Tag: backdoor
-
Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers
Tags: attack, backdoor, control, cyber, cybersecurity, exploit, hacker, injection, malicious, software, supply-chain, vulnerabilityCybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular e-commerce applications, granting hackers full control over hundreds of online stores. This malicious campaign, which began with the injection of backdoors as early as six years ago, was activated this week, exposing vulnerabilities in software from vendors such as Tigren,…
-
Venom-Spider spinnt sein Netz für Personalabteilungen
Arctic Wolf Labs, das Threat-Research-Team von Arctic Wolf, hat im Rahmen der fortlaufenden Beobachtung des Bedrohungsakteurs TA4557 (auch bekannt als Venom-Spider) eine neue Kampagne entdeckt, die auf Personalabteilungen und Recruiter in Unternehmen abzielt. Die Bedrohungsgruppe setzt Phishing-Techniken ein, um eine erweiterte Version einer leistungsstarken Backdoor namens More-eggs auf den Geräten der Opfer zu platzieren. Bisher…
-
âš¡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
What if attackers aren’t breaking in”, they’re already inside, watching, and adapting?This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the…
-
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Supply chain attack via 21 backdoored Magento extensions hit 5001,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was…
-
Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications
Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy a stealthy NodeJS backdoor. The attack, part of the broader KongTuke campaign, leverages compromised websites to distribute malicious JavaScript that ultimately deploys advanced remote access trojans (RATs) capable of tunneling traffic through SOCKS5 proxies with XOR-based encryption. SpiderLabs researchers note…
-
Hackers Exploit New Eye Pyramid Offensive Tool With Python to Launch Cyber Attacks
Tags: attack, backdoor, control, cyber, exploit, group, hacker, infrastructure, network, open-source, ransomware, toolSecurity researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group, uncovered a network of interconnected command-and-control (C2) servers, bulletproof hosting providers, and shared toolsets fueling…
-
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-disguised-as-a-security-tool-injects-backdoor/
-
TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack
A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/thewizards-apt-asian-gamblers-attack
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
Sneaky WordPress Malware Disguised as Anti-Malware Plugin
WordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides… First seen on hackread.com Jump to article: hackread.com/wordpress-malware-disguised-as-anti-malware-plugin/
-
Windows Backdoor Targets Members of Exiled Uyghur Community
A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China’s continued cyber-espionage activity against the ethnic minority. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/windows-backdoor-targets-members-exhiled-uyghur-community
-
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead.WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach…
-
WooCommerce admins targeted by fake security patches that hijack sites
A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/woocommerce-admins-targeted-by-fake-security-patches-that-hijack-sites/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43
Tags: attack, backdoor, botnet, china, crypto, fraud, infrastructure, international, malware, nfc, rust, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet >>RustoBot
-
Three-Year Go Module Mirror Backdoor Exposed: Supply Chain Attack
Discover how a backdoored Go package exploited the module mirror for 3+ years. Learn vital security practices to safeguard your code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/three-year-go-module-mirror-backdoor-exposed-supply-chain-attack/
-
SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment
Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of SAP NetWeaver, the widely deployed enterprise integration platform. Attackers have leveraged an unreported 0-day vulnerability to deploy web shells, which give them remote command execution capabilities and persistent backdoor access even on fully patched systems. CVE Details The exposure centers around…
-
Backdoor Found in Official XRP Ledger NPM Package
XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update… First seen on hackread.com Jump to article: hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/
-
China-linked APT Mustang Panda upgrades tools in its arsenal
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since…
-
China-linked BRICKSTORM backdoor involved in Europe-targeted cyberespionage
First seen on scworld.com Jump to article: www.scworld.com/brief/china-linked-brickstorm-backdoor-involved-in-europe-targeted-cyberespionage
-
Novel BPFDoor backdoor component facilitates covert attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-bpfdoor-backdoor-component-facilitates-covert-attacks
-
Toll of symlink backdoor-compromised Fortinet devices increases
First seen on scworld.com Jump to article: www.scworld.com/brief/toll-of-symlink-backdoor-compromised-fortinet-devices-increases
-
Florida draft law mandating encryption backdoors for social media accounts billed ‘dangerous and dumb’
A digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/
-
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.This includes updated versions of a known backdoor called TONESHELL, as well as a new…
-
Your Network Is Showing Time to Go Stealth
Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day -
Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools
The China-sponsored hacking group, Mustang Panda, has been uncovered by Zscaler ThreatLabz to employ new techniques and tools, including the updated backdoor ToneShell and a novel tool named StarProxy, to evade endpoint detection and response (EDR) systems. Mustang Panda’s New Techniques Mustang Panda, known for targeting government and military entities primarily in East Asia, has…
-
Russia-linked APT29 targets European diplomats with new malware
WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
-
China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks
Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-linked-hackers-brickstorm-backdoors-european-networks
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…