Tag: malicious
-
Image or Malware? Read until the end and answer in comments 🙂
A malicious email delivered a .cmd malware that escalates privileges, bypasses antivirus, downloads payloads, sets persistence, and self-deletes. I received this email from a friend to make an analysis. First, let me express my thanks to Janô Falkowski Burkard for this amazing contribution. A little context, He received an email that was really strange and…
-
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant.”Every package contains three files (package.json, index.js, postinstall.js), has no description, repository, First seen on thehackernews.com Jump…
-
Sample Malware Phone Back CC (Command and Control) MD5s From Domains Belonging to XSS Forum Users A Compilation
Dear blog readers, In my most recent analysis I decided to take a deeper look inside some of the domains which belong to members of the XSS forum are known to have been used as malicious software phone back C&C (command and control) domains. Here’s the compilation: 206.su 740d9cd8ea165302aa3cd7e6f198ea4c 23fefvdfmbhty5ouihksdfs.com c2a10312a002ad7de56237d9a419f2f8 adwords-limon.biz 7e2c95f6297d372820df8bea6ec10c42 astfv43kol.com c5d8a48579e8bc4a2ff1ac229d7da4bb…
-
Top 10 Best Privileged Access Management (PAM) Solutions 2026
In the dynamic and increasingly complex cybersecurity landscape of 2026, privileged accounts remain the most coveted targets for cybercriminals and malicious insiders alike. From system administrators and database managers to automated scripts and applications, these >>digital crown jewels<< hold the keys to an organization's most sensitive data and critical infrastructure. A single compromised privileged credential…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
-
5 critical steps to achieve business resilience in cybersecurity
Tags: access, ai, attack, authentication, automation, backup, breach, business, communications, control, credentials, cybersecurity, data, defense, detection, endpoint, identity, malicious, mfa, msp, password, ransomware, resilience, soc, threat, tool, updateLooking for end-to-end coverage of your environment? Check out N-able Unified Security Solutions. 2. Transition from manual to automated response : SOC teams can’t keep up with the flood of alerts”, N-able handled 2 alerts per minute on average in 2025. That’s why automation and Security Orchestration, Automation and Response (SOAR) saw a 500% YoY surge”, almost one in four responses are now…
-
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a “chaos-as-a-service” group that injected malicious code First seen on blog.talosintelligence.com Jump to article:…
-
Breach of Confidence: 3 April 2026
I once tried to assemble IKEA furniture this week without looking at the instructions. Got halfway through before realising I’d built something structurally sound but utterly useless. Feels like a decent metaphor for most security programmes. America Discovers It Doesn’t Make Routers Anymore The US just banned foreign-made routers because malicious actors kept using them……
-
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtimes to evade detection and maintain persistence on infected systems. The ZIP contained a Python script (can.py), a standalone Python interpreter,…
-
Malicious Chrome Extension >>ChatGPT Ad Blocker<< Targets Users, Steals Conversations
Security researchers have uncovered a malicious Google Chrome extension named >>ChatGPT Ad Blocker<>ChatGPT Ad Blocker<< Targets Users, Steals Conversations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/malicious-chrome-extension-targets-chatgpt-users/
-
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
Tags: attack, breach, credentials, cyber, hacker, korea, malicious, north-korea, software, supply-chain, threatA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malicious code into the popular HTTP client library. Axios is one of the most widely…
-
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…
-
Qilin Ransomware Deploys Malicious DLL to Disable Most EDR Defenses
The Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solutions. As defenders improve behavioral detection capabilities, attackers are increasingly targeting the defense layer itself during the early stages of a breach. By deploying a malicious >>msimg32.dll<< file, attackers can bypass traditional antivirus…
-
Gmail’s New Rename Feature Could Add Spam and Phishing to Your Inbox
As of March 31st, Google is allowing users to change their primary Gmail address username. Although a nice feature for those who created unfortunate names originally, it may also undermine spam and phishing blocking. The feature is intended to allow the user account to be changed while keeping the underlying account intact. The original name…
-
Cisco fixed critical and high-severity flaws
Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of…
-
Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved the “rapid takeover” of the company’s security council administrative powers. First seen on therecord.media Jump to article: therecord.media/drift-crypto-confirms-280-million-stolen-north-korea
-
Residential proxies evaded IP reputation checks in 78% of 4B sessions
Tags: maliciousResearchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/residential-proxies-evaded-ip-reputation-checks-in-78-percent-of-4b-sessions/
-
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption…. First seen on hackread.com Jump to article: hackread.com/storm-infostealer-sold-as-service-browsers-wallets/
-
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security tool, according to a new alert from the national cyber response team. Targets included government agencies, financial institutions, educational bodies, medical centers, and IT companies. The emails urged recipients to download a password-protected archive…
-
Qilin EDR killer infection chain
This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/qilin-edr-killer/
-
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Tags: breach, cyber, infrastructure, malicious, microsoft, mitigation, north-korea, supply-chain, threatMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) were published with a hidden malicious dependency that contacted attacker command”‘and”‘control (C2) infrastructure and…
-
Italian spyware vendor creates Fake WhatsApp app, targeting 200 users
WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was…
-
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used across vital infrastructure sectors. Tracked as CVE-2026-1579, the security flaw carries a near-maximum Common Vulnerability Scoring…
-
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but execute as scripts when opened on Windows. Once launched, the initial script creates hidden folders…
-
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
P_MLE and P_SECURE) in the tabpanel sidebar introduced in 2025, and a missing security check in the autocmd_add() function.Claude Code then helpfully tried to find ways to exploit the vulnerability, eventually suggesting a tactic that bypassed the Vim sandbox by persuading a target to open a malicious file. It had gone from prompt to proof-of-concept…
-
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick…