Collecting Cyber-News from over 60 sources

Tag: linux

Forscher warnen: Bisher unbekannte Linux-Backdoor ist seit Monaten aktiv

Aug 5, 2025 12:28 PM

Tags: backdoor, linux, malware

Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-bisher-unbekannte-linux-backdoor-ist-seit-monaten-aktiv-2508-198822.html
Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover

Aug 5, 2025 11:28 AM

Tags: ai, flaw, linux, nvidia, rce, remote-code-execution, risk, vulnerability, windows

New flaws in NVIDIA’s Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure. Newly revealed security flaws in NVIDIA’s Triton Inference Server for Windows and Linux could let remote, unauthenticated attackers fully take over vulnerable servers. According to Wiz Research team, chaining these vulnerabilities enables remote code execution…
Ransomware goes cloud native to target your backup infrastructure

Aug 5, 2025 10:28 AM

Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-management

Credential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor

Aug 5, 2025 5:28 AM

Tags: antivirus, backdoor, linux, malware

‘Plague’ malware has been around for months without tripping alarms First seen on theregister.com Jump to article: www.theregister.com/2025/08/05/plague_linux_backdoor/
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Aug 4, 2025 7:28 PM

Tags: ai, control, exploit, flaw, intelligence, linux, nvidia, open-source, remote-code-execution, windows

A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.”When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote…
Nextron findet bisher unbekannte Plague-Backdoor in Linux

Aug 4, 2025 6:28 PM

Tags: access, backdoor, linux

Sicherheitsforscher von Nextron Research sind bei der Suche nach unbekannten Bedrohungen mit YARA-Regeln auf eine bisher undokumentierte PAM-basierte Backdoor identifiziert. Diese von den Sicherheitsforschern Plague getaufte Backdoor kann von Angreifern persistent auf Linux-Systemen installiert werden und gewährt einen dauerhaften SSH-Zugriff, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/04/nextron-findet-bisher-unbekannte-plague-backdoor-in-linux/
New Plague Linux malware stealthily maintains SSH access

Aug 4, 2025 5:28 PM

Tags: access, authentication, detection, linux, malware

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/
How ‘Plague’ infiltrated Linux systems without leaving a trace

Aug 4, 2025 2:28 PM

Tags: encryption, hacker, linux, malware

From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
How ‘Plague’ infiltrated Linux systems without leaving a trace

Aug 4, 2025 2:28 PM

Tags: encryption, hacker, linux, malware

From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
Researchers Use 0-Day to Exploit Google kernelCTF and Debian 12

Aug 4, 2025 2:28 PM

Tags: attack, cyber, exploit, google, linux, network, vulnerability, zero-day

Security researchers have uncovered and weaponized a critical Use-After-Free vulnerability (CVE-2025-38001) in the Linux network packet scheduler’s HFSC queuing discipline, successfully compromising Google kernelCTF instances”, LTS, COS, and mitigation”, and fully updated Debian 12. By ingeniously combining HFSC’s real-time scheduling mode, NETEM’s packet duplication feature, and a throttled Token Bucket Filter (TBF) root queue, the…
A new era of cyberthreats from sophisticated threat actors is here

Aug 4, 2025 9:29 AM

Tags: access, ai, attack, authentication, backdoor, china, cisa, cloud, communications, control, credentials, crowdstrike, data, data-breach, detection, edr, encryption, endpoint, exploit, group, identity, intelligence, Internet, kev, linux, network, password, phishing, ransomware, remote-code-execution, service, siem, social-engineering, tactics, threat, tool, update, vulnerability, vulnerability-management, windows, zero-day

Identity threats: Scattered Spider: Identity-oriented adversaries exploit human weaknesses to leverage compromised credentials obtained through social engineering and AI-based tools to gain access to networks.Voice-based phishing is one identity-based attack tool rising in prominence, having increased in use by 443% last year, according to Myers. “This is on track to double by the end of…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56

Aug 3, 2025 4:28 PM

Tags: backdoor, international, linux, malware, ransomware, threat, tool

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Endgame Gear mouse config tool infected users with malware Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal Decrypted: FunkSec Ransomware Threat actor uses…
Security Affairs newsletter Round 535 by Pierluigi Paganini INTERNATIONAL EDITION

Aug 3, 2025 12:28 PM

Tags: backdoor, china, email, international, linux, malicious, nvidia, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors…
New Linux backdoor Plague bypasses auth via malicious PAM module

