Tag: hacker
-
LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data
Tags: cyber, cybercrime, cybersecurity, data, data-breach, group, hacker, infrastructure, leak, lockbit, ransomwareSecurity researchers have uncovered critical infrastructure details for the notorious LockBit 5.0 ransomware operation, including the IP address 205.185.116.233 and the domain karma0.xyz, which hosts the group’s latest leak site. The discovery represents a significant operational security failure for the cybercriminal organization. Cybersecurity researcher Rakesh Krishnan first publicized the findings on December 5, 2025, identifying…
-
Don’t use ‘admin’: UK’s top 20 most-used passwords revealed as scams soar
Easy-to-guess words and figures still dominate, alarming cysbersecurity experts and delighting hackersIt is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.The second most popular, “123456”, is also unlikely to keep hackers at bay. <a…
-
Mit eigentlich sauberen Add-ons: Wie Hacker 4,3 Millionen Geräte mit Schadcode infizierten
First seen on t3n.de Jump to article: t3n.de/news/saubere-add-ons-schadcode-1719879/
-
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. First seen on hackread.com Jump to article: hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
-
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices. First seen on securityboulevard.com Jump to article:…
-
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29 and publicly disclosed on Wednesday, when a fix was rolled out. First seen on therecord.media Jump to article: therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
-
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29 and publicly disclosed on Wednesday, when a fix was rolled out. First seen on therecord.media Jump to article: therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
-
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1.According…
-
Beijing-linked hackers are hammering max-severity React bug, AWS warns
State-backed attackers started poking flaw as soon as it dropped anyone still unpatched is on borrowed time First seen on theregister.com Jump to article: www.theregister.com/2025/12/05/aws_beijing_react_bug/
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
Russian Calisto Hackers Target NATO Research with ClickFix Malware
Tags: credentials, cyber, defense, hacker, intelligence, malicious, malware, phishing, russia, service, spear-phishing, threat, ukraineRussian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its spear-phishing campaigns throughout 2025, leveraging the ClickFix malicious code technique to target high-value entities across…
-
Hackers Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
A critical command injection vulnerability in Array Networks’ ArrayOS AG systems has become the focus of active exploitation campaigns, with Japanese organizations experiencing confirmed attacks since August 2025. According to alerts from JPCERT/CC, threat actors are leveraged the vulnerability to install webshells and establish persistent network access, marking a significant escalation in targeting enterprise VPN infrastructure. The…
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks
A sophisticated phishing campaign is targeting users through Microsoft Teams notifications, exploiting the platform’s trusted status to deliver deceptive messages that appear legitimate to both recipients and email security filters. Threat actors are leveraging Teams’ official notification system to send emails from the no-reply@teams.mail.microsoft address, creating a false sense of authenticity that makes detection increasingly difficult. The…
-
Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks
A sophisticated phishing campaign is targeting users through Microsoft Teams notifications, exploiting the platform’s trusted status to deliver deceptive messages that appear legitimate to both recipients and email security filters. Threat actors are leveraging Teams’ official notification system to send emails from the no-reply@teams.mail.microsoft address, creating a false sense of authenticity that makes detection increasingly difficult. The…
-
China-Nexus Hackers Exploiting React2Shell Vulnerability in Active Attacks
Within hours of the public disclosure of CVE-2025-55182 on December 3, 2025, Amazon threat intelligence teams detected active exploitation attempts from multiple China-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components carries a maximum CVSS score of 10.0 and poses an immediate threat to organizations running vulnerable versions…
-
Bybit-Hack: Berüchtigter Hacker fängt sich selbst Malware ein
Ein am großen Bybit-Hack beteiligter nordkoreanischer Hacker hat sein eigenes System wohl versehentlich mit Malware infiziert. Nun ist mehr über ihn bekannt. First seen on golem.de Jump to article: www.golem.de/news/bybit-hack-beruechtigter-hacker-faengt-sich-selbst-malware-ein-2512-202958.html
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
Behörden warnen: Chinesische Hacker attackieren VMware-Systeme
Die Angreifer schleusen eine Backdoor-Malware namens Brickstorm ein, um sich dauerhaft einzunisten. IT-Verantwortliche sollten dringend handeln. First seen on golem.de Jump to article: www.golem.de/news/behoerden-warnen-chinesische-hacker-attackieren-vmware-systeme-2512-202940.html
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
-
UK Government Considers Computer Misuse Act Revision
Security Minister Dan Jarvis Endorses Security Researcher Protections. The U.K. government is considering amending its three-decade-old hacking law to include a statutory defense cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-government-considers-computer-misuse-act-revision-a-30197
-
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/
-
LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures. First seen on hackread.com Jump to article: hackread.com/north-korean-hacker-device-lummac2-infostealer-bybit/
-
Marquis data breach impacted more than 780,000 individuals
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics,…
-
CISA warns of Chinese “BrickStorm” malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/