Tag: backdoor
-
US, UK authorities warn that Firestarter backdoor malware survives patching
A federal agency was impacted by a hacking campaign that exploited flaws in Cisco devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/us-uk-authorities-firestarter-backdoor-malware-patching/818531/
-
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately, this exploit path leads to complete administrative control over the target device and its host…
-
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately, this exploit path leads to complete administrative control over the target device and its host…
-
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately, this exploit path leads to complete administrative control over the target device and its host…
-
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network
CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
-
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network
CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
-
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network
CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
-
CISA Hunts for Cisco Backdoor Spotted on Federal Network
‘Firestarter’ Backdoor Can Survive Reboots, Upgrades and Standard Fixes. The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-hunts-for-cisco-backdoor-spotted-on-federal-network-a-31505
-
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER.FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and…
-
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
Latest in long-running pwning of Cisco kit found in mystery Fed agency First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/government_cni_on_high_alert/
-
New Cisco firewall malware can only be killed by pulling the plug
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/cisco-firepower-firestarter-backdoor/
-
Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API
The post Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/harvester-apt-linux-backdoor-microsoft-graph-api/
-
US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities. First seen on therecord.media Jump to article: therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
-
(g+) Backdoor in Claude-Desktop-App: Stille Brücke aus dem Browser
Claude Desktop legt auf MacOS Native Messaging Hosts in jeden Chromium-Browser, sogar in noch nicht installierte. Das ist nicht harmlos – was nun zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-claude-desktop-app-stille-bruecke-aus-dem-browser-2604-207881.html
-
China-linked hackers targeted Mongolian government using Slack, Discord for covert communications
The group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unknown backdoor on the network of a Mongolian government institution. First seen on therecord.media Jump to article: therecord.media/china-linked-hackers-target-mongolian-gov-slack-discord
-
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking…
-
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
The Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control (C2) traffic within Microsoft Outlook mailboxes, making it significantly harder to detect with traditional network defenses. Researchers from Symantec and Carbon Black Threat Hunter Team discovered the malware. They linked…
-
Unwary Chinese Hackers Hardcoded Credentials into Backdoors
Eset Researchers Discover Trove of Go-Based Malware. Researchers uncovered a Chinese-linked cyberespionage group after attackers left command and control credentials embedded in malware, exposing internal operations, testing environments and thousands of messages tied to campaigns targeting a Mongolia government agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487
-
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic
A newly discovered Linux variant of the GoGra backdoor is being used by the Harvester advanced persistent threat (APT) group to conduct stealthy cyber espionage operations. Harvester, a suspected nation-state-backed group active since at least 2021, is known for targeting South Asia with custom malware and espionage campaigns. The discovery of a Linux version of…
-
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper.”The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal,” Slovakian cybersecurity company ESET said in a report shared with…
-
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
-
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener
IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Backdoor in Claude-Desktop-App: Stille Brücke aus dem Browser
Claude Desktop legt auf MacOS Native Messaging Hosts in jeden Chromium-Browser, sogar in noch nicht installierte. Das ist nicht harmlos – was nun zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-claude-desktop-app-stille-bruecke-aus-dem-browser-2604-207881.html
-
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
Acronis reveals Mustang Panda is using a new LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works. First seen on hackread.com Jump to article: hackread.com/mustang-panda-india-s-korea-lotuslite-backdoor/
-
WordPress-Plugins deaktiviert: Backdoor-Angriff trifft über 400.000 Installationen
First seen on t3n.de Jump to article: t3n.de/news/wordpress-plugins-deaktiviert-1738354/
-
New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
-
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector.”The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than First seen on thehackernews.com…
-
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker”‘controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way to deploy fileless or low”‘footprint malware into enterprise environments. Instead of shipping a conventional compiled…