Collecting Cyber-News from over 60 sources

Tag: backdoor

LiteLLM Hit in Cascading Supply-Chain Attack

Mar 26, 2026 11:49 PM

Tags: attack, backdoor, breach, credentials, exploit, group, hacker, malicious, malware, pypi, supply-chain, theft, threat, tool

Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
Hochentwickelte PlugXKampagne nutzt den aktuellen Nahostkonflikt als Köder

Mar 26, 2026 2:47 PM

Tags: backdoor, cyberattack, malware, tool

Kurz nach dem Aufflammen der kriegerischen Auseinandersetzungen in der Region des Persischen Golfs machten sich Bedrohungsakteure diesen Konflikt bereits für eine virtuelle Angriffskampagne zunutze. Die Sicherheitsexperten von Threatlabz beobachten seit dem 1. März 2026 einen neuen Cyberangriff zur Auslieferung einer PlugX-Backdoor-Variante. Aufbauend auf den aufgedeckten Tools, Techniken und Prozessen der Multi-Stage-Kampagne schreiben die Analysten des…
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers

Mar 26, 2026 1:46 PM

Tags: apt, backdoor, china, cyber, cybercrime, exploit, group, intelligence, monitoring, phishing, rat, threat, vulnerability

Threat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has steadily adopted more advanced tradecraft, including modular backdoors, rootkits, and the exploitation of vulnerable drivers. TDR’s monitoring between…
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack

Mar 26, 2026 11:46 AM

Tags: attack, backdoor, china, cyber, group, malware

Fake screenshot links are being used to quietly deploy a multi”‘stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT”‘Q”‘27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET loaders, AWS S3 dead drops, and DLL sideloading to land a memory”‘resident Farfli backdoor that…
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Five

Mar 25, 2026 3:48 PM

Tags: backdoor, control, data, detection, encryption, infrastructure, leak, malicious, malware, network, resilience, software, windows

Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Four” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 via Trivy CI/CD Compromise

Mar 25, 2026 8:47 AM

Tags: backdoor, credentials, kubernetes, malicious, threat

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 Likely via Trivy CI/CD Compromise

Mar 24, 2026 8:47 PM

Tags: backdoor, credentials, kubernetes, malicious, threat

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
Country that put backdoors into Cisco routers to spy on world bans foreign routers

Mar 24, 2026 3:47 PM

Tags: backdoor, cisco, country, router, spy

Unfortunately, there aren’t many options unless you’re Starlink First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/fcc_foreign_routers/
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper

Mar 24, 2026 1:47 PM

Tags: backdoor, cloud, computer, cyber, infrastructure, Internet, iran, kubernetes

CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure seen in the earlier Trivy and NPM CanisterWorm incidents. However, it now adds selective destruction…
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mar 23, 2026 3:47 PM

Tags: attack, backdoor, data, exploit, Internet, iot, malware, supply-chain

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mar 23, 2026 3:47 PM

Tags: attack, backdoor, data, exploit, Internet, iot, malware, supply-chain

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
Supply-Chain-Attacke: Trivy-Scanner und 140 NPM-Pakete kompromittiert

Mar 23, 2026 2:47 PM

Tags: backdoor, malware, supply-chain

Ein Angreifer hat Malware in den Schwachstellenscanner Trivy sowie über 140 NPM-Pakete eingeschleust. Er sammelt Daten und richtet Backdoors ein. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-attacke-trivy-scanner-und-140-npm-pakete-kompromittiert-2603-206808.html
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens

Mar 23, 2026 8:47 AM

Tags: access, backdoor, cyber, group, supply-chain, threat

A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK versions that silently deploy a persistent backdoor and then self-spread across every package the victim…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Mar 22, 2026 12:09 PM

Tags: ai, backdoor, international, malicious, malware, ransomware, tool, ukraine, wordpress

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
Texas Gov. Orders State Review of Chinese-Made Medtech

Mar 20, 2026 10:10 PM

Tags: backdoor, china, cybersecurity, healthcare, privacy, risk

Contec and Epsimed Monitors Containing ‘Backdoors’ Are at the Center of Order. Texas Gov. Abbott has ordered agencies to review foreign-made connected medical devices – especially those from Chinese manufacturers – used in state-owned facilities for cybersecurity issues that could pose security and privacy risks to patients and healthcare infrastructure. First seen on govinfosecurity.com Jump…
That cheap KVM device could expose your network to remote compromise

Mar 20, 2026 1:10 AM

Tags: access, authentication, backdoor, control, corporate, detection, edr, encryption, endpoint, exploit, firewall, firmware, Internet, linux, malware, mfa, network, technology, tool, update, vpn, vulnerability

Stealthy backdoors: A compromised KVM device can become a powerful backdoor in any environment. An attacker can inject keystrokes to execute commands or access UEFI settings to disable security features such as disk encryption and Secure Boot.Because the device operates outside the controlled system’s OS, endpoint detection tools and host firewalls cannot see it. These…
Pyronut Package Backdoors Telegram Bots With RCE

Mar 19, 2026 12:10 PM

Tags: api, backdoor, cyber, framework, malicious, pypi, rce, remote-code-execution

Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system.”‹ The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyrogram, a widely used Telegram MTProto API framework with around 370,000 monthly downloads. Instead of…
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos

Mar 18, 2026 1:09 PM

Tags: backdoor, blockchain, cyber, detection, github, software

ForceMemo is an active software supply”‘chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force”‘pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen”‘token ecosystem and uses the Solana blockchain as a resilient command”‘and”‘control (C2) channel, making detection and takedown significantly harder. The attacker targets a wide range of…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

Mar 17, 2026 5:10 AM

Tags: access, backdoor, china, cyberespionage, hacker, military

Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-nexus-hackers-southeast-asian-military-orgs
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Mar 16, 2026 10:10 PM

Tags: apt, backdoor, group, malware, microsoft, russia, spy, threat, ukraine

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Mar 16, 2026 12:10 PM

Tags: backdoor, defense, espionage, intelligence, malware, microsoft, russia, threat, ukraine

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed…
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor

Mar 16, 2026 8:09 AM

Tags: backdoor, cyber, email, exploit, group, microsoft, ransomware, social-engineering

Attackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm”‘1811), a financially motivated group tied to Black Basta and Cactus ransomware operations. The intrusion begins with email bombing, where victims’ inboxes are…
Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

Mar 13, 2026 10:11 PM

Tags: backdoor, login, penetration-testing, vulnerability

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen……
Even primitive AI-coded malware helps hackers move faster, thwart attribution

Mar 13, 2026 5:10 PM

Tags: ai, backdoor, hacker, ibm, malware

IBM researchers discovered an autonomously coded backdoor that they called unsophisticated but nonetheless ominous. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-ransomware-backdoor-ibm-attribution/814671/
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…