Tag: malicious
-
Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations
by
in SecurityNewsThreat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising strategies. Recent investigations have uncovered a disturbingly effective method involving fake software downloads, such as a counterfeit “WinSCP” installer, propagated through malicious ads on platforms like Bing. One documented case revealed a user searching for “WinSCP download” via Microsoft Edge being…
-
Securing the invisible: Supply chain security trends
by
in SecurityNewsAdversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/
-
Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice
by
in SecurityNewsThreat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-crowdstrike-threat-intel-law-enforcement/
-
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
by
in SecurityNews
Tags: control, cyber, cybersecurity, hacker, infrastructure, linux, malicious, open-source, risk, software, toolCybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of unsecured infrastructure and the sophistication of modern cyber threats. Hunt’s continuous scanning of public IPv4…
-
New WordPress Malware Masquerades as Plugin
New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-malware-masquerades/
-
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions Technical Details Revealed
by
in SecurityNewsA severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within Mojo, enabling remote attackers to craft malicious payloads that, when triggered through user interaction like…
-
Anthropic Outlines How Bad Actors Abuse Its Claude AI Models
by
in SecurityNewsAnthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
-
Anthropic Outlines How Bad Actors Abuse Its Claude AI Models
by
in SecurityNewsAnthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
-
Anthropic Outlines How Bad Actors Abuse Its Claude AI Models
by
in SecurityNewsAnthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
-
Python-Based Discord RAT Enables Remote Control and Disruption Through a Simple Interface
by
in SecurityNewsA newly analyzed Python-based Remote Access Trojan (RAT) has emerged as a significant cybersecurity threat, utilizing Discord as its command-and-control (C2) platform. Disguised as a benign script, this malware transforms the popular communication tool into a hub for malicious operations, allowing attackers to remotely control infected systems with alarming ease. By exploiting Discord’s encrypted traffic…
-
Anthropic Outlines Bad Actors Abuse Its Claude AI Models
by
in SecurityNewsAnthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
-
Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware
by
in SecurityNewsA multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an outdated version 1.9.2.4. This version, unsupported by Adobe since June 2020, left the site vulnerable due to unpatched security flaws. The malware employed a deceptive .gif file, tampered browser sessionStorage data, and a malicious reverse proxy server to steal credit card…
-
SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells
by
in SecurityNewsSAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This vulnerability, with a maximum CVSSv3 severity score of 10.0, stems from a missing authorization check within the Metadata Uploader module of Visual Composer. When exploited, it allows unauthenticated attackers to upload arbitrary malicious files via specially crafted POST requests to…
-
iOS and Android juice jacking defenses have been trivial to bypass for years
New ChoiceJacking attack allows malicious chargers to steal data from phones. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
-
Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders
by
in SecurityNewsObfuscation stands as a powerful weapon for attackers seeking to shield their malicious code from defenders. This technique, which deliberately makes code hard to understand while preserving its functionality, is a cornerstone of the ongoing struggle between black hats and white hats. From penetration testers to antivirus developers, reverse engineers face an uphill battle against…
-
XDR, MDR, And EDR: Enhancing Your Penetration Testing Process With Advanced Threat Detection
by
in SecurityNews
Tags: attack, cyber, cybersecurity, defense, detection, edr, exploit, malicious, penetration-testing, strategy, threat, vulnerabilityIn the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay ahead of increasingly sophisticated threats. One of the most effective ways to identify and mitigate vulnerabilities is through penetration testing, a proactive approach that simulates real-world attacks to uncover weaknesses before malicious actors can exploit them. However, the effectiveness of…
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
by
in SecurityNews
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms
by
in SecurityNewsThe FBI has issued a public appeal for information concerning an ongoing cyber campaign targeting US telecommunications infrastructure, attributed to actors affiliated with the People’s Republic of China (PRC). This cyber operation, tracked under the moniker Salt Typhoon, has compromised networks at multiple US telecommunications companies and resulted in the theft of sensitive data. As…
-
Critical SAP NetWeaver Flaw (CVE-2025-31324) Actively Exploited
by
in SecurityNewsA critical security flaw in SAP NetWeaver’s Visual Composer component, identified as CVE-2025-31324, has been actively exploited by threat actors. This vulnerability allows unauthenticated attackers to upload malicious files, leading to potential full system compromise. SAP has released a patch… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31324-actively-exploited/
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
by
in SecurityNews
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
Backdoor Found in Official XRP Ledger NPM Package
by
in SecurityNewsXRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update… First seen on hackread.com Jump to article: hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/
-
Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell
by
in SecurityNewsThreat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT. According to a detailed analysis by JPCERT/CC, these attacks underscore the persistent and evolving risks surrounding Ivanti products, which have become a frequent target for…
-
Despite Recent Security Hardening, Entra ID Synchronization Feature Remains Open for Abuse
by
in SecurityNewsMicrosoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited. Synchronizing identity accounts between Microsoft Active Directory (AD) and Entra ID is important for user experience, as it seamlessly synchronizes user identities, credentials and groups…
-
Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
by
in SecurityNewsCybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns. According to research from Intezer, a cybersecurity firm that triages millions of alerts for enterprises globally, attackers are embedding malicious JavaScript within SVG files to redirect unsuspecting users to credential-harvesting phishing sites. This technique, dubbed >>Script in the Shadows,