Tag: malicious
-
Critical Samlify SSO flaw lets attackers log in as admin
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-samlify-sso-flaw-lets-attackers-log-in-as-admin/
-
Google flags malicious use of Linux .desktop files
First seen on scworld.com Jump to article: www.scworld.com/brief/google-flags-malicious-use-of-linux-desktop-files
-
LLM03: Supply Chain FireTail Blog
Tags: ai, compliance, cyber, data, encryption, exploit, LLM, malicious, mitigation, monitoring, open-source, organized, privacy, risk, service, software, strategy, supply-chain, training, update, vulnerabilityMay 21, 2025 – Lina Romero – LLM03: Supply Chain 20/5/2025 Excerpt The OWASP Top 10 List of Risks for LLMs helps developers and security teams determine where the biggest risk factors lay. In this blog series from FireTail, we are exploring each risk one by one, how it manifests, and mitigation strategies. This week,…
-
NCSC: Russia’s Fancy Bear targeting logistics, tech organisations
The NCSC and its partner agencies have blown the whistle on an extensive campaign of malicious cyber attacks orchestrated by the Russian state Fancy Bear operation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366624164/NCSC-Russias-Fancy-Bear-targeting-logistics-tech-orgs
-
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam. This attack, which redirects users to sites like hxxps://xjdm166[.]com, leverages the unique capabilities of PWAs to retain users longer and evade traditional browser security mechanisms. Unlike typical phishing attempts, this…
-
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malwareA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
-
Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees
ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll fraud against a manufacturing sector customer. This deceptive strategy involves crafting fake authentication portals that mirror legitimate organizational login pages, manipulating search engine results to rank these malicious sites at the top. Unsuspecting employees, searching for payroll portals on mobile…
-
Lumma Stealer toppled by globally coordinated takedown
Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold. First seen on cyberscoop.com Jump to article: cyberscoop.com/lumma-stealer-infostealer-takedown/
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
Critical flaw in OpenPGP.js raises alarms for encrypted email services
Tags: attack, backdoor, crypto, email, flaw, group, malicious, open-source, risk, service, supply-chain, threat, tool, vulnerabilityTrusting open code: The incident also underscores a familiar trade-off. Open-source libraries such as OpenPGP.js are widely used because they offer transparency, broad adoption, and the advantages of community input and peer review.But trusting open source libraries also means inheriting any flaws they might have, even subtle ones, that can go unnoticed for years.”This vulnerability…
-
Data-stealing VS Code extensions removed from official Marketplace
Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/21/data-stealing-vs-code-extensions-removed-from-official-marketplace/
-
PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections
PowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released on May 20, 2025. Security researchers warn that organizations using DNSdist should apply this update…
-
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps
Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam.”While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out,” c/side researcher Himanshu Anand said in a Tuesday analysis.”The malicious landing…
-
Malicious Hackers Create Fake AI Tool to Exploit Millions of Users
A concerning development in the field of cybersecurity is the initiation of a sophisticated campaign by hostile actors posing as Kling AI, a well-known AI-powered picture and video synthesis platform that has amassed 6 million users since its June 2024 launch. According to the Report , Uncovered by Check Point Research (CPR) in early 2025,…
-
New Phishing Attack Uses AES Malicious npm Packages to Office 365 Login Credentials
Fortra’s Suspicious Email Analysis (SEA) team uncovered a highly sophisticated phishing campaign targeting Microsoft Office 365 (O365) credentials. Unlike typical phishing attempts, this attack stood out due to its intricate use of modern technologies and developer infrastructure. The threat actors employed a multi-layered strategy involving AES (Advanced Encryption Standard) encryption, malicious npm (Node Package Manager)…
-
Cybercriminals Could Leverage Google Cloud Platform for Malicious Activities
A Research by Tenable and Cisco Talos has shed light on a critical vulnerability in Google Cloud Platform’s (GCP) Cloud Functions and Cloud Build services, revealing a potential attack vector for cybercriminals. According to Tenable, the default Cloud Build Service Account (SA) previously granted excessive permissions during the deployment of Cloud Functions, a serverless compute…
-
Critical Vulnerability in Lexmark Printers Enables Remote Code Execution
Security researchers from DEVCORE discovered the vulnerability through Trend Micro’s Zero Day Initiative (ZDI), marking the third major printer firmware flaw disclosed in 2025 following similar incidents affecting HP and Canon devices. Critical security vulnerability affecting over 150 Lexmark printer and multifunction device models enables remote attackers to execute malicious code on unpatched systems through…
-
Critical Vulnerability in Palo Alto GlobalProtect Gateway Portal Enables Remote Code Execution
Palo Alto Networks has assigned the vulnerability aLOW severity ratingbut urges administrators to apply patches by upgrading to fixed PAN-OS versions, with timelines extending through August 2025. Reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks’ GlobalProtect gateway and portal features (CVE-2025-0133) has been disclosed, enabling attackers to execute malicious JavaScript in authenticated users’ browsers.…
-
Threat intelligence platform buyer’s guide: Top vendors, selection advice
Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
-
Malicious RVTools installer spreads Bumblebee malware
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-rvtools-installer-spreads-bumblebee-malware
-
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
-
Bumblebee Malware Takes Flight via Trojanized VMware Utility
An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bumblebee-malware-trojanized-vmware-utility
-
‘Hazy Hawk’ Cybercrime Gang Swoops In for Cloud Resources
Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/hazy-hawk-cybercrime-gang-cloud-resources
-
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
-
More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads
The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as Golden Chickens), continues to exploit human trust through meticulously crafted social engineering. Sold as a Malware-as-a-Service (MaaS) to notorious threat actors like FIN6 and Cobalt Group, this potent JavaScript backdoor primarily targets human resources (HR) departments by masquerading as job application…
-
Hackers Abuse TikTok and Instagram APIs to Verify Stolen Account Credentials
Cybercriminals are leveraging the Python Package Index (PyPI) to distribute malicious tools designed to exploit TikTok and Instagram APIs for verifying stolen account credentials. Security researchers at Socket have identified three such packages checker-SaGaF, steinlurks, and sinnercore that automate the process of validating emails and usernames against social media platforms. Released between April 2023 and…
-
CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog
Tags: cisa, cve, cyber, cybersecurity, email, exploit, flaw, infrastructure, kev, malicious, vulnerability, xssCybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting MDaemon Email Server to its Known Exploited Vulnerabilities (KEV) Catalog on May 19, 2025. This critical addition, identified as CVE-2024-11182, highlights a security flaw that allows attackers to inject malicious JavaScript code via crafted HTML emails. Federal agencies now have until…
-
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.”The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas…
-
Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
Tags: authentication, control, cve, cyber, cybersecurity, endpoint, exploit, flaw, malicious, sap, vulnerability, zero-dayCybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and authorization controls, enabling unauthenticated attackers to upload malicious files like web shells, leading to potential…