Tag: github

KI-Malware ist keine Theorie mehr

Nov 7, 2025 2:20 PM

Tags: access, ai, antivirus, api, control, cyberattack, cybercrime, cybersecurity, data, exploit, github, google, group, hacker, intelligence, LLM, malware, ransomware, RedTeam, service, skills, social-engineering, software, threat, tool, vulnerability

KI boomt auch unter Cyberkriminellen. Die ersten operativen Ergebnisse dieses Trends beleuchten Google-Sicherheitsforscher in einem aktuellen Report.Was lange befürchtet und vermutet wurde, will die Google Threat Intelligence Group (GTIG) nun im Rahmen einer aktuellen Untersuchung belegen: Cyberkriminelle nutzen KI im Rahmen ihrer Malware-Angriffskampagnen. Aber längst nicht mehr nur für Vibe-Coding-Zwecke oder zur technischen Unterstützung. Wie…
KI-Malware ist keine Theorie mehr

Nov 7, 2025 2:20 PM

Tags: access, ai, antivirus, api, control, cyberattack, cybercrime, cybersecurity, data, exploit, github, google, group, hacker, intelligence, LLM, malware, ransomware, RedTeam, service, skills, social-engineering, software, threat, tool, vulnerability

KI boomt auch unter Cyberkriminellen. Die ersten operativen Ergebnisse dieses Trends beleuchten Google-Sicherheitsforscher in einem aktuellen Report.Was lange befürchtet und vermutet wurde, will die Google Threat Intelligence Group (GTIG) nun im Rahmen einer aktuellen Untersuchung belegen: Cyberkriminelle nutzen KI im Rahmen ihrer Malware-Angriffskampagnen. Aber längst nicht mehr nur für Vibe-Coding-Zwecke oder zur technischen Unterstützung. Wie…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, github, malware

The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Operation PeekBaku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Nov 4, 2025 5:19 AM

Tags: apt, exploit, flaw, github

The post Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-peek-a-baku-silent-lynx-apt-exploits-lnk-flaws-to-deploy-reverse-shells-via-github-against-central-asian-diplomacy/
Operation PeekBaku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Nov 4, 2025 5:19 AM

Tags: apt, exploit, flaw, github

The post Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-peek-a-baku-silent-lynx-apt-exploits-lnk-flaws-to-deploy-reverse-shells-via-github-against-central-asian-diplomacy/
Malicious packages in npm evade dependency detection through invisible URL links: Report

Oct 31, 2025 5:19 AM

Tags: ai, application-security, attack, control, detection, edr, endpoint, exploit, flaw, github, governance, hacker, malicious, malware, microsoft, open-source, programming, service, software, supply-chain, threat, tool, training

Campaign also exploits AI: The names of packages uploaded to npm aren’t typosquats of common packages, a popular tactic of threat actors. Instead the hackers exploit AI hallucinations. When developers ask AI assistants for package recommendations, the chatbots sometimes suggest plausible-sounding names that are close to those of legitimate packages, but that don’t actually exist.…
Open-source AdaptixC2 hacking tool has fans in Russian cybercrime underground

Oct 30, 2025 6:19 PM

Tags: cybercrime, github, group, hacking, malware, open-source, ransomware, russia, tool

Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said. First seen on therecord.media Jump to article: therecord.media/open-source-adaptixc2-red-teaming-tool-russian-cybercrime
Open-source AdaptixC2 hacking tool has fans in Russian cybercrime underground

Oct 30, 2025 6:19 PM

Tags: cybercrime, github, group, hacking, malware, open-source, ransomware, russia, tool

Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said. First seen on therecord.media Jump to article: therecord.media/open-source-adaptixc2-red-teaming-tool-russian-cybercrime
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Oct 30, 2025 4:19 PM

Tags: attack, authentication, credentials, cybersecurity, github, malicious, malware, software, supply-chain

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines.The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first…
PhantomRaven attack floods npm with credential-stealing packages

Oct 29, 2025 6:27 PM

Tags: attack, authentication, credentials, github, malicious

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phantomraven-attack-floods-npm-with-credential-stealing-packages/
BlueNoroff reemerges with new campaigns for crypto theft and espionage

Oct 29, 2025 1:26 PM

Tags: attack, blockchain, credentials, crypto, espionage, github, group, jobs, lazarus, malware, social-engineering, supply-chain, theft, tool

Fake recruiters with real malware: The GhostHire operation takes a different approach, targeting Web3 developers through fake job offers and recruitment tests. Here BlueNoroff sets up fake developer tasks, often hosted on GitHub or shared via Telegram bots. “Based on historical attack cases of this campaign, we assess with medium confidence that this attack flow…
Black Duck’s product release round-up: faster fixes, smarter security

Oct 27, 2025 10:26 PM

Tags: ai, github, sbom, update

Explore the latest updates across the Black Duck portfolio”, from GitHub integrations and AI-powered fixes to faster scans, audit-ready SBOMs, and workflow automation. The post Black Duck’s product release round-up: faster fixes, smarter security appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/black-ducks-product-release-round-up-faster-fixes-smarter-security/
Scanning GitHub Gists for Secrets with Bring Your Own Source

Oct 27, 2025 7:26 PM

Tags: api, github, service

Developers treat GitHub Gists as a “paste everything” service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/scanning-github-gists-for-secrets-with-bring-your-own-source/
Lazarus group targets European drone makers in new espionage campaign

Oct 24, 2025 3:26 PM

Tags: attack, data, defense, detection, espionage, github, group, injection, intelligence, korea, lazarus, mitre, north-korea, software, supply-chain, theft

Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
New PDF Tool Detects Malicious Files Using PDF Object Hashing

Oct 24, 2025 2:26 PM

Tags: business, cyber, email, github, malicious, malware, open-source, phishing, threat, tool

Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used by threat actors in phishing campaigns, malware distribution, and business email compromise attacks. PDFs have…
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters

Oct 22, 2025 5:26 AM

Tags: blockchain, ciso, control, data, defense, detection, dns, framework, github, infrastructure, malware, military, mitre, network, service, threat

At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
Self-propagating worm found in marketplaces for Visual Studio Code extensions

Oct 22, 2025 5:26 AM

Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, worm

Marketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67

Oct 19, 2025 5:07 PM

Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rust

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

Oct 17, 2025 3:07 PM

Tags: access, advisory, api, attack, authentication, cvss, defense, exploit, flaw, framework, github, guide, Internet, microsoft, risk, update, vulnerability

The CVSS confusion: Despite Dorrans’ cautious assessment of the actual risk, the 9.9 CVSS rating has caused considerable confusion among developers, with many questioning whether the vulnerability truly warrants such an extreme severity score.Dorrans addressed this directly in the GitHub discussion, explaining that Microsoft’s scoring methodology accounts for worst-case scenarios.”On its own for ASP.NET Core,”…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…