Tag: infection

Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access

Nov 4, 2025 9:19 AM

Tags: access, cyber, infection, malicious, malware, network, ransomware

The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang, formerly known as Vice Society before rebranding in 2023, has perfected a dangerous infection chain using paid Bing search advertisements. The gang purchases…
Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access

Nov 4, 2025 9:19 AM

Tags: access, cyber, infection, malicious, malware, network, ransomware

The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang, formerly known as Vice Society before rebranding in 2023, has perfected a dangerous infection chain using paid Bing search advertisements. The gang purchases…
BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

Nov 1, 2025 8:20 PM

Tags: attack, cisco, cve, exploit, government, infection, vulnerability

Australia warns of attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell install. The Australian Signals Directorate (ASD) warns of ongoing attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell infections and admin takeover. >>Cyber actors are installing an implant dubbed ‘BADCANDY’ on Cisco IOS XE devices that are vulnerable…
Australia warns of BadCandy infections on unpatched Cisco devices

Oct 31, 2025 5:19 PM

Tags: cisco, country, cyberattack, government, infection, router

The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/australia-warns-of-badcandy-infections-on-unpatched-cisco-devices/
Lampion Stealer Resurfaces with ClickFix Attack to Steal User Credentials Stealthily

Oct 30, 2025 4:19 PM

Tags: attack, banking, credentials, cyber, cybercrime, group, infection, malware, social-engineering, threat

A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operated continuously since at least June 2024 following its initial discovery in 2019, demonstrates the threat actor’s commitment to operational stealth and evasion. The…
Water Saci Hackers Use WhatsApp to Deploy Persistent SORVEPOTEL Malware

Oct 28, 2025 9:26 AM

Tags: cyber, hacker, infection, malware, powershell

Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On October 8, 2025, researchers discovered file downloads originating from WhatsApp Web sessions that utilize Visual Basic Script downloaders and PowerShell scripts to…
Water Saci Hackers Use WhatsApp to Deploy Persistent SORVEPOTEL Malware

Oct 28, 2025 9:26 AM

Tags: cyber, hacker, infection, malware, powershell

Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On October 8, 2025, researchers discovered file downloads originating from WhatsApp Web sessions that utilize Visual Basic Script downloaders and PowerShell scripts to…
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

Oct 28, 2025 6:26 AM

Tags: attack, india, infection, threat

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025.The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a…
Telegram Messenger Abused by Android Malware to Seize Full Device Control

Oct 24, 2025 3:26 PM

Tags: android, backdoor, control, cyber, cybercrime, infection, malware, mobile, threat

Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately 20,000 active infections currently being monitored. This threat represents a significant escalation in mobile malware…
Telegram Messenger Abused by Android Malware to Seize Full Device Control

Oct 24, 2025 3:26 PM

Tags: android, backdoor, control, cyber, cybercrime, infection, malware, mobile, threat

Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately 20,000 active infections currently being monitored. This threat represents a significant escalation in mobile malware…
Serious vulnerability found in Rust library

Oct 23, 2025 5:26 AM

Tags: advisory, attack, backup, container, control, data, email, exploit, flaw, incident response, infection, infosec, linux, malicious, open-source, pypi, radius, remote-code-execution, rust, software, supply-chain, unauthorized, update, vulnerability

async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.”In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers say…
AI-enabled ransomware attacks: CISO’s top security concern, with good reason

Oct 21, 2025 3:26 PM

Tags: access, ai, attack, ciso, corporate, crowdstrike, data, deep-fake, detection, email, encryption, extortion, group, infection, malware, phishing, ransomware, service, threat

Ransomware’s AI-powered future: Although CrowdStrike’s latest survey doesn’t provide a full picture of AI’s use by ransomware gangs, the fact that generative AI is proving highly effective in crafting phishing emails that lead to ransomware infections shows the tip of the iceberg CISOs face.CrowdStrike Field CTO Cristian Rodriguez tells CSO, “We’re seeing AI touch every…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads

Oct 17, 2025 3:07 PM

Tags: access, cisco, cloud, cve, data, detection, edr, exploit, infection, network, switch, tool

Effects beyond one-time infection: According to Trend Micro, the campaign affected specific Cisco families, including 9400, 9300, and legacy 3750G switches. Affected organizations face more than a one-off compromise as infected switches can provide attackers a long-term, stealthy platform for lateral movement, data interception, or further payload delivery.Parts of the exploit are fileless or volatile,…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

Oct 16, 2025 8:07 AM

Tags: attack, banking, computer, cyber, cybersecurity, exploit, infection, malicious, malware, threat

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed >>Maverick.
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

Oct 16, 2025 8:07 AM

Tags: attack, banking, computer, cyber, cybersecurity, exploit, infection, malicious, malware, threat

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed >>Maverick.
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops

Oct 15, 2025 7:54 AM

Tags: cyber, firmware, flaw, framework, hacker, infection, malware, tool, vulnerability

Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could enable persistent, undetectable malware infections at the most privileged system level. The vulnerabilities center around legitimate diagnostic tools…
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops

Oct 15, 2025 7:54 AM

Tags: cyber, firmware, flaw, framework, hacker, infection, malware, tool, vulnerability

Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could enable persistent, undetectable malware infections at the most privileged system level. The vulnerabilities center around legitimate diagnostic tools…
Risks of Not Aligning with ISO 27001 Remote Access Policy

Oct 14, 2025 5:24 PM

Tags: access, attack, cybersecurity, data, framework, ibm, infection, ISO-27001, malware, phishing, risk, scam

28% of organizations have become a part of some gruesome cybersecurity incidents, according to a security report released by IBM in 2024. Among the attack vectors of such attacks were malware infections, phishing scams, and unintentional data leaks. To the rescue comes ISO 27001. It provides a framework that helps organizations like yours fight back……
Snake Keylogger Uses Weaponized Emails and PowerShell to Steal Sensitive Data

Oct 10, 2025 10:23 AM

Tags: cyber, data, email, infection, mail, malware, powershell

A newly observed information”stealing campaign is deploying a stealthy variant of the SnakeKeylogger malware via weaponized e-mails that masquerade as legitimate remittance advice from CPA Global and Clarivate. Researchers first identified the infection vector on October 7, 2025, when recipients received messages titled “remittance advice for the payment dated 07″Oct”2025,” urging them to download an…
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Oct 6, 2025 2:35 PM

Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theft

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Oct 6, 2025 2:35 PM

Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theft

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…