Tag: backdoor

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Jun 17, 2025 9:54 PM

Tags: attack, backdoor, browser, chrome, cve, exploit, flaw, google, kaspersky, threat, vulnerability, zero-day

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).Google addressed the flaw later that month after Kaspersky…
Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor

Jun 17, 2025 7:54 PM

Tags: backdoor, flaw, password

Hardcoded passwords and path traversals keeping bug hunters in work First seen on theregister.com Jump to article: www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/
Apple encryption row: Does law enforcement need to use Technical Capability Notices?

Jun 13, 2025 12:54 PM

Tags: apple, backdoor, encryption, law, office

History shows that law enforcement can bring successful prosecutions without the need for the Home Office to introduce ‘backdoors’ into end-to-end encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625826/Apple-encryption-row-Does-law-enforcement-need-to-use-Technical-Capability-Notices
FIN6 hackers pose as job seekers to backdoor recruiters’ devices

Jun 10, 2025 6:55 PM

Tags: attack, backdoor, group, hacker, hacking, jobs, phishing, social-engineering

In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Jun 10, 2025 5:55 PM

Tags: backdoor, software

Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/poisoned-npm-packages-disguised-utilities-system-wipeout
New npm threats can erase production systems with a single request

Jun 10, 2025 2:55 PM

Tags: attack, backdoor, control, detection, endpoint, framework, malicious, malware, monitoring, network, remote-code-execution, threat, tool

Smart and fail-safe command and control: The ‘monitoring’ malicious package is designed to auto-detect the host OSUnix or Windowsand the server framework (Express, Fastify, or native HTTP). It registers OS-specific destructive routes that execute file-system wipes regardless of the environment.Additionally, to increase reliability, the malware exposes three backdoor endpoints: a default reconnaissance module, a primary…
Aufbau eines Botnets? – Tausende Asus-Router durch Backdoor kompromittiert

Jun 10, 2025 7:55 AM

Tags: backdoor, botnet, router

First seen on security-insider.de Jump to article: www.security-insider.de/asus-router-angriff-botnetz-vorbereitung-a-70ee525d302b84a03049426a5af80aec/
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Jun 9, 2025 9:55 PM

Tags: api, backdoor, endpoint, malicious

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api. First seen on hackread.com Jump to article: hackread.com/backdoors-npm-packages-attackers-wipe-systems/
SentinelOne Sees No Breach After Hardware Supplier Hacked

Jun 9, 2025 8:54 PM

Tags: apt, attack, backdoor, breach, china, corporate, cybersecurity, Hardware, malware

Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups. Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn’t appear to have resulted in any infiltration of its own, corporate network. First seen…
US lawmakers say UK has ‘gone too far’ by attacking Apple’s encryption

Jun 9, 2025 4:54 PM

Tags: apple, backdoor, cloud, encryption

US politicians are calling for Congress to rewrite the US Cloud Act to prevent the UK issuing orders to require US tech companies to introduce ‘backdoors’ in end-to-end encrypted messaging and storage First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625614/US-lawmakers-say-UK-has-gone-too-far-by-attacking-Apples-encryption
Malicious npm Utility Packages Enable Attackers to Wipe Production Systems

Jun 9, 2025 10:55 AM

Tags: api, backdoor, cyber, data, email, malicious, theft, threat

Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias >>botsailer
LLM04: Data Model Poisoning FireTail Blog

Jun 7, 2025 12:54 AM

Tags: ai, attack, backdoor, breach, control, data, detection, infrastructure, LLM, malicious, risk, training, update, vulnerability

Jun 06, 2025 – Lina Romero – LLM04: Data & Model Poisoning Excerpt: In this blog series, we’re breaking down the OWASP Top 10 risks for LLMs and explaining how each one manifests and can be mitigated. Today’s risk is #4 on the list: Data and Model Poisoning. Read on to learn more”¦ Summary: Data…
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User

Jun 6, 2025 6:55 PM

Tags: backdoor, cyber, cybercrime, detection, email, github, malicious, malware, open-source, rat, sophos, threat

Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sakura RAT, a supposed open-source malware touted for its >>sophisticated anti-detection capabilities,
UK backdoor order to Apple raises bipartisan concerns

Jun 6, 2025 7:55 AM

Tags: access, apple, backdoor, data, law, privacy

U.S. officials fear that gaps in existing law may enable countries to target U.S. companies with data access requests that harm user privacy and security. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366625473/UK-backdoor-order-to-Apple-raises-bipartisan-concerns
Backdoor im Code: Hacker trickst Scriptkiddies mit Fake-Trojaner aus

