Collecting Cyber-News from over 60 sources

Tag: malicious

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

May 3, 2025 12:50 AM

Tags: access, attack, backdoor, captcha, cyber, malicious, malware

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy a stealthy NodeJS backdoor. The attack, part of the broader KongTuke campaign, leverages compromised websites to distribute malicious JavaScript that ultimately deploys advanced remote access trojans (RATs) capable of tunneling traffic through SOCKS5 proxies with XOR-based encryption. SpiderLabs researchers note…
Malicious PyPi, npm packages found abusing trusted services for data theft

May 2, 2025 10:50 PM

Tags: data, malicious, pypi, service, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-npm-packages-found-abusing-trusted-services-for-data-theft
Malicious npm package mimicking CryptoJS targets cryptocurrency wallets

May 2, 2025 10:50 PM

Tags: crypto, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-npm-package-mimicking-cryptojs-targets-cryptocurrency-wallets
What is EDR? An analytical approach to endpoint security

May 2, 2025 11:50 AM

Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, training

EDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…
Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

May 2, 2025 11:50 AM

Tags: control, cyber, exploit, malicious, open-source, security-incident, service, supply-chain, threat

A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail’s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute…
NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

May 2, 2025 9:50 AM

Tags: advisory, cve, cyber, framework, hacker, LLM, malicious, nvidia, update, vulnerability

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vulnerability The vulnerability, identified as CVE-2025-23254, affects all versions of the NVIDIA TensorRT-LLM framework before 0.18.2 across…
npm Malware Targets Crypto Wallets, MongoDB; Code Points to Turkey

May 2, 2025 12:50 AM

Tags: crypto, malicious, malware

Sonatype discovered ‘crypto-encrypt-ts’, a malicious npm package impersonating the popular CryptoJS library to steal crypto and personal data…. First seen on hackread.com Jump to article: hackread.com/npm-malware-crypto-wallets-mongodb-turkey-code/
Malicious PyPI packages abuse Gmail, websockets to hijack systems

May 1, 2025 6:50 PM

Tags: data, malicious, pypi

Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/
Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

May 1, 2025 1:50 PM

Tags: attack, cve, cvss, cyber, flaw, hacker, hacking, malicious, monitoring, network, risk, vulnerability

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own hacking competition, allows attackers to execute malicious code remotely via the vehicle’s Tire Pressure Monitoring System (TPMS). The vulnerability, now patched, highlights growing risks in automotive cybersecurity. Detail Description CVE ID CVE-2025-2082 CVSS Score 7.5 (High) Adjacent Network Attack Vector […]…
10 insights on the state of AI security from RSA Conference

May 1, 2025 11:50 AM

Tags: access, ai, attack, automation, awareness, chatgpt, ciso, conference, cyber, cyberattack, cybersecurity, data, defense, detection, endpoint, exploit, framework, google, government, intelligence, malicious, malware, penetration-testing, phishing, resilience, risk, skills, social-engineering, strategy, threat, tool, vulnerability
MCP Prompt Injection: Not Just For Evil

May 1, 2025 5:53 AM

Tags: ai, attack, data-breach, detection, firewall, framework, google, injection, LLM, malicious, openai, switch, technology, tool, unauthorized

MCP tools are implicated in several new attack techniques. Here’s a look at how they can be manipulated for good, such as logging tool usage and filtering unauthorized commands. Background Over the last few months, there has been a lot of activity in the Model Context Protocol (MCP) space, both in terms of adoption as…
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency

Apr 30, 2025 11:50 PM

Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerability

Targeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
WordPress plugin disguised as a security tool injects backdoor

Apr 30, 2025 11:50 PM

Tags: backdoor, malicious, malware, tool, wordpress

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-disguised-as-a-security-tool-injects-backdoor/
AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

Apr 30, 2025 9:50 PM

Tags: ai, attack, malicious, risk, software

A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code. First seen on wired.com Jump to article: www.wired.com/story/ai-code-hallucinations-increase-the-risk-of-package-confusion-attacks/
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

Apr 30, 2025 7:50 PM

Tags: ai, attack, defense, framework, injection, intelligence, malicious, tool

As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable.MCP, launched by Anthropic in November…
Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Apr 30, 2025 6:49 PM

Tags: attack, cyber, malicious, malware, microsoft, ransomware, software, threat

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising strategies. Recent investigations have uncovered a disturbingly effective method involving fake software downloads, such as a counterfeit “WinSCP” installer, propagated through malicious ads on platforms like Bing. One documented case revealed a user searching for “WinSCP download” via Microsoft Edge being…
Securing the invisible: Supply chain security trends

Apr 30, 2025 6:56 AM

Tags: Hardware, malicious, software, supply-chain, update

Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/
Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice

Apr 29, 2025 8:52 PM

Tags: crowdstrike, cybercrime, data, malicious, threat

Threat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-crowdstrike-threat-intel-law-enforcement/
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Apr 29, 2025 8:52 PM

Tags: control, cyber, cybersecurity, hacker, infrastructure, linux, malicious, open-source, risk, software, tool

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of unsecured infrastructure and the sophistication of modern cyber threats. Hunt’s continuous scanning of public IPv4…
New WordPress Malware Masquerades as Plugin

Apr 29, 2025 6:51 PM

Tags: access, control, malicious, malware, wordpress

New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-malware-masquerades/
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions Technical Details Revealed

Apr 29, 2025 3:51 PM

Tags: browser, chrome, cve, cvss, cyber, flaw, google, malicious, vulnerability, windows

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within Mojo, enabling remote attackers to craft malicious payloads that, when triggered through user interaction like…
The state of intrusions: Stolen credentials and perimeter exploits on the rise, as phishing wanes

Apr 29, 2025 11:52 AM

Tags: access, apt, attack, authentication, awareness, backdoor, breach, business, china, cloud, control, corporate, credentials, crypto, cyber, cyberespionage, cybersecurity, data, email, espionage, exploit, extortion, finance, fraud, group, Hardware, incident response, infection, ivanti, jobs, law, lockbit, malicious, malware, mandiant, mfa, middle-east, mobile, network, north-korea, oracle, password, phishing, ransom, ransomware, RedTeam, russia, social-engineering, software, theft, threat, tool, training

Financial gains, data theft, dwell time: Of the intrusions Mandiant investigated in 2024, 35% were financially motivated, with ransomware alone representing 21% of all intrusions, according to the company’s data.Financial gains were realized via data theft for the purpose of extortion, cryptomining, cryptocurrency theft, business email compromise, and cases in which attackers monetized their access…
Anthropic Outlines How Bad Actors Abuse Its Claude AI Models

Apr 28, 2025 10:51 PM

Tags: ai, credentials, group, malicious, scam, service, threat, tool

Anthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
Python-Based Discord RAT Enables Remote Control and Disruption Through a Simple Interface

Apr 28, 2025 7:51 PM

Tags: access, control, cyber, cybersecurity, exploit, malicious, malware, rat, threat, tool

A newly analyzed Python-based Remote Access Trojan (RAT) has emerged as a significant cybersecurity threat, utilizing Discord as its command-and-control (C2) platform. Disguised as a benign script, this malware transforms the popular communication tool into a hub for malicious operations, allowing attackers to remotely control infected systems with alarming ease. By exploiting Discord’s encrypted traffic…
Anthropic Outlines Bad Actors Abuse Its Claude AI Models

Apr 28, 2025 6:51 PM

Tags: ai, credentials, group, malicious, scam, service, threat, tool

Anthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/anthropic-outlines-bad-actors-abuse-its-claude-ai-models/
Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

Apr 28, 2025 6:51 PM

Tags: adobe, attack, credit-card, cyber, data, malicious, malware, vulnerability

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an outdated version 1.9.2.4. This version, unsupported by Adobe since June 2020, left the site vulnerable due to unpatched security flaws. The malware employed a deceptive .gif file, tampered browser sessionStorage data, and a malicious reverse proxy server to steal credit card…
Huntress expands ITDR capabilities to combat credential theft and BEC

Apr 28, 2025 5:51 PM

Tags: access, attack, compliance, credentials, data, detection, email, exploit, firewall, fortinet, intelligence, malicious, microsoft, monitoring, network, password, risk, service, siem, soc, sophos, technology, theft, threat, unauthorized

from rogue and/or malicious applications in the past year. These applications refer to the ones designed by attackers to exploit Microsoft’s OAuth protocol to gain unauthorized access to sensitive environments.Detecting and removing these rogue applications is another upgrade ITDR received.”Our Rogue Apps detection engine works by continuously analyzing OAuth application metadata across our customer base (over…
SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells

Apr 28, 2025 3:58 PM

Tags: cyber, exploit, flaw, malicious, sap, vulnerability, zero-day

SAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This vulnerability, with a maximum CVSSv3 severity score of 10.0, stems from a missing authorization check within the Metadata Uploader module of Visual Composer. When exploited, it allows unauthenticated attackers to upload arbitrary malicious files via specially crafted POST requests to…
iOS and Android juice jacking defenses have been trivial to bypass for years

Apr 28, 2025 1:51 PM

Tags: android, attack, data, defense, malicious

New ChoiceJacking attack allows malicious chargers to steal data from phones. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)

Apr 28, 2025 12:51 PM

Tags: access, cve, exploit, flaw, malicious, sap, unauthorized, vulnerability

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/28/sap-netweaver-cve-2025-31324-exploited/