Tag: linux
-
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows/
-
Qilin Targets Windows Hosts With Linux-Based Ransomware
The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/qilin-targets-windows-hosts-linux-based-ransomware
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD
Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a Linux ransomware binary on Windows systems via legitimate remote tools, bypassing Windows defenses and EDRs. The cross-platform method enables stealthy attacks, stealing backup credentials…
-
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June.The development comes as the ransomware-as-a-service (RaaS) operation has emerged…
-
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June.The development comes as the ransomware-as-a-service (RaaS) operation has emerged…
-
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June.The development comes as the ransomware-as-a-service (RaaS) operation has emerged…
-
NDSS 2025 Oreo: Protecting ASLR Against Micro-Architectural Attacks
Authors, Creators & Presenters: Shixin Song (Massachusetts Institute of Technology), Joseph Zhang (Massachusetts Institute of Technology), Mengjia Yan (Massachusetts Institute of Technology) PAPER Oreo: Protecting ASLR Against Microarchitectural Attacks Address Space Layout Randomization (ASLR) is one of the most prominently deployed mitigations against memory corruption attacks. ASLR randomly shuffles program virtual addresses to prevent attackers…
-
LockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing Attacks
After months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new arsenal. In September 2025 alone, researchers identified a dozen organizations targeted by the revived operation. Particularly alarming is the rapid adoption of the new LockBit 5.0 variant, which accounted for half…
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems
The post Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/pakistan-linked-transparenttribe-apt-deploys-ai-assisted-deskrat-malware-against-indias-boss-linux-systems/
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
Mobian makes Debian’s latest ‘Trixie’ release pocket-sized
Another phone Linux? The Reg attempts to disentangle the options First seen on theregister.com Jump to article: www.theregister.com/2025/10/21/mobian_trixie/
-
Mobian makes Debian’s latest ‘Trixie’ release pocket-sized
Another phone Linux? The Reg attempts to disentangle the options First seen on theregister.com Jump to article: www.theregister.com/2025/10/21/mobian_trixie/
-
âš¡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It’s easy to think your defenses are solid, until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect.Here’s a quick look at this…
-
PoC Released for Linux-PAM Vulnerability Enabling Local Root Privilege Escalation
A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions. The flaw, rated 7.8 (High) on the CVSS scale, allows local attackers to elevate privileges to root through a sophisticated race condition and symbolic link (symlink) manipulation. Discovered in the pam_namespace…
-
Network security devices endanger orgs with ’90s era flaws
Tags: access, application-security, apt, authentication, breach, cisa, cisco, citrix, cloud, control, cve, cyber, cybersecurity, dos, email, endpoint, exploit, finance, firewall, firmware, flaw, government, group, incident response, infrastructure, injection, ivanti, jobs, linux, mitigation, mobile, network, open-source, penetration-testing, programming, regulation, remote-code-execution, reverse-engineering, risk, risk-management, router, service, software, threat, tool, vpn, vulnerability, zero-day2024 networking and security device zero-day flaws Product CVE Flaw type CVSS Check Point Quantum Security Gateways and CloudGuard Network Security CVE-2024-24919 Path traversal leading to information disclosure 8.6 (High) Cisco Adaptive Security Appliance CVE-2024-20359 Arbitrary code execution 6.6 (Medium) Cisco Adaptive Security Appliance CVE-2024-20353 Denial of service 8.6 (High) Cisco Adaptive Security Appliance …
-
Achtung: Xubuntu-Webseite verteilte seit Okt. 2025 Malware
Noch eine kurze Warnung für Linux-Interessenten, die sich für Xubuntu interessieren. Es gibt Berichte, dass die betreffende Xubuntu-Webseite Malware verteilen könnte. Inzwischen ist die Download-Seite deaktiviert. Also Vorsicht walten lassen und heruntergeladenes möglichst nicht verwenden, bis das geklärt ist. Diskussion auf … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/19/achtung-xubuntu-webseite-verteilte-malware/
-
Support-Ende für Windows 10 – Habt ihr schon gewechselt und wenn ja, wohin?
Wie hält es die Community mit Windows 11, liebäugelt ihr mit Linux und welche Windows-Versionen sind rückblickend eure Lieblinge? First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/support-ende-fuer-windows-10-habt-ihr-schon-gewechselt-und-wenn-ja-wohin.94729
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…