Tag: malicious
-
Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders
Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code from defenders. This technique, which deliberately makes code hard to understand while preserving its functionality, is a cornerstone of the ongoing struggle between black hats and white hats. From penetration testers to antivirus developers, reverse engineers face an uphill battle against…
-
XDR, MDR, And EDR: Enhancing Your Penetration Testing Process With Advanced Threat Detection
Tags: attack, cyber, cybersecurity, defense, detection, edr, exploit, malicious, penetration-testing, strategy, threat, vulnerabilityIn the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay ahead of increasingly sophisticated threats. One of the most effective ways to identify and mitigate vulnerabilities is through penetration testing, a proactive approach that simulates real-world attacks to uncover weaknesses before malicious actors can exploit them. However, the effectiveness of…
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms
The FBI has issued a public appeal for information concerning an ongoing cyber campaign targeting US telecommunications infrastructure, attributed to actors affiliated with the People’s Republic of China (PRC). This cyber operation, tracked under the moniker Salt Typhoon, has compromised networks at multiple US telecommunications companies and resulted in the theft of sensitive data. As…
-
Critical SAP NetWeaver Flaw (CVE-2025-31324) Actively Exploited
A critical security flaw in SAP NetWeaver’s Visual Composer component, identified as CVE-2025-31324, has been actively exploited by threat actors. This vulnerability allows unauthenticated attackers to upload malicious files, leading to potential full system compromise. SAP has released a patch… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31324-actively-exploited/
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
Backdoor Found in Official XRP Ledger NPM Package
XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update… First seen on hackread.com Jump to article: hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/
-
Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell
Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT. According to a detailed analysis by JPCERT/CC, these attacks underscore the persistent and evolving risks surrounding Ivanti products, which have become a frequent target for…
-
Despite Recent Security Hardening, Entra ID Synchronization Feature Remains Open for Abuse
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited. Synchronizing identity accounts between Microsoft Active Directory (AD) and Entra ID is important for user experience, as it seamlessly synchronizes user identities, credentials and groups…
-
Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
Cybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns. According to research from Intezer, a cybersecurity firm that triages millions of alerts for enterprises globally, attackers are embedding malicious JavaScript within SVG files to redirect unsuspecting users to credential-harvesting phishing sites. This technique, dubbed >>Script in the Shadows,
-
NVIDIA NeMo Vulnerability Enables Remote Exploits
NVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo Framework, a platform widely used for developing AI-powered applications. The flaws, if exploited, could allow attackers to execute malicious code, tamper with data, or take control of vulnerable systems. Users are advised to update to NeMo Framework version 25.02 immediately to…
-
Critical Langflow Flaw Enables Malicious Code Injection Technical Breakdown Released
Tags: ai, cve, cvss, cyber, endpoint, flaw, injection, malicious, open-source, remote-code-execution, risk, vulnerabilityA critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows. This flaw, residing in the platform’s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems. The…
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
-
Critical AnythingLLM Vulnerability Exposes Systems to Remote Code Execution
Tags: ai, cve, cyber, cybersecurity, exploit, flaw, malicious, open-source, remote-code-execution, vulnerabilityA critical security flaw (CVE-2024-13059) in the open-source AI frameworkAnythingLLMhas raised alarms across cybersecurity communities. The vulnerability, discovered in February 2025, allows attackers with administrative privileges to execute malicious code remotely, potentially compromising entire systems. Detail Description CVE ID CVE-2024-13059 Severity Critical (CVSS 9.1) EPSS Score 0.04% (Low exploitation probability) Affected Versions AnythingLLM versions <…
-
Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/
-
SpyMax Android Spyware: Full Remote Access to Monitor Any Activity
Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of Android spyware, cleverly disguised as the official application of the Chinese Prosecutor’s Office (检察院). This malicious software was targeting Chinese-speaking users in mainland China and Hong Kong in what appears to be a sophisticated cyber espionage campaign. Exploiting Android Accessibility Services…
-
Widely available AI tools signal new era of malicious bot activity
Rise in accessible AI tools significantly lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale, according to Thales. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/18/ai-tools-malicious-bots/
-
Canada Warns Cyberdefenders to Buttress Edge Devices
Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.. The Canadian Center for Cybersecurity on Tuesday said it has observed increasing levels of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/canada-warns-cyberdefenders-to-buttress-edge-devices-a-28033
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
SafeLine Bot Management: Self-hosted alternative to Cloudflare
Modern websites are under constant pressure from automated traffic: scraping, credential stuffing, inventory hoarding, and other malicious bot behaviors. While Cloudflare Bot … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/safeline-bot-management/
-
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three seemingly harmless PