Tag: infection
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Critical Wazuh bug exploited in growing Mirai botnet infection
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too First seen on theregister.com Jump to article: www.theregister.com/2025/06/10/critical_wazuh_bug_exploited_in/
-
New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in…
-
DollyWay World Domination Attack Compromises 20,000+ Sites
Since 2016, the “DollyWay World Domination” campaign has quietly compromised more than 20,000 WordPress websites worldwide, exploiting vulnerabilities in plugins and themes to redirect visitors to malicious destinations. The operation’s name comes from a telltale code string found in infected sites: phpdefine(‘DOLLY_WAY’, ‘World Domination’); DollyWay’s infection chain is highly sophisticated, employing a four-stage JavaScript and…
-
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass modern security defenses. This campaign, active in 2024, leverages fake job offers from well-known global brands like Bershka, Fragrance Du Bois, John Hardy, and Dear…
-
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
Stealer malware no longer just steals passwords. In 2025, it steals live sessions”, and attackers are moving faster and more efficiently than ever.While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked…
-
TikTok videos + ClickFix tactic = Malware infection
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/tiktok-videos-clickfix-tactic-infostealer-malware-infection/
-
Winos 4.0 Malware Masquerades as VPN and QQBrowser to Target Users
A sophisticated malware campaign deploying Winos 4.0, a memory-resident stager, has been uncovered by Rapid7, targeting users through fake installers of popular software like LetsVPN and QQBrowser. Initially detected during a February 2025 Managed Detection and Response (MDR) investigation, this operation employs a multi-layered infection chain dubbed the Catena loader. It uses trojanized NSIS installers…
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections
A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems.”Malware like LummaC2 is deployed to steal…
-
Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains
Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners. First seen on hackread.com Jump to article: hackread.com/microsoft-dismantle-lumma-stealer-domain-seized/
-
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack. Cybersecurity researchers have uncovered a multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
Hackers Weaponize KeePass Password Manager to Spread Malware and Steal Passwords
Tags: attack, cyber, exploit, hacker, incident response, infection, malware, open-source, password, threatThreat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware and facilitate large-scale password theft. The attack, which was reported by WithSecure’s Incident Response team, involved modifying and re-signing KeePass installers with trusted certificates to deliver a custom malware loader dubbed KeeLoader. Malware Delivery Through KeePass The infection chain began with…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
OpenText Report Shines Spotlight on Malware Infection Rates
A 2025 cybersecurity threat report based on analysis of data collected from tens of millions of endpoints by OpenText shows that the malware infection rate for business PCs now stands at 2.39%, with 87% of that malware being based on some type of variant that was specifically created to evade detection by cybersecurity tools. First…
-
New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources
Cybersecurity researchers at Palo Alto Networks’ Unit 42 have uncovered a novel obfuscation method employed by threat actors to conceal malware within bitmap resources of seemingly benign 32-bit .NET applications. This advanced steganography technique embeds malicious payloads in bitmap files, initiating a multi-stage infection chain that ultimately delivers destructive malware families such as Agent Tesla,…
-
NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says
It’s a major ruling in a landmark lawsuit that has had plenty of twists and turns, with more likely to come. First seen on cyberscoop.com Jump to article: cyberscoop.com/nso-group-owes-whatsapp-over-spyware-infections-jury/
-
New ClickFix Attack Imitates Ministry of Defence Website to Target Windows Linux Systems
Tags: attack, cyber, cyberattack, government, india, infection, intelligence, linux, malicious, malware, threat, windowsA newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India’s Ministry of Defence to distribute cross-platform malware targeting both Windows and Linux systems. Uncovered by threat intelligence researchers at Hunt.io, this operation employs a ClickFix-style infection chain, mimicking official government press release portals to lure unsuspecting users into executing malicious payloads. The…
-
What is EDR? An analytical approach to endpoint security
Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, trainingEDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…
-
MintsLoader Drops GhostWeaver via Phishing, ClickFix, Uses DGA, TLS for Stealth Attacks
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver.”MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts,” Recorded Future’s Insikt Group said in a report shared with The Hacker News.”The malware employs sandbox and virtual machine evasion techniques, a domain First seen…
-
New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT
A recently uncovered cyberattack campaign has brought steganography back into the spotlight, showcasing the creative and insidious methods attackers employ to deliver malware. This operation, dubbed the >>Stego-Campaign,
-
When AI moves beyond human oversight: The cybersecurity risks of self-sustaining systems
Tags: access, ai, attack, authentication, automation, breach, business, control, credentials, crowdstrike, cybersecurity, data, detection, email, exploit, firewall, fraud, government, identity, infection, login, malware, mfa, monitoring, network, phishing, risk, software, technology, threat, update, vulnerabilityautopoiesis, allows AI systems to adapt dynamically to their environments, making them more efficient but also far less predictable.For cybersecurity teams, this presents a fundamental challenge: how do you secure a system that continuously alters itself? Traditional security models assume that threats originate externally, bad actors exploiting vulnerabilities in otherwise stable systems. But with AI capable…
-
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
Researchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to appear legitimate and relevant to the recipient. These emails carry an archive attachment, which typically…
-
DOGE ‘Big Balls’ Ransomware Utilizes ZIP-Based LNK Shortcuts and BYOVD Techniques for Stealthy Attacks
A new and highly sophisticated ransomware campaign, dubbed “DOGE BIG BALLS Ransomware,” has recently come to light, demonstrating a blend of technical innovation and psychological manipulation. This operation stands out for its multi-stage infection chain, which begins with a seemingly innocuous ZIP file and culminates in the deployment of a customized ransomware payload, all while…