Tag: backdoor

AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks

Nov 27, 2025 1:49 AM

Tags: attack, backdoor, zero-day

The post Water Gamayun Weaponizes >>MSC EvilTwin
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks

Nov 27, 2025 1:49 AM

Tags: attack, backdoor, zero-day

The post Water Gamayun Weaponizes >>MSC EvilTwin
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
NDSS 2025 EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis

Nov 25, 2025 7:49 PM

Tags: access, attack, backdoor, computing, conference, defense, detection, firmware, injection, intelligence, Internet, iot, network, risk, threat, vulnerability, xss

Session4A: IoT Security Authors, Creators & Presenters: Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information…
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor

Nov 25, 2025 3:49 PM

Tags: access, backdoor, credentials, macOS, malware

A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flexibleferret-malware-macos-go/
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Nov 25, 2025 1:49 AM

Tags: apt, backdoor, china, exploit, flaw

The post China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-autumn-dragon-apt-exploits-winrar-flaw-to-deploy-telegram-c2-backdoor/
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor

Nov 25, 2025 1:49 AM

Tags: access, attack, backdoor, cyber, cyberattack, defense, detection, group, india, malware, tactics, threat

An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 2:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
NDSS 2025 Explanation As A Watermark

Nov 22, 2025 7:49 PM

Tags: ai, backdoor, breach, conference, exploit, Internet, malicious, network

SESSION Session 3D: AI Safety ———– ———– Authors, Creators & Presenters: Shuo Shao (Zhejiang University), Yiming Li (Zhejiang University), Hongwei Yao (Zhejiang University), Yiling He (Zhejiang University), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University) ———– PAPER Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution Ownership verification is…
SesameOp: Neuartige Backdoor in OpenAI API für CC missbraucht

Nov 22, 2025 12:49 AM

Tags: api, backdoor, cyberattack, microsoft, openai

Sicherheitsforscher von Microsoft sind auf eine neuartige Backdoor in der OpenAI Assistant API gestoßen, und haben diese SesameOp genannt. Diese neuartige Backdoor, die von einem Angreifer verwendet wurde, nutzt die API des OpenAI Assistant, um Befehls- und Kontrollfunktionen für Cyberangriffe … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/22/sesameop-neuartige-backdoor-in-openai-api-fuer-cc-missbraucht/
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship

Nov 21, 2025 10:49 PM

Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, training

SESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship

Nov 21, 2025 10:49 PM

Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, training

SESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Nov 21, 2025 1:49 AM

Tags: backdoor, exploit, rce, remote-code-execution

The post Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/critical-wsus-rce-cve-2025-59287-actively-exploited-to-deploy-shadowpad-backdoor/
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…
TamperedChef Campaign Exploits Everyday Apps to Deploy Malware and Enable Remote Access

Nov 20, 2025 9:49 PM

Tags: access, backdoor, control, cyber, exploit, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit has uncovered a sophisticated global malvertising campaign called TamperedChef that disguises malware as legitimate everyday applications to compromise systems worldwide. The operation uses social engineering, search engine optimization tactics, and fraudulently obtained digital certificates to trick users into installing backdoors that grant attackers remote access and control over infected machines.…