Tag: backdoor
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small Office/Home Office (SOHO) routers and IoT devices, particularly Linux-based systems, to facilitate covert operations. This…
-
China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs
ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs. First seen on hackread.com Jump to article: hackread.com/china-lapdogs-drops-shortleash-backdoor-fake-certs/
-
Chinese Hackers Turn Unpatched Routers Into ORB Spy Network
ShortLeash Backdoor Hijacks SOHO Linux Devices. Likely Chinese nation-state hackers are converting Internet of Things devices including Ruckus Wireless home routers into an operational relay box network – a run of infections creating more digital infrastructure almost certainly used for cyberespionage. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-turn-unpatched-routers-into-orb-spy-network-a-28784
-
Stealthy backdoor found hiding in SOHO devices running Linux
SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/lapdogs-shortleash-backdoor-linux-soho-devices/
-
NCSC Uncovers >>UMBRELLA STAND<< Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls
The post NCSC Uncovers >>UMBRELLA STAND
-
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware
Tags: ai, backdoor, china, cyber, cybersecurity, exploit, flaw, framework, group, hacker, intelligence, malware, threat, vulnerabilityChina’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation by hacker groups, have compromised at least 695 servers worldwide, according to threat intelligence from XLab. The attackers are deploying a sophisticated backdoor named >>Pickai,
-
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls
Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
-
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
-
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).Google addressed the flaw later that month after Kaspersky…
-
Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor
Hardcoded passwords and path traversals keeping bug hunters in work First seen on theregister.com Jump to article: www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/
-
Apple encryption row: Does law enforcement need to use Technical Capability Notices?
History shows that law enforcement can bring successful prosecutions without the need for the Home Office to introduce ‘backdoors’ into end-to-end encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625826/Apple-encryption-row-Does-law-enforcement-need-to-use-Technical-Capability-Notices
-
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/poisoned-npm-packages-disguised-utilities-system-wipeout
-
New npm threats can erase production systems with a single request
Smart and fail-safe command and control: The ‘monitoring’ malicious package is designed to auto-detect the host OSUnix or Windowsand the server framework (Express, Fastify, or native HTTP). It registers OS-specific destructive routes that execute file-system wipes regardless of the environment.Additionally, to increase reliability, the malware exposes three backdoor endpoints: a default reconnaissance module, a primary…
-
Aufbau eines Botnets? – Tausende Asus-Router durch Backdoor kompromittiert
First seen on security-insider.de Jump to article: www.security-insider.de/asus-router-angriff-botnetz-vorbereitung-a-70ee525d302b84a03049426a5af80aec/
-
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api. First seen on hackread.com Jump to article: hackread.com/backdoors-npm-packages-attackers-wipe-systems/
-
SentinelOne Sees No Breach After Hardware Supplier Hacked
Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups. Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn’t appear to have resulted in any infiltration of its own, corporate network. First seen…
-
US lawmakers say UK has ‘gone too far’ by attacking Apple’s encryption
US politicians are calling for Congress to rewrite the US Cloud Act to prevent the UK issuing orders to require US tech companies to introduce ‘backdoors’ in end-to-end encrypted messaging and storage First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625614/US-lawmakers-say-UK-has-gone-too-far-by-attacking-Apples-encryption
-
Malicious npm Utility Packages Enable Attackers to Wipe Production Systems
Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias >>botsailer
-
LLM04: Data Model Poisoning FireTail Blog
Jun 06, 2025 – Lina Romero – LLM04: Data & Model Poisoning Excerpt: In this blog series, we’re breaking down the OWASP Top 10 risks for LLMs and explaining how each one manifests and can be mitigated. Today’s risk is #4 on the list: Data and Model Poisoning. Read on to learn more”¦ Summary: Data…
-
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sakura RAT, a supposed open-source malware touted for its >>sophisticated anti-detection capabilities,
-
UK backdoor order to Apple raises bipartisan concerns
U.S. officials fear that gaps in existing law may enable countries to target U.S. companies with data access requests that harm user privacy and security. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366625473/UK-backdoor-order-to-Apple-raises-bipartisan-concerns
-
Backdoor im Code: Hacker trickst Scriptkiddies mit Fake-Trojaner aus
Wer auf Github nach Open-Source-Trojanern sucht, sollte Vorsicht walten lassen. Nicht selten enthalten die Projekte eine gefährliche Backdoor. First seen on golem.de Jump to article: www.golem.de/news/backdoor-im-code-hacker-trickst-scriptkiddies-mit-fake-trojaner-aus-2506-196875.html
-
Hacker targets other hackers and gamers with backdoored GitHub code
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
-
Hackers Exploit Ruby Gems to Steal Telegram Tokens and Messages
Researchers have unearthed a sophisticated supply chain attack targeting Ruby Gems, a popular package manager for the Ruby programming language. Malicious actors have infiltrated the ecosystem by embedding backdoors in seemingly legitimate gems, enabling them to steal sensitive Telegram tokens and private messages from unsuspecting developers and users. Uncovering a Sophisticated Supply Chain Attack This…
-
Custom Active Directory Extensions Create Stealthy Backdoors for Corporate Attacks
Active Directory (AD) Group Policy Objects (GPOs) are a cornerstone of centralized management for Windows environments, enabling administrators to configure operating systems, applications, and user settings across all domain-connected machines. The real work of applying these policies on client machines is handled by Client-Side Extensions (CSEs)”, specialized dynamic link libraries (DLLs) that interpret and enforce…
-
New Report: Governments Struggle to Regain Backdoor Access to Secure Communications
Tags: access, backdoor, communications, cyber, cybersecurity, encryption, government, monitoring, network, privacy, vpnA crucial point has been reached in the conflict between personal privacy and governmental monitoring in a time when digital communication is essential. Governments worldwide are grappling with the proliferation of strong encryption in messaging apps, social media platforms, and virtual private networks (VPNs). As a cybersecurity researcher with nearly three decades of insight into…
-
Backdoors in Python and NPM Packages Target Windows and Linux
Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control. First seen on hackread.com Jump to article: hackread.com/backdoors-python-npm-packages-windows-linux/