Tag: malicious
-
New PDFSider Windows malware deployed on Fortune 100 firm’s network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
-
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Tags: control, cybersecurity, data, data-breach, flaw, google, injection, malicious, privacy, vulnerabilityCybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar’s privacy controls by hiding a dormant…
-
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/
-
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 15 CPUs
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors.The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided…
-
Malicious Google Chrome Extensions Hijack Workday and Netsuite
Users of widely used HR and ERP platforms targeted with malicious extensions which were available in the Chrome Web Store First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-google-chrome-extension/
-
Five Chrome extensions caught hijacking enterprise sessions
Blocking defenses and hijacking sessions: The campaign went beyond stealing credentials. Two of the extensions, Tool Access 11 and Data By Cloud 2, incorporated DOM manipulation routines that actively blocked access to security and administrative pages within the targeted platforms. This prevented the enterprise admins from reaching screens to change passwords, view sign-on history, or…
-
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT.This new escalation of ClickFix has…
-
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT.This new escalation of ClickFix has…
-
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems
Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work together to steal session tokens, block security controls, and enable complete account takeover through session hijacking. Four of the extensions are published under…
-
Researchers Hijack Hacker Domain Using Name Server Delegation
Security researchers from Infoblox have successfully intercepted millions of malicious push notification advertisements by exploiting a DNS misconfiguration technique known as >>lame nameserver delegation,<< gaining complete visibility into a large-scale affiliate advertising operation without directly compromising any systems. The researchers claimed to have identified abandoned domains used by threat actors, receiving copies of over 57…
-
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campaign weaponizes fake browser crash warnings to trick users into executing malicious PowerShell commands, ultimately delivering ModeloRAT, a previously undocumented Python-based remote access…
-
GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically mature and persistent browser extension threats documented to date. The GhostPoster campaign leverages an uncommon…
-
Credential-stealing Chrome extensions target enterprise HR platforms
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/
-
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/
-
AWS Console Supply Chain Breach Enables GitHub Repository Hijacking
Tags: attack, breach, credentials, cyber, cybersecurity, exploit, github, malicious, open-source, service, supply-chain, threatA newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community. Cybersecurity researchers have discovered that threat actors are exploiting misconfigured AWS credentials and integrated GitHub actions tohijack repositoriesand inject malicious code into open-source projects. According to the security firm that uncovered the incident, attackersexploitcompromised…
-
Insider risk in an age of workforce volatility
Tags: access, ai, api, authentication, automation, backdoor, backup, china, ciso, control, credentials, cyber, cybersecurity, data, data-breach, exploit, framework, governance, government, identity, jobs, least-privilege, malicious, mitigation, monitoring, network, risk, strategy, supply-chain, threat, zero-trustEarly warnings: The machine as insider risk/threat: These dynamics are not emerging in a vacuum. They represent the culmination of warnings that have been building for years.As early as 2021, in my CSO opinion piece “Device identity: The overlooked insider threat,” Rajan Koo (then chief customer officer at DTEX Systems, now CTO) observed: “There needs…
-
One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into data exfiltration tools
What devs and security teams should do now: As in usual security practice, enterprise users should always treat URLs and external inputs as untrusted, experts advised. Be cautious with links, be on the lookout for unusual behavior, and always pause to review pre-filled prompts.”This attack, like many others, originates with a phishing email or text…
-
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026
Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
-
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
Microsoft on Wednesday announced that it has taken a “coordinated legal action” in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses.The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has…
-
From typos to takeovers: Inside the industrialization of npm supply chain attacks
Tags: access, application-security, attack, automation, backdoor, blockchain, breach, control, credentials, cybersecurity, github, gitlab, malicious, malware, phishing, radius, risk, supply-chain, threat, update, wormFrom typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead…
-
Iran’s partial internet shutdown may be a windfall for cybersecurity intel
only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
-
From Bot Noise to Real Insights: How Jobrapido Achieved True Marketing ROI
Discover how Jobrapido blocked 15% of malicious traffic with DataDome, achieving true marketing ROI, reducing cloud costs, and gaining trustworthy insights into genuine user activity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/from-bot-noise-to-real-insights-how-jobrapido-achieved-true-marketing-roi/
-
Flaw in AI Libraries Exposes Models to Remote Code Execution
3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face. Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/flaw-in-ai-libraries-exposes-models-to-remote-code-execution-a-30519
-
AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps
AppOmni, a provider of a platform for securing software-as-a-service (SaaS) applications, this week disclosed it has discovered a flaw in the ServiceNow platform that could be used to create a malicious artificial intelligence (AI) agent. Dubbed BodySnatcher (CVE-2025-12420), AppOmni researchers discovered it was possible for an unauthenticated intruder to impersonate any ServiceNow user using only..…
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
North Korean Hackers Exploit Code Repositories in “Contagious Interview” Campaign
A newly documented campaign dubbed “Contagious Interview” shows North Korean threat actors weaponising developer tooling and code-repository workflows to steal credentials, cryptocurrency wallets and establish remote access even when victims never “run” the code they are sent. In a recent case analysed by SEAL, a malicious Bitbucket repository (hxxps://bitbucket[.]org/0xmvptechlab/ctrading) was delivered as a take”‘home technical…
-
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.”Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe…
-
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).Download the First…