Collecting Cyber-News from over 60 sources

Tag: backdoor

Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node

Oct 23, 2025 5:26 AM

Tags: backdoor, email, iran

The post Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-linked-muddywater-deploys-phoenix-v4-backdoor-via-compromised-emails-and-nordvpn-exit-node/
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

Oct 23, 2025 12:36 AM

Tags: attack, backdoor, government, group, hacker, iran

State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iranian-hackers-targeted-over-100-govt-orgs-with-phoenix-backdoor/
Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks

Oct 22, 2025 9:26 PM

Tags: apt, attack, backdoor, exploit, flaw, government, group, hacking, malicious, military, office, vulnerability

South Asian hacking group Bitter (APT-Q-37) is deploying a C# backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors. First seen on hackread.com Jump to article: hackread.com/bitter-apt-winrar-vulnerability-backdoor-attacks/
F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor

Oct 22, 2025 8:26 PM

Tags: backdoor, leak

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/f5-big-ip-source-code-leak-tied-to-state-linked-campaigns-using-brickstorm-backdoor
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign

Oct 22, 2025 8:26 PM

Tags: backdoor, email, espionage, government, group, intelligence, iran, middle-east

The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.The end goal of the campaign is to infiltrate high-value targets and…
MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor

Oct 22, 2025 4:26 PM

Tags: backdoor, email, group, iran, phishing, threat

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/muddywater-100-gov-entites-mea-phoenix-backdoor
Attackers turn trusted OAuth apps into cloud backdoors

Oct 22, 2025 3:26 PM

Tags: access, backdoor, cloud

Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/22/attackers-turn-trusted-oauth-apps-into-cloud-backdoors/
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data

Oct 22, 2025 12:26 PM

Tags: apt, attack, backdoor, cyber, data, exploit, group, intelligence, malicious, office, tactics, threat, vulnerability, zero-day

In a newly uncovered campaign, the threat group known as Bitter”, also tracked as APT-Q-37″, has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and…
Self-propagating worm found in marketplaces for Visual Studio Code extensions

Oct 22, 2025 5:26 AM

Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, worm

Marketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor

Oct 22, 2025 5:26 AM

Tags: apt, backdoor, cyberespionage, sql

The post PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/passiveneuron-cyberespionage-resurfaces-apt-abuses-ms-sql-servers-to-deploy-stealthy-neursite-backdoor/
Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro

Oct 22, 2025 5:26 AM

Tags: apt, attack, backdoor, office, zero-day

The post Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bitter-apt-attacks-china-pakistan-with-winrar-zero-day-and-new-c-backdoor-via-office-macro/
CAPI Backdoor targets Russia’s auto and e-commerce sectors

Oct 20, 2025 4:43 PM

Tags: backdoor, cybersecurity, malware, russia

A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. >>SEQRITE Labs Research Team has recently uncovered a…
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Oct 18, 2025 2:08 PM

Tags: attack, backdoor, cybersecurity, email, malware, phishing, russia

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based…
Government considered destroying its data hub after decade-long intrusion

Oct 18, 2025 5:07 AM

Tags: access, backdoor, breach, china, data, detection, endpoint, exploit, government, group, Hardware, incident response, infrastructure, network, risk, spy, supply-chain, threat, tool, vpn, vulnerability

Bridewell, a supplier to the UK government critical network infrastructure, endorsed the severity of this approach. He said, “it’s like when a device is compromised, the only way to truly be sure there are no remnants, or unidentified backdoors is to restore the asset to a known good state. In the physical realm, in particular…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses

Oct 17, 2025 11:07 PM

Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerability

F5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Oct 17, 2025 1:07 PM

Tags: backdoor, cybercrime, group, microsoft, threat

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Oct 17, 2025 1:07 PM

Tags: backdoor, cybercrime, group, microsoft, threat

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
F5 Security Incident Advisory

Oct 17, 2025 9:09 AM

Tags: access, advisory, application-security, attack, authentication, awareness, backdoor, best-practice, breach, china, cisa, compliance, control, corporate, cve, cvss, cybersecurity, data, data-breach, defense, detection, dos, endpoint, espionage, exploit, finance, flaw, government, group, guide, hacker, Hardware, identity, infrastructure, Internet, Intruder, malicious, malware, mitigation, monitoring, network, phishing, PurpleTeam, radius, rce, remote-code-execution, risk, risk-assessment, security-incident, service, software, strategy, technology, theft, threat, training, unauthorized, update, vulnerability, zero-day, zero-trust

Executive SummaryOn October 15, 2025, F5 Networks publicly disclosed a serious security breach involving a nation-state threat actor. The intruders maintained long-term, persistent access to F5’s internal systems”, specifically the BIG-IP product development environment and engineering knowledge management platforms. F5 first detected unauthorized activity on August 9, 2025, but delayed public disclosure until mid-October as directed by…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Oct 17, 2025 9:09 AM

Tags: backdoor, intelligence, malicious, microsoft, ransomware, threat

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Oct 16, 2025 6:07 PM

Tags: backdoor, infrastructure, linux, service

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.”This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other…
Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Oct 16, 2025 10:07 AM

Tags: apt, backdoor, data

The post Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/mysterious-elephant-apt-campaign-targets-south-asian-diplomacy-steals-whatsapp-data-with-new-memloader-backdoor/
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Oct 16, 2025 5:07 AM

Tags: access, apt, backdoor, china

The post China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-backed-flax-typhoon-apt-maintained-year-long-access-by-turning-arcgis-soe-into-web-shell-backdoor/
Chinese gang used ArcGIS as a backdoor for a year and no one noticed

Oct 15, 2025 11:14 PM

Tags: backdoor, china, malware, software

Crims turned trusted mapping software into a hideout – no traditional malware required First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/
Backdoor MiniJunk und Stealer MiniBrowse – Iranische Gruppe greift Verteidigungs- und Luftfahrtindustrie in Europa an

Oct 15, 2025 4:54 PM

Tags: backdoor

First seen on security-insider.de Jump to article: www.security-insider.de/iranische-hackergruppe-nimbus-manticore-erweitert-angriffe-europa-a-10b405b20d7c842a2222ec14e364b7a5/