older camera firmware are at heightened…
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign

Sep 25, 2025 9:49 AM

Tags: access, backdoor, cyber, google, group, intelligence, mandiant, saas, service, technology, threat

Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked by Google Threat Intelligence Group (GTIG) and investigated by Mandiant Consulting, BRICKSTORM campaigns have maintained undetected access for an average of 393 days, targeting legal services firms, SaaS providers, BPOs, and technology companies to harvest…
COLDRIVER APT Group Uses ClickFix to Deliver New PowerShell-Based Backdoor BAITSWITCH

Sep 25, 2025 9:49 AM

Tags: apt, backdoor, blizzard, credentials, cyber, group, malware, phishing, powershell, russia, social-engineering, threat, tool

Russia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSWITCH and a PowerShell-based backdoor named SIMPLEFIX. COLDRIVER, also tracked as Star Blizzard, Callisto, and UNC4057, has historically focused on credential phishing campaigns against NGOs, think tanks, journalists,…
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign

Sep 25, 2025 8:49 AM

Tags: access, backdoor, cyber, google, group, intelligence, mandiant, saas, service, technology, threat

Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked by Google Threat Intelligence Group (GTIG) and investigated by Mandiant Consulting, BRICKSTORM campaigns have maintained undetected access for an average of 393 days, targeting legal services firms, SaaS providers, BPOs, and technology companies to harvest…
COLDRIVER APT Group Uses ClickFix to Deliver New PowerShell-Based Backdoor BAITSWITCH

Sep 25, 2025 8:49 AM

Tags: apt, backdoor, blizzard, credentials, cyber, group, malware, phishing, powershell, russia, social-engineering, threat, tool

Russia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSWITCH and a PowerShell-based backdoor named SIMPLEFIX. COLDRIVER, also tracked as Star Blizzard, Callisto, and UNC4057, has historically focused on credential phishing campaigns against NGOs, think tanks, journalists,…
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices

Sep 24, 2025 9:16 AM

Tags: access, backdoor, cyber, firmware, malware, mobile, software, update

SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices

Sep 24, 2025 9:16 AM

Tags: access, backdoor, cyber, firmware, malware, mobile, software, update

SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access to affected devices. The new build, version 10.2.2.2-92sv, adds additional file checking to detect and…
New “YiBackdoor” Malware Lets Hackers Run Commands and Steal Data

Sep 24, 2025 8:16 AM

Tags: backdoor, cyber, cybercrime, cybersecurity, data, hacker, malware, technology, threat, tool

Cybersecurity researchers at Zscaler ThreatLabz have identified a sophisticated new malware strain dubbed YiBackdoor, first detected in June 2025. This emerging threat represents a significant evolution in backdoor technology, sharing substantial code similarities with established malware families IcedID and Latrodectus. The discovery highlighted the continuous adaptation of cybercriminal tools, as YiBackdoor demonstrates capabilities that enable…
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs

Sep 24, 2025 5:16 AM

Tags: apt, backdoor, china, cisco

The post Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/cisco-uncovers-new-plugx-backdoor-linked-to-chinese-apts/
Iran Targets Job-Seeking European Aerospace Engineers

Sep 24, 2025 12:16 AM

Tags: backdoor, defense, email, hacker, iran, jobs, threat

Iranian Hackers Impersonate Online Recruiters. Western Europeans working in aerospace, defense manufacturing or telecoms are receiving waves of emails from putative job recruiters who actually are Iranian state hackers ready to unleash a backdoor and an infostealer. Check Point tracks the threat actor as Nimbus Manticore. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-targets-job-seeking-european-aerospace-engineers-a-29517
How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking

Sep 23, 2025 8:16 PM

Tags: backdoor

Talos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/
Suspected Iran-backed attackers targeting European aerospace sector with novel malware

Sep 23, 2025 1:15 PM

Tags: backdoor, iran, jobs, malware

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/iran_targeting_european_aerospace/
APT37 nutzt Rust-basierte Hintertür – Neue Backdoor in Windows-Systemen Angriffe laufen

Sep 23, 2025 7:15 AM

Tags: backdoor, cyberattack, rust, windows

First seen on security-insider.de Jump to article: www.security-insider.de/apt37-angriff-windows-systeme-rust-backdoor-rustonotto-a-99c3ae320d6ec45af493195af352652c/