Collecting Cyber-News from over 60 sources

Tag: backdoor

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions

Oct 15, 2025 11:54 AM

Tags: backdoor, crypto, cyber, hacker, malicious, marketplace, threat

Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish remote backdoors for complete system control. A newly identified threat actor known as TigerJack has…
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

Oct 15, 2025 10:54 AM

Tags: apt, backdoor, china, cyberespionage, exploit, group, service

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Oct 14, 2025 7:24 PM

Tags: backdoor, china, exploit, government, group, hacker, hacking, threat

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to…
Court dismisses Apple’s appeal against Home Office backdoor

Oct 14, 2025 3:24 PM

Tags: apple, backdoor, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor
SonicWall VPNs face a breach of their own after the September cloud-backup fallout

Oct 14, 2025 11:23 AM

Tags: access, advisory, attack, authentication, backdoor, backup, breach, cloud, control, credentials, exploit, flaw, group, login, mfa, ransomware, threat, vpn, windows

What defenders should watch out for: Huntress highlighted that, in a few cases, successful SSLVPN authentication was followed by internal reconnaissance traffic or access attempts to Windows administrative accounts. Additionally, logins originating from a single recurring public IP may suggest a coordinated campaign rather than random credential reuse.On top of the steps outlined in SonicWall’s…
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/
Apple and Home Office agree to drop legal claim over encryption backdoor

Oct 13, 2025 5:23 PM

Tags: apple, backdoor, encryption, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor
Apple and Home Office agree to drop legal claim over encryption backdoor

Oct 13, 2025 5:23 PM

Tags: apple, backdoor, encryption, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor
Apple and Home Office agree to drop legal claim over encryption backdoor

Oct 13, 2025 5:23 PM

Tags: apple, backdoor, encryption, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor
Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials

Oct 13, 2025 3:24 PM

Tags: backdoor, control, credentials, cyber, ddos, exploit, group, russia, sql, technology

In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor accounts and defaced the human-machine interface (HMI), demonstrating a concerning pivot from pure DDoS to…
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Oct 13, 2025 1:23 PM

Tags: access, backdoor, exploit, hacker, Internet, microsoft, social-engineering, threat, unauthorized

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.”Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript First seen…
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs

Oct 13, 2025 8:23 AM

Tags: backdoor, cisco, control, credentials, cybersecurity, malware, rust, vpn

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.”Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, ‘serviceaccount,’” eSentire said in a technical report published First seen on thehackernews.com…
From infostealer to full RAT: dissecting the PureRAT attack chain

Oct 9, 2025 4:23 PM

Tags: attack, backdoor, cybersecurity, rat

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor, loaders, evasions, and TLS-pinned C2. Join Huntress Labs’ Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Oct 9, 2025 12:23 PM

Tags: access, backdoor, hacker, microsoft

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. First seen on hackread.com Jump to article: hackread.com/fake-teams-installers-oyster-backdoor-broomstick/
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity

Oct 9, 2025 7:25 AM

Tags: access, ai, api, backdoor, control, cybersecurity, data, email, exploit, framework, hacker, intelligence, jobs, malicious, privacy, risk, software, technology, tool

The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity

Oct 9, 2025 7:25 AM

Tags: access, ai, api, backdoor, control, cybersecurity, data, email, exploit, framework, hacker, intelligence, jobs, malicious, privacy, risk, software, technology, tool

The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure

Oct 8, 2025 2:58 PM

Tags: access, ai, backdoor, cyber, data, exploit, infrastructure, risk, unauthorized

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to gain unauthorized access to critical systems. A compromised chatbot can morph from a helpful assistant…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure

Oct 8, 2025 2:58 PM

Tags: access, ai, backdoor, cyber, data, exploit, infrastructure, risk, unauthorized

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to gain unauthorized access to critical systems. A compromised chatbot can morph from a helpful assistant…
AVX ONE SSH: Comprehensive SSH Key Lifecycle Management for Enterprise Security

Oct 6, 2025 4:35 PM

Tags: backdoor, unauthorized

Every unmanaged SSH key is a potential backdoor for unauthorized access. In most enterprises, there are thousands”, and sometimes millions”, of keys no one is actively tracking. That’s why AppViewX is announcing the general availability of AVX ONE SSH, a purpose-built product that closes one of security’s most overlooked gaps: SSH key sprawl and lifecycle…
XWorm malware resurfaces with ransomware module, over 35 plugins

Oct 6, 2025 2:35 PM

Tags: backdoor, malware, phishing, ransomware

New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-with-ransomware-module-over-35-plugins/
TamperedChef Malware Disguised as PDF Editor Hijacks Browser Credentials and Opens Backdoors

Oct 6, 2025 2:35 PM

Tags: backdoor, credentials, cyber, group, intelligence, malware, strategy, threat

A sophisticated malware campaign dubbed TamperedChef has successfully compromised European organizations by masquerading as a legitimate PDF editor application, according to new research from WithSecure’s Strategic Threat Intelligence & Research Group (STINGR). The campaign demonstrates how threat actors can leverage convincing advertising strategies and fully functional decoy applications to harvest sensitive credentials and establish persistent…
WARMCOOKIE Malware Operators Introduce Advanced Capabilities

Oct 6, 2025 8:35 AM

Tags: backdoor, cyber, cybersecurity, law, malware, threat

The cybersecurity landscape continues to evolve as threat actors behind the WARMCOOKIE backdoor malware have significantly enhanced their capabilities, introducing new features and maintaining active development despite law enforcement disruptions. The latest WARMCOOKIE variants demonstrate the threat actors’ commitment to expanding their operational toolkit. Four new command handlers have been integrated into the malware’s architecture…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

Oct 5, 2025 2:35 PM

Tags: ai, backdoor, email, international, malicious, malware, ransomware, vpn

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails EvilAI Operators Use AI-Generated Code…
Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware

Oct 3, 2025 8:41 AM

Tags: attack, backdoor, cyber, email, espionage, group, hacker, hacking, malware, phishing, social-engineering, tactics, windows

The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated Confucius’ refined social engineering tactics, utilizing phishing emails with weaponized PowerPoint presentations (Document.ppsx) that displayed…