Tag: backdoor
-
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-supply-chain/
-
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
Tags: access, authentication, backdoor, china, cyber, hacker, infrastructure, Internet, network, spyA long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a segregated critical-infrastructure network. The intrusion chain began with compromises of internet-facing systems where the operator…
-
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a…
-
Backdoor eingeschleust: Supply-Chain-Angriff gefährdet Millionen von Websites
Ein Angreifer hat über mehrere populäre Plug-ins Schadcode verbreitet, der unter WordPress heimlich eine Backdoor mit Admin-Zugriff einrichtet. First seen on golem.de Jump to article: www.golem.de/news/backdoor-eingeschleust-supply-chain-angriff-gefaehrdet-millionen-von-websites-2606-209767.html
-
A hardware neural network backdoor that hides in plain sight
Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/hardware-neural-network-backdoor-research/
-
OceanLotus targets stock investors and construction firm with SPECTRALVIPER backdoor
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/brief/oceanlotus-targets-stock-investors-and-construction-firm-with-spectralviper-backdoor
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework: remote access, system profiling, exfiltration to attacker-controlled cloud storage, file encryption that appends a .candy…
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack…
-
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/owasp-prompt-injection-ai-security-failures/
-
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users. First seen on hackread.com Jump to article: hackread.com/op-flutterbridge-fake-google-ads-spread-macos-backdoor/
-
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking…
-
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
-
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
-
Chinese APT deploys new malware to keep access to hacked networks
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/
-
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again.The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.Read the whole thing before…
-
Malicious Ads Target macOS Users with FlutterShell Backdoor
Hackers are leveraging large-scale malvertising campaigns to distribute a newly identified macOS backdoor dubbed FlutterShell, marking a significant evolution in financially motivated adware operations. Security researchers tracking the activity attribute it to a broader cluster known as CL-CRI-1089 and have named the ongoing campaign Operation FlutterBridge. The campaign builds on earlier activity linked to the…
-
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Tags: attack, backdoor, cybercrime, cybersecurity, google, group, macOS, malicious, malware, networkCybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two…
-
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js attachment masquerading as a purchase order, quotation, or business proposal, and it encourages staff in…
-
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-model-backdoor-attack-research/
-
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-model-backdoor-attack-research/
-
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high”‘value beachheads for software supply”‘chain attacks, using fileless execution, an eBPF rootkit, PAM backdoors, and a P2P C2 mesh to evade conventional defenses. Despite its name, it is unrelated to the Windows”‘focused QuasarRAT family. It is…
-
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran’s Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-hackers-us-aviation/
-
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran’s Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-hackers-us-aviation/
-
Automated ‘Megalodon’ Campaign Spreads GitHub Repo Backdoors
Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets. More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed Megalodon, in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said. First seen…
-
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization repositories. The attack, detected on May 22, 2026, and reported by both Aikido Security and the Socket Research Team, introduces a fully functional remote code execution (RCE) backdoor that executes automatically via Composer’s…
-
Popular npm Package “art-template” Backdoored in Watering-Hole Attack
Hackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering”‘hole site delivering a Coruna”‘class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a delivery vehicle for advanced Safari exploits targeting iPhones running iOS 11 through 17.2. The art-template package is…