Tag: hacker
-
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi”‘stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto”‘loads at interpreter startup and can silently run code without command”‘line input. This script used ctypes to…
-
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi”‘stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto”‘loads at interpreter startup and can silently run code without command”‘line input. This script used ctypes to…
-
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies. First seen on hackread.com Jump to article: hackread.com/hacker-claude-code-gpt-4-1-mexican-records/
-
Hackers claim control over Venice San Marco anti-flood pumps
Hackers breached Venice ‘s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factories to flood defenses, operational technology (OT) has long had one essential…
-
Hackers claim control over Venice San Marco anti-flood pumps
Hackers breached Venice ‘s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factories to flood defenses, operational technology (OT) has long had one essential…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) Hackers Are Attempting to Turn ComfyUI Servers Into a…
-
Anthropic’s Mythos Will Force a Cybersecurity Reckoning”, Just Not the One You Think
The new AI model is being heralded”, and feared”, as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought. First seen on wired.com Jump to article: www.wired.com/story/anthropics-mythos-will-force-a-cybersecurity-reckoning-just-not-the-one-you-think/
-
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware. First seen on hackread.com Jump to article: hackread.com/graphalgo-scam-lazarus-hackers-us-llcs-malware/
-
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/
-
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/
-
Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries
Hackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as Storm-2755 and targeting Canadian users. By hijacking live Microsoft 365 sessions, the group redirects payroll deposits to attacker-controlled bank accounts while bypassing multifactor authentication (MFA) and blending in with normal user activity. The group’s…
-
Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub
Hacker claims a 10 petabyte data theft from China’s Tianjin Supercomputing Center, raising concerns over exposed defense-related data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/alleged-10-petabyte-data-theft-from-chinas-tianjin-supercomputing-hub/
-
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/
-
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers used a clever prompt injection technique known as >>CamoLeak.<< A security researcher publicly disclosed…
-
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers used a clever prompt injection technique known as >>CamoLeak.<< A security researcher publicly disclosed…
-
Gigantischer Datenklau: Hacker erbeutet zehn Petabyte von chinesischem Supercomputer
Tags: hackerFirst seen on t3n.de Jump to article: t3n.de/news/gigantischer-datenklau-hacker-erbeutet-zehn-petabyte-von-chinesischem-supercomputer-1737714/
-
Gigantischer Datenklau: Hacker erbeutet zehn Petabyte von chinesischem Supercomputer
Tags: hackerFirst seen on t3n.de Jump to article: t3n.de/news/gigantischer-datenklau-hacker-erbeutet-zehn-petabyte-von-chinesischem-supercomputer-1737714/
-
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack”‘for”‘hire campaign linked to the BITTER APT group. The campaign has been active since at least 2022. It primarily targets civil society members and potentially government officials in countries…
-
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth $3.6M from its wallets after a March 23 intrusion. Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depot, on March 23, stole login credentials, and drained about 50.9 BTC worth $3.6M from company wallets. Bitcoin Depot told the SEC that a hacker…
-
GitHub, GitLab Abused for Malware and Phishing Campaigns
Hackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development and business workflows, organizations cannot simply block them at the network edge, giving threat actors a powerful, trusted delivery channel. GitHub…
-
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
Tags: access, adobe, attack, ciso, control, data, email, exploit, hacker, incident response, malicious, malware, monitoring, resilience, risk, sans, software, technology, threat, tool, update, vulnerabilityA high risk exploit: Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, called the exploit “a very high risk.”So far it looks as though this particular malware just exfiltrates data, he said. But it implies there is an ability or capability to turn it into a vehicle for remote code execution.…
-
Breach Roundup: German Police Expose REvil, GandCrab Boss
Also, Medusa Ransomware, Grafana Flaw, German Political Party Breach. This week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party. First…
-
Eurail data breach impacted 308,777 people
Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information. Threat actors breached Eurail in December 2025 and stole names and passport numbers from its network. The company now notifies 308,777 people that attackers exposed their personal data, raising concerns about identity theft and misuse of sensitive…
-
Malicious PDF reveals active Adobe Reader zero-day in the wild
Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver a sophisticated PDF exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious file and warned the community. On March 26,…
-
Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet
A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-adobe-acrobat-zero-day-pdf-exploit-months/
-
Hacker stole £700,000 from UK energy company by redirecting payment
The U.K. energy company said a redirected payment meant for a contractor instead landed in a hacker’s bank account. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/09/hacker-stole-700000-from-u-k-energy-company-by-redirecting-payment/
-
Do Ceasefires Slow Cyberattacks? History Suggests Not
The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn’t actually name or directly involve them. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/ceasefires-slow-cyberattacks-history