Tag: backdoor
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
Über Telegram: Student finanziert sein Studium durch Verkauf von Backdoors
Tags: backdoorEin Student aus Bangladesch verkauft auf Telegram Zugänge zu kompromittierten Servern. Er behauptet, das Geld für seine Bildung zu brauchen. First seen on golem.de Jump to article: www.golem.de/news/ueber-telegram-student-finanziert-sein-studium-durch-verkauf-von-backdoors-2512-203014.html
-
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.”This malware enables remote control of compromised systems by allowing First…
-
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. First seen on hackread.com Jump to article: hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
-
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices. First seen on securityboulevard.com Jump to article:…
-
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Tags: apt, backdoor, china, cisa, cyber, cybersecurity, data-breach, espionage, infrastructure, threatCISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. >>The Cybersecurity…
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
Behörden warnen: Chinesische Hacker attackieren VMware-Systeme
Die Angreifer schleusen eine Backdoor-Malware namens Brickstorm ein, um sich dauerhaft einzunisten. IT-Verantwortliche sollten dringend handeln. First seen on golem.de Jump to article: www.golem.de/news/behoerden-warnen-chinesische-hacker-attackieren-vmware-systeme-2512-202940.html
-
Brickstorm Malware Hits US Critical Systems, CISA Warns
Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring. U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/brickstorm-malware-hits-us-critical-systems-cisa-warns-a-30195
-
CISA Warns of ‘Ongoing’ Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-ongoing-brickstorm-backdoor-attacks
-
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments
Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerabilityMultiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
-
4.3M Users Exposed in ShadyPanda’s Long-Running Browser Hack
ShadyPanda spent years hiding inside Google-verified extensions before unleashing an RCE backdoor that compromised 4.3 million users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3m-users-exposed-in-shadypandas-long-running-browser-hack/
-
MuddyWater strikes Israel with advanced MuddyViper malware
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…
-
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango First seen…
-
MuddyWater cyber campaign adds new backdoors in latest wave of attacks
ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
-
MuddyWater cyber campaign adds new backdoors in latest wave of attacks
ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
-
Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware
And some are still active in the Microsoft Edge store First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/
-
Backdoor ‘VShell” – Chinesisches Spionage-Tool auf über 1.500 Servern
First seen on security-insider.de Jump to article: www.security-insider.de/nviso-entdeckt-vshell-backdoor-cyberspionage-a-b7010d90febbea1bb70205078b4dd147/
-
Google-Antigravity-Lücke: KI-Coding-Tool anfällig für Angriffe
Eine Sicherheitslücke in Googles KI-Coding-Tool Antigravity erlaubt es Angreifern, Schadcode einzuschleusen.Anfang November brachte Google sein KI-gestütztes Coding-Tool Antigravity an den Start. Doch bereits nach 24 Stunden sind Forscher des Security-Anbieters Mindgard auf eine schwerwiegende Schwachstelle gestoßen, über die eine dauerhafte Backdoor und Schadcode installiert werden kann.Der kürzlich veröffentlichte Forschungsbericht weist darauf hin, dass sich das…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
-
OpenAI admits data breach after analytics partner hit by phishing attack
Tags: access, ai, api, attack, authentication, backdoor, breach, chatgpt, credentials, data, data-breach, email, governance, government, mfa, openai, password, phishing, riskName provided to OpenAI on the API account Email address associated with the API accountApproximate location based on API user browser (city, state, country)Operating system and browser used to access the API accountReferring websitesOrganization or User IDs associated with the API account”We proactively communicated with all impacted customers. If you have not heard from us directly,…
-
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an
Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windowsDie APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…