Tag: malicious
-
New .NET Multi-Stage Loader Targets Windows Systems to Deploy Malicious Payloads
A recently discovered .NET-based multi-stage loader has caught the attention of cybersecurity researchers due to its complex architecture and ability to deploy a range of malicious payloads on Windows systems. Tracked since early 2022 by Threatray, this loader employs a sophisticated three-stage process to deliver commodity stealers, keyloggers, and Remote Access Trojans (RATs) such as…
-
Malicious NPM package uses Unicode steganography to evade detection
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-npm-package-uses-unicode-steganography-to-evade-detection/
-
Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
Tags: blizzard, cyber, cyberespionage, cybersecurity, email, exploit, group, hacker, malicious, russia, vulnerability, xssA sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-this operation targets high-value webmail servers using cross-site scripting (XSS) vulnerabilities. Active since at least 2004, Sednit has a notorious history, including alleged involvement…
-
Weaponized Google Calendar Invites Deliver Malicious Payload Using a Single Character
Security researchers have unearthed a sophisticated malware distribution method leveraging Google Calendar invites to deliver malicious payloads through seemingly innocuous links. The attack, centered around a deceptive npm package named os-info-checker-es6, showcases an unprecedented level of obfuscation that begins with a single, unprintable Unicode character. This character, from the Unicode Private Use Area, serves as…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
Malicious npm package using steganography downloaded by hundreds
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-npm-package-using-steganography-downloaded-by-hundreds/
-
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems.”This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final First seen…
-
“Dance of the Hillary” and the Expanding Use of Malware in Regional Cyber Conflict
A recent advisory from the Punjab Police’s cybercrime wing warns of a new wave of malware attacks potentially originating from Pakistan, with a tool known as “Dance of the Hillary” at the center of the campaign. Targeting users through phishing links and malicious attachments, this strain of malware is designed to steal sensitive data and…
-
Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware
A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by threat actors deploying Horabot malware, predominantly targeting Spanish-speaking users in Latin America. This high-severity threat, detailed in the 2025 Global Threat Landscape Report, exploits malicious HTML files embedded in phishing emails to steal sensitive information, including email credentials and banking data,…
-
Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files
Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect malicious .desktop files, a novel attack vector leveraged by threat actors to compromise systems. Initially documented by Zscaler researchers in 2023, this technique involves the abuse of .desktop files-plain text configuration files used to define application launch behavior in Linux desktop…
-
Threat Actors Exploit AI and LLM Tools for Offensive Cyber Operations
A recent report from the S2W Threat Intelligence Center, TALON, sheds light on the escalating misuse of generative AI and large language models (LLMs) by threat actors on the dark web for malicious cyber operations. As LLMs like ChatGPT, Claude, and DeepSeek grow in capability, they are increasingly weaponized as offensive tools for exploit generation,…
-
Strengthening Cloud Security: API Posture Governance, Threat Detection, and Attack Chain Visibility with Salt Security and Wiz
Tags: api, attack, authentication, best-practice, cloud, compliance, data, detection, exploit, google, governance, incident response, malicious, risk, risk-assessment, threat, tool, vulnerabilityIntroduction In the current cloud-centric environment, strong API security is essential. Google’s acquisition of Wiz underscores the urgent necessity for all-encompassing cloud security solutions. Organizations should focus on both governing API posture, ensuring secure configuration and deployment to reduce vulnerabilities and assure compliance, and on effective threat detection and response. Salt Security’s API Protection Platform…
-
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina.The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email First seen…
-
Weaponized PyPI Package Targets Developers to Steal Source Code
Security researchers at RL have discovered a malicious Python package called >>solana-token
-
Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution
Microsoft has addressed three critical security flaws in its Office suite, including two vulnerabilities rated Critical and one Important, all enabling remote code execution (RCE) via use-after-free memory corruption weaknesses. These vulnerabilities, disclosed between March and May 2025, expose systems to attacks where malicious actors could execute arbitrary code by enticing users to open specially…
-
12 AI terms you (and your flirty chatbot) should know by now
1. Artificial general intelligence (AGI) The ultimate manifestation of AI has already played a featured role in dozens of apocalyptic movies. AGI is the point at which machines become capable of original thought and either a) save us from our worst impulses or b) decide they’ve had enough of us puny humans. While some AI…
-
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times.…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
New attack can steal cryptocurrency by planting false memories in AI chatbots
Malicious “context manipulation” technique causes bot to send payments to attacker’s wallet. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/ai-agents-that-autonomously-trade-cryptocurrency-arent-ready-for-prime-time/
-
Four Hackers Caught Exploiting Old Routers as Proxy Servers
U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and Kazakhstani Dmitriy Rubtsov (38) face conspiracy and computer crime charges for allegedly profiting from botnets…
-
PupkinStealer Targets Windows Users to Steal Browser Login Credentials
A newly identified information-stealing malware dubbed PupkinStealer has emerged as a significant threat to Windows users, with its first sightings reported in April 2025. Written in C# using the .NET framework, this malicious software is engineered to pilfer sensitive data, including browser credentials, messaging app sessions from platforms like Telegram and Discord, desktop documents, and…
-
Attackers Leverage Unpatched Output”¯Messenger 0″‘Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Identified as CVE-2025-27920, this directory traversal flaw in the Output Messenger Server Manager application allows authenticated attackers to upload malicious files…
-
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliverfully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in cybercrime tactics. The exploit involves embedding malicious code within standard JPG images. When a victim…
-
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The flaws, disclosed in Mitel’s Product Security Advisory MISA-2025-0004, include a critical-severity command injection bug (CVE-2025-47188)…
-
Malicious .NET files conceal RATs in bitmap images
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-net-files-conceal-rats-in-bitmap-images
-
Chrome 137 Integrates Gemini Nano AI to Combat Tech Support Scams
Google has unveiled a groundbreaking defense mechanism in Chrome 137, integrating its on-device Gemini Nano large language model (LLM) to detect and block these malicious campaigns in real time. This update marks a significant leap in combating evolving cyber threats by leveraging artificial intelligence directly within users’ browsers. Tech support scams exploit psychological manipulation, mimicking…