Tag: malicious
-
Malicious X ads fuel new cryptocurrency scam
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-x-ads-fuel-new-cryptocurrency-scam
-
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich…
-
New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources
Cybersecurity researchers at Palo Alto Networks’ Unit 42 have uncovered a novel obfuscation method employed by threat actors to conceal malware within bitmap resources of seemingly benign 32-bit .NET applications. This advanced steganography technique embeds malicious payloads in bitmap files, initiating a multi-stage infection chain that ultimately delivers destructive malware families such as Agent Tesla,…
-
Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells, to unpatched servers, granting full system takeover capabilities. According to research from Forescout, exploitation has…
-
Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results
Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By leveraging SEO tactics typically used for legitimate online marketing, attackers manipulate search engine rankings to push malicious websites to the top of results on platforms like Google. Disguised as trusted tools, these malicious payloads trick even seasoned admins into downloading…
-
Malicious Python Package Impersonates Discord Developers to Deploy Remote Commands
A seemingly innocuous Python package named ‘discordpydebug’ surfaced on the Python Package Index (PyPI) under the guise of “Discord py error logger.” Marketed as a debugging utility for developers working on Discord bots with the Discord.py library, this package was anything but harmless. Beneath its benign facade lay a fully functional remote access trojan (RAT),…
-
New Supply Chain Attack Compromises Popular npm Package with 45,000 Weekly Downloads
An advanced supply chain attack has targeted the well-known npm package rand-user-agent, which receives about 45,000 downloads every week, in a worrying development for the JavaScript developer community. Maintained by WebScrapingAPI, this package is designed to generate randomized, real-world user-agent strings based on their frequency of occurrence. However, recent analysis has uncovered malicious code embedded…
-
Cybercriminal services target endlife routers, FBI warns
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks…
-
Indirect Prompt Injection Exploits LLMs’ Lack of Informational Context
A new wave of cyber threats targeting large language models (LLMs) has emerged, exploiting their inherent inability to differentiate between informational content and actionable instructions. Termed >>indirect prompt injection attacks,
-
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.”The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos…
-
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks, like data leaks, identity theft, and malicious misuse.If your company is exploring or already using AI agents, you need to ask: Are they secure?AI agents work with sensitive data…
-
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Tags: ai, api, apple, backdoor, credentials, cybersecurity, infrastructure, intelligence, macOS, malicious, threat, toolCybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.”Disguised as developer tools offering ‘the cheapest Cursor API,’ these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor’s First seen on thehackernews.com Jump…
-
Living Off the Land (LOTL) Attacks: How your tools are used against you?
Introduction A well-known organisation called SolarWinds was attacked in September 2019. In this attack, a hacker used a supply chain attack to inject malicious code into the system. More than 18,000 SolarWinds customers installed Updates containing the dangerous code. Living off the land attacks use legitimate tools to carry out malicious activities. They are particularly……
-
Hackers Exploit Windows Remote Management to Evade Detection in AD Networks
A new wave of cyberattacks is targeting Active Directory (AD) environments by abusing Windows Remote Management (WinRM), a legitimate administrative tool, to move laterally and evade detection across enterprise networks. Security researchers and incident responders are raising alarms as attackers increasingly leverage WinRM to blend in with normal network activity, making their malicious actions harder…
-
Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition
Tags: apache, attack, cyber, dos, flaw, malicious, mitigation, open-source, service, software, vulnerabilityCritical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious actors to exhaust system memory through specially crafted OpenWire commands. The flaw, tracked as AMQ-6596, affects multiple legacy versions of the widely used open-source messaging platform and has prompted urgent mitigation directives from the Apache Software Foundation. The vulnerability stems…
-
New Advanced Phishing Attack Exploits Discord to Target Crypto Users
Check Point Research has uncovered a sophisticated phishing campaign that leverages Discord to target cryptocurrency users. The attack redirects victims from legitimate Web3 websites to a fake Collab.Land bot and then to a phishing site, ultimately tricking them into signing malicious transactions. This campaign has been directly linked to the notorious Inferno Drainer, which has…
-
China-Backed Hackers Target Exiled Uyghur Community with Malicious Software
Senior members of the World Uyghur Congress (WUC) living in exile were targeted with a sophisticated spearphishing campaign delivering malware through a seemingly legitimate Uyghur language text editor. The attack, which began preparation nearly a year ago, represents another chapter in China’s ongoing digital transnational repression campaign against the Uyghur diaspora. While the malware itself…
-
FBI Warns Hackers Are Using EndLife Routers to Mask Their Tracks
The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and home users: cybercriminals are actively exploiting outdated, unsupported routers to hide their tracks and launch attacks, making them a favored tool for masking malicious operations. According to a new security advisory released May 7, FBI investigators have observed a troubling spike…
-
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.CVE-2025-31324 refers to a critical SAP NetWeaver flaw First…
-
LLM02: Sensitive Information Disclosure FireTail Blog
May 08, 2025 – Lina Romero – In 2025, AI security is a relevant issue. With the landscape changing so rapidly and new risks emerging every day, it is difficult for developers and security teams to stay on top of AI security. The OWASP Top 10 Risks for LLM attempts to break down the most prevalent…
-
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/
-
Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters
Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that enable attackers to bypass security filters and deliver malicious payloads to protected web applications. These flaws, designated CVE-2024-56523 and CVE-2024-56524, highlight systemic weaknesses in how the WAF processes non-standard HTTP requests and user-supplied input containing special characters. The vulnerabilities, disclosed…
-
Fake Crypto Exchange Ads on Facebook Spread Malware
Bitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop… First seen on hackread.com Jump to article: hackread.com/fake-crypto-exchange-ads-facebook-spread-malware/
-
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users
Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in X/Twitter’s advertising display URL feature to deceive users. This attack manipulates the platform’s URL display mechanism to present a legitimate-looking link, such as “From CNN[.]com,” while redirecting unsuspecting victims to a malicious cryptocurrency scam site impersonating Apple’s brand. This campaign,…
-
AI Agents Fail in Novel Ways, Put Businesses at Risk
Microsoft researchers identify 10 new potential pitfalls for companies who are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-agents-fail-novel-put-businesses-at-risk
-
How Escape Enabled Deeper Business Logic Testing for Arkose Labs
Arkose Labs is a global cybersecurity company that specializes in account security, including bot management, device ID, anti-phishing and email intelligence. Its unified platform helps the world’s biggest enterprises across industries, including banking, gaming, e-commerce and social media, protect user accounts and digital ecosystems from malicious automation, credential First seen on securityboulevard.com Jump to article:…
-
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools
A new spam campaign is targeting Brazilian users with a clever twist, abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/spam-campaign-targeting-brazil-abuses-rmm-tools/