Aug 3, 2025 5:28 AM

Tags: authentication, backdoor, linux, malicious

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Aug 2, 2025 5:28 PM

Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
AI Turns Panda Image Into ‘New Breed of Persistent Malware’

Aug 2, 2025 12:28 PM

Tags: ai, crypto, linux, malware

AI-assisted malware named Koske is hidden inside panda images, silently hijacking Linux machines for crypto mining while evading detection. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-malware-linux-panda-images/
New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access

Aug 2, 2025 12:28 PM

Tags: access, antivirus, authentication, backdoor, cyber, linux, malicious, malware, software

Security researchers have discovered a sophisticated Linux backdoor dubbed >>Plague
Kostenlose Datenrettung für Linux-Dateisysteme – R-Linux: freie Linux-Recovery-Software

Aug 1, 2025 12:28 PM

Tags: linux, software

First seen on security-insider.de Jump to article: www.security-insider.de/r-linux-freie-linux-recovery-software-a-cd561c62a9bec6839b06eb465bd0bfe2/
Kali Linux can now run in Apple containers on macOS systems

Jul 31, 2025 9:28 PM

Tags: apple, container, cybersecurity, kali, linux, macOS

Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple’s new containerization framework. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kali-linux-can-now-run-in-apple-containers-on-macos-systems/
Proton launches free standalone cross-platform Authenticator app

Jul 31, 2025 5:28 PM

Tags: android, authentication, linux, macOS, mfa, windows

Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proton-launches-free-standalone-cross-platform-authenticator-app/
Big vendors back Linux Foundation agentic workflows project

Jul 30, 2025 7:29 PM

Tags: Internet, linux, network

Agntcy overlaps with MCP and Agent2Agent but adds proposed standards for a broader range of network layers in the still-emerging ‘internet of agents.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366628236/Big-vendors-back-Linux-Foundation-agentic-workflows-project
Ransomware upstart Gunra goes cross-platform with encryption upgrades

Jul 30, 2025 3:27 PM

Tags: attack, breach, control, data, detection, encryption, endpoint, group, healthcare, linux, ransomware, update, vmware, windows

-r” or “ratio” parameter. The “-l” or the “limit” parameter is used to control how much of the file gets encrypted. If no value is provided, the entire file is encrypted,” Trend Micro added.Additionally, the variant offers flexible key-storage options for RSA-encrypted keys. Using the “-s” or ““, store” parameter makes the ransomware save each…
Auto-Color Backdoor Targets U.S. Chemical Firm via CVE-2025-31324

Jul 30, 2025 1:28 PM

Tags: access, backdoor, cve, cyberattack, cybersecurity, exploit, hacker, linux, malware, sap, vulnerability

In a three-day cyberattack this April, hackers exploited a newly disclosed SAP vulnerability to infiltrate a U.S.-based chemicals company, deploying a stealthy Linux malware known as Auto-Color backdoor. Cybersecurity firm Darktrace says the attackers gained access through a critical flaw… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/auto-color-backdoor-cve-2025-31324/
New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature

Jul 30, 2025 1:28 PM

Tags: attack, cyber, encryption, group, linux, ransomware, threat, virus, windows

The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat…
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

Jul 30, 2025 11:28 AM

Tags: attack, backdoor, cve, cybersecurity, exploit, flaw, hacker, linux, malware, sap, threat

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. >>In April 2025, Darktrace identified an Auto-Color backdoor malware attack…
Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware

Jul 30, 2025 11:28 AM

Tags: attack, backdoor, cyber, cybersecurity, exploit, hacker, linux, malware, sap, software, tactics, threat, vulnerability

Cybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred over three days in April 2025, demonstrates an alarming evolution in cyber attack tactics combining enterprise software exploitation with advanced…
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Jul 30, 2025 10:28 AM

Tags: access, attack, backdoor, breach, exploit, flaw, hacker, infrastructure, linux, malicious, malware, network, sap, threat, vulnerability

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.”Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to…
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code

Jul 30, 2025 7:27 AM

Tags: browser, chrome, cyber, google, linux, malicious, update, vulnerability, windows

Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming…
Nimble ‘Gunra’ Ransomware Evolves With Linux Variant

Jul 29, 2025 11:27 PM

Tags: cybercrime, linux, microsoft, ransomware, windows

The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant