Collecting Cyber-News from over 60 sources

Tag: malicious

New Malware Attack Uses Malicious Chrome Edge Extensions to Steal Sensitive Data

Jun 4, 2025 1:55 PM

Tags: access, attack, browser, chrome, cyber, cybersecurity, data, google, malicious, malware, microsoft, strategy, tool

Cybersecurity experts from Positive Technologies’ Security Expert Center have uncovered a sophisticated malicious campaign dubbed >>Phantom Enigma,
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Jun 4, 2025 1:55 PM

Tags: api, attack, crypto, data-breach, malicious, open-source, pypi, supply-chain, threat

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform

Jun 4, 2025 1:55 PM

Tags: cyber, email, group, hacker, hacking, korea, malicious, north-korea, phishing, spear-phishing

The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
Threat Actors Abuse ‘Prove You Are Human’ System to Distribute Malware

Jun 4, 2025 10:54 AM

Tags: attack, captcha, cyber, exploit, malicious, malware, powershell, tactics, threat, windows

Threat actors have been found exploiting the ubiquitous >>Prove You Are Human
Hackers Exploit Ruby Gems to Steal Telegram Tokens and Messages

Jun 4, 2025 10:54 AM

Tags: attack, backdoor, cyber, exploit, hacker, malicious, programming, supply-chain

Researchers have unearthed a sophisticated supply chain attack targeting Ruby Gems, a popular package manager for the Ruby programming language. Malicious actors have infiltrated the ecosystem by embedding backdoors in seemingly legitimate gems, enabling them to steal sensitive Telegram tokens and private messages from unsuspecting developers and users. Uncovering a Sophisticated Supply Chain Attack This…
DollyWay World Domination Attack Compromises 20,000+ Sites

Jun 4, 2025 8:55 AM

Tags: attack, cyber, exploit, infection, malicious, vulnerability, wordpress

Since 2016, the “DollyWay World Domination” campaign has quietly compromised more than 20,000 WordPress websites worldwide, exploiting vulnerabilities in plugins and themes to redirect visitors to malicious destinations. The operation’s name comes from a telltale code string found in infected sites: phpdefine(‘DOLLY_WAY’, ‘World Domination’); DollyWay’s infection chain is highly sophisticated, employing a four-stage JavaScript and…
Malicious PyPI packages aim to backdoor Windows, Linux systems

Jun 3, 2025 9:55 PM

Tags: backdoor, linux, malicious, pypi, windows

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-aim-to-backdoor-windows-linux-systems
Malicious RubyGems pose as Fastlane to steal Telegram API data

Jun 3, 2025 6:54 PM

Tags: api, data, malicious

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Jun 3, 2025 5:54 PM

Tags: attack, malicious, powershell, rat, threat

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.” First…
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence

Jun 3, 2025 4:54 PM

Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerability

In healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
Mozilla launches new system to detect Firefox crypto drainer add-ons

Jun 3, 2025 4:54 PM

Tags: browser, crypto, malicious

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 3, 2025 4:54 PM

Tags: cve, cvss, cybersecurity, exploit, flaw, malicious, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case…
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 3, 2025 4:54 PM

Tags: cve, cvss, cybersecurity, exploit, flaw, malicious, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case…
New Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM Guardrails

Jun 3, 2025 1:54 PM

Tags: ai, cloud, cyber, cybersecurity, data, exploit, LLM, malicious, risk, vulnerability

Cybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed to mitigate risks such as data leakage, biased outputs, and malicious exploitation, are critical to the secure deployment of AI models in enterprise environments. Exposing the Dual Nature of AI…
Hackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated Payloads

Jun 3, 2025 1:54 PM

Tags: access, ai, cyber, data-breach, exploit, github, hacker, Internet, malicious, risk, threat, tool, vulnerability

A malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to enhance large language models (LLMs). This incident underscores the growing risks associated with internet-exposed AI tools, as attackers leveraged administrative access on a vulnerable system to inject malicious AI-generated Python…
Threat Actors Exploit DevOps Web Server Misconfigurations to Deploy Malware

Jun 3, 2025 12:55 PM

Tags: attack, cyber, exploit, malicious, malware, threat, tool, vulnerability

Threat actors have increasingly turned their attention to exploiting misconfigurations in DevOps-managed web servers to deploy malicious payloads. Recent investigations into web server vulnerabilities reveal a sophisticated pattern of attacks targeting poorly secured environments. These misconfigurations, often stemming from improper setup of popular tools and platforms, provide an open gateway for attackers to infiltrate systems,…
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript

Jun 3, 2025 11:54 AM

Tags: attack, crypto, cyber, cybersecurity, exploit, malicious, threat

A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in…
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques

Jun 3, 2025 11:54 AM

Tags: cyber, cybersecurity, malicious, ransom, ransomware, software, tactics, threat, windows

A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ransoms for decryption keys. New Threat Emerges with Sophisticated Tactics Unlike typical ransomware, Lyrix incorporates cutting-edge evasion…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Jun 3, 2025 11:54 AM

Tags: android, banking, crypto, detection, finance, malicious, malware

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s…
AI gives superpowers to BEC attackers

Jun 3, 2025 9:54 AM

Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, training

The role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
International law enforcement effort dismantles malicious antivirus scanner

Jun 2, 2025 10:54 PM

Tags: antivirus, international, law, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/international-law-enforcement-effort-dismantles-malicious-antivirus-scanner
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware

Jun 2, 2025 9:54 PM

Tags: attack, captcha, cyber, cybersecurity, data, malicious, malware, rust, social-engineering, tactics, threat

Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack employs the ClickFix technique, tricking victims into executing malicious commands through fake verification prompts, representing a significant evolution in social engineering tactics used by cybercriminals.…
Monster Mitigates Malicious Traffic Fake Accounts with DataDome’s AI-Powered Protection

Jun 2, 2025 6:54 PM

Tags: ai, fraud, jobs, malicious

By eliminating click fraud, blocking job scrapers, stopping fake accounts, and reducing DevOps workload, Monster safeguarded its revenue, improved the platform’s integrity, and freed up engineering resources thanks to DataDome First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/monster-mitigates-malicious-traffic-fake-accounts-with-datadomes-ai-powered-protection/
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

Jun 2, 2025 5:54 PM

Tags: android, cve, cyber, flaw, malicious, risk, theft, unauthorized, vulnerability

On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on smartphones from Ulefone and Krüger&Matz. These flaws, tracked as CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917, expose users to risks ranging from unauthorized device resets to theft of sensitive PIN codes and privilege escalation by malicious applications. Technical…
Sysdig Reveals Discovery of Cyberattack Aimed at Tool to Build AI Apps

Jun 2, 2025 4:54 PM

Tags: ai, attack, cyberattack, injection, intelligence, malicious, threat, tool, training

Sysdig today disclosed an example of how a tool for training artificial intelligence (AI) models was compromised by a cyberattack that led to the injection of malicious code and the downloading of cryptominers. The Sysdig Threat Research Team (TRT) discovered an attack aimed at a misconfigured instance of Open WebUI, a tool widely used by..…
FBI cracks down on crypting crew in a global counter-antivirus service disruption

Jun 2, 2025 2:54 PM

Tags: antivirus, botnet, cybercrime, data, email, group, law, malicious, ransomware, service, threat, tool

Takedown was part of ‘Endgame’ operation: According to the Dutch officials’ statement, the seizure is closely linked to Operation Endgame, a law enforcement operation that conducted the largest botnet takedown exactly a year ago.The DOJ said that undercover purchases and service analysis confirmed that the websites supported cybercrime. Court documents alleged investigators linked emails and…
HuluCaptcha: Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command

Jun 2, 2025 2:54 PM

Tags: attack, captcha, cyber, exploit, malicious, phishing, windows

Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed >>HuluCaptcha