Collecting Cyber-News from over 60 sources

Tag: backdoor

ToneShell Backdoor Evolves With Anti-Analysis Tricks, Continues Targeting Myanmar

Sep 12, 2025 5:16 AM

Tags: backdoor

The post ToneShell Backdoor Evolves With Anti-Analysis Tricks, Continues Targeting Myanmar appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/toneshell-backdoor-evolves-with-anti-analysis-tricks-continues-targeting-myanmar/
Breach Roundup: Vidar Strikes Back

Sep 11, 2025 11:16 PM

Tags: attack, backdoor, breach, data, flaw, hacker, macOS, ransomware, update

Also, Akira Ransomware Resumes Attacks Via SonicWall Flaws. This week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn’t hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.…
EggStreme Malware Emerges With Fileless Techniques and DLL Sideloading Payloads

Sep 11, 2025 2:16 PM

Tags: apt, backdoor, china, cyber, data, espionage, framework, group, malicious, malware, military

A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data…
Brussels faces privacy crossroads over encryption backdoors

Sep 11, 2025 1:16 PM

Tags: backdoor, encryption, privacy

Over 600 security boffins say planned surveillance crosses the line First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/eu_chat_control/
Dormant macOS Backdoor ChillyHell Resurfaces

Sep 10, 2025 6:02 PM

Tags: backdoor, macOS, malware, password

With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dormant-macos-backdoor-chillyhell-resurfaces
New Buterat Backdoor Malware Found in Enterprise and Government Networks

Sep 10, 2025 5:16 PM

Tags: access, backdoor, government, malware, network, phishing

Meet Buterat, a new backdoor malware spreading through phishing and trojanized downloads, giving attackers persistent access to enterprise and government networks. First seen on hackread.com Jump to article: hackread.com/buterat-backdoor-malware-enterprise-govt-networks/
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

Sep 10, 2025 5:16 PM

Tags: access, apple, backdoor, cybersecurity, linux, macOS, malware, rat, threat, windows

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

Sep 10, 2025 5:16 PM

Tags: access, apple, backdoor, cybersecurity, linux, macOS, malware, rat, threat, windows

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

Sep 10, 2025 5:16 PM

Tags: access, apple, backdoor, cybersecurity, linux, macOS, malware, rat, threat, windows

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
The importance of reviewing AI data centers’ policies

Sep 8, 2025 10:08 AM

Tags: ai, attack, backdoor, corporate, cybersecurity, data, government, Hardware, jobs, monitoring, risk, side-channel, supply-chain, threat, tool, vulnerability

What cybersecurity leaders need to consider: Given these expanded threats, cybersecurity leaders and decision makers must closely scrutinize whether their AI data center operators are implementing corporate policies that require technical measures to secure AI data centers across all layers of security, including hardware, data, and geopolitical. Examples of such policies include: closely inspecting hardware…
New Exploit Bypasses Code Integrity to Backdoor Signal, 1Password, Slack, and More

Sep 5, 2025 1:20 PM

Tags: backdoor, browser, chrome, cve, cyber, exploit, framework, google, malicious, vulnerability

A new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Electron CVE-2025-55305, affects nearly every app built on the Chromium engine when they use Electron, a popular framework for making…
Neue Hacker-Gruppe GhostRedirector vergiftet Windows-Server

Sep 5, 2025 10:20 AM

Tags: backdoor, google, hacker, windows

ESET Forscher haben eine neue Hackergruppe identifiziert, dieWindows-Server mit einer passiven C++-Backdoor und einem bösartigen IIS-Modul angreift. Ihr Ziel: die Manipulation von Google-Suchergebnissen First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/neue-hacker-gruppe-ghostredirector-vergiftet-windows-server/
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook

Sep 5, 2025 12:20 AM

Tags: backdoor, data, hacker, microsoft, russia

APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection. First seen on hackread.com Jump to article: hackread.com/russian-apt28-notdoor-backdoor-microsoft-outlook/
Hackers exploited Sitecore zero-day flaw to deploy backdoors

Sep 4, 2025 9:20 PM

Tags: backdoor, exploit, flaw, hacker, threat, vulnerability, zero-day

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploited-sitecore-zero-day-flaw-to-deploy-backdoors/
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries

Sep 4, 2025 9:20 PM

Tags: attack, backdoor, email, group, hacking, intelligence, microsoft, russia, threat

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries.NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said. “When…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Sep 4, 2025 9:20 PM

Tags: attack, backdoor, cybersecurity, Internet, service, threat, windows

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS)…
New ‘NotDoor’ Malware Targets Outlook Users for Data Theft and System Compromise

Sep 4, 2025 8:20 AM

Tags: backdoor, control, cyber, data, espionage, group, hacker, malware, microsoft, russia, theft, threat

Russian state-sponsored hackers have developed a sophisticated new backdoor malware called >>NotDoor
XWorm Malware Adopts New Infection Chain to Bypass Security Detection

Sep 4, 2025 7:19 AM

Tags: backdoor, cyber, cybersecurity, detection, infection, malware, strategy, tactics

Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate move toward more deceptive and intricate infection methods designed to increase success rates while remaining…
Russian APT28 Expands Arsenal with ‘NotDoor’ Outlook Backdoor

Sep 3, 2025 3:20 PM

Tags: backdoor, malware, microsoft, russia

The backdoor is a sophisticated VBA-based malware targeting Microsoft Outlook First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-apt28-notdoor-outlook/
MystRodX: Weaponizing DNS and ICMP for Data Theft

Sep 3, 2025 1:19 PM

Tags: backdoor, cyber, data, dns, exploit, network, theft

A sophisticated backdoor, MystRodX, that exploits DNS and ICMP protocols to stealthily activate and exfiltrate data from compromised systems. Deployed via a dropper disguised as a Mirai variant, MystRodX remained undetected for over 20 months by hiding its activation logic within network packet payloads. Security researchers have uncovered a MystRodX supports both active and passive…
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control

Sep 2, 2025 6:20 PM

Tags: backdoor, control, cybersecurity, data, dns

Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems.”MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management,” QiAnXin XLab said in a report published last week. “Compared to typical…
Gratis mit Malware: Backdoor in verbreitetem PDF-Editor entdeckt

Sep 2, 2025 11:19 AM

Tags: backdoor, malware

Wer den Appsuite PDF Editor verwendet, sollte sein System als kompromittiert betrachten. Forscher warnen vor darin enthaltener Malware. First seen on golem.de Jump to article: www.golem.de/news/gratis-mit-malware-backdoor-in-verbreitetem-pdf-editor-entdeckt-2509-199701.html
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor

Sep 1, 2025 6:19 PM

Tags: access, antivirus, apt, backdoor, exploit, microsoft

Silver Fox APT abuses Microsoft-signed drivers to kill antivirus and deploy ValleyRAT remote-access backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silver-fox-deploy-valleyrat/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

Aug 31, 2025 6:19 PM

Tags: android, backdoor, botnet, international, iot, malware, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth The Silent, Fileless Threat of VShell Android backdoor spies on […]…