Jun 5, 2025 1:54 PM

Tags: backdoor, github, hacker, open-source

Wer auf Github nach Open-Source-Trojanern sucht, sollte Vorsicht walten lassen. Nicht selten enthalten die Projekte eine gefährliche Backdoor. First seen on golem.de Jump to article: www.golem.de/news/backdoor-im-code-hacker-trickst-scriptkiddies-mit-fake-trojaner-aus-2506-196875.html
Hacker targets other hackers and gamers with backdoored GitHub code

Jun 4, 2025 4:55 PM

Tags: access, backdoor, exploit, github, hacker, threat

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
Hackers Exploit Ruby Gems to Steal Telegram Tokens and Messages

Jun 4, 2025 10:54 AM

Tags: attack, backdoor, cyber, exploit, hacker, malicious, programming, supply-chain

Researchers have unearthed a sophisticated supply chain attack targeting Ruby Gems, a popular package manager for the Ruby programming language. Malicious actors have infiltrated the ecosystem by embedding backdoors in seemingly legitimate gems, enabling them to steal sensitive Telegram tokens and private messages from unsuspecting developers and users. Uncovering a Sophisticated Supply Chain Attack This…
Custom Active Directory Extensions Create Stealthy Backdoors for Corporate Attacks

Jun 4, 2025 9:54 AM

Tags: attack, backdoor, corporate, cyber, group, windows

Active Directory (AD) Group Policy Objects (GPOs) are a cornerstone of centralized management for Windows environments, enabling administrators to configure operating systems, applications, and user settings across all domain-connected machines. The real work of applying these policies on client machines is handled by Client-Side Extensions (CSEs)”, specialized dynamic link libraries (DLLs) that interpret and enforce…
Malicious PyPI packages aim to backdoor Windows, Linux systems

Jun 3, 2025 9:55 PM

Tags: backdoor, linux, malicious, pypi, windows

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-aim-to-backdoor-windows-linux-systems
New Report: Governments Struggle to Regain Backdoor Access to Secure Communications

Jun 3, 2025 2:54 PM

Tags: access, backdoor, communications, cyber, cybersecurity, encryption, government, monitoring, network, privacy, vpn

A crucial point has been reached in the conflict between personal privacy and governmental monitoring in a time when digital communication is essential. Governments worldwide are grappling with the proliferation of strong encryption in messaging apps, social media platforms, and virtual private networks (VPNs). As a cybersecurity researcher with nearly three decades of insight into…
Backdoors in Python and NPM Packages Target Windows and Linux

Jun 2, 2025 11:54 AM

Tags: attack, backdoor, data, linux, theft, windows

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control. First seen on hackread.com Jump to article: hackread.com/backdoors-python-npm-packages-windows-linux/
New Botnet Plants Persistent Backdoors in ASUS Routers

May 29, 2025 11:55 PM

Tags: backdoor, botnet, network, router

Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/botnet-persistent-backdoors-asus-routers
ASUS router backdoors affect 9K devices, persist after firmware updates

May 29, 2025 9:55 PM

Tags: backdoor, firmware, router, update

First seen on scworld.com Jump to article: www.scworld.com/news/asus-router-backdoors-affect-9k-devices-persist-after-firmware-updates
Thousands of ASUS Routers Hit by Persistent Backdoor

May 29, 2025 7:55 PM

Tags: access, attack, backdoor, botnet, firmware, hacker, hacking, router, update

Persistent Attack Grants Remote SSH Access via Exploit. Someone – possibly nation-state hackers – appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/thousands-asus-routers-hit-by-persistent-backdoor-a-28539
Most LLMs don’t pass the security sniff test

May 29, 2025 3:55 PM

Tags: ai, api, backdoor, breach, control, data, data-breach, finance, injection, LLM, mfa, network, password

Advice to CSOs: Lee said that CSOs should consider the following before approving any LLM:Training data: figure out where the model got its info. Random web grabs expose your secrets;Prompt history: if your questions stick around on their servers, they’ll turn up in the next breach bulletin;Credentials: stolen API keys and weak passwords keep attackers…
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

May 29, 2025 2:55 PM

Tags: backdoor, firmware, router, threat, update

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/thousands-asus-routers-compromised/
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
Risk assessment vital when choosing an AI model, say experts

May 29, 2025 5:55 AM

Tags: ai, api, backdoor, breach, control, data, data-breach, finance, injection, LLM, mfa, network, password, risk, risk-assessment

Advice to CSOs: Lee said that CSOs should consider the following before approving any LLM:Training data: figure out where the model got its info. Random web grabs expose your secrets;Prompt history: if your questions stick around on their servers, they’ll turn up in the next breach bulletin;Credentials: stolen API keys and weak passwords keep attackers…
Thousands of Asus routers are being hit with stealthy, persistent backdoors

May 29, 2025 12:55 AM

Tags: backdoor, control, firmware, router

Backdoor giving full administrative control can survive reboots and firmware updates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

May 28, 2025 7:55 PM

Tags: backdoor, botnet, cisco, router

Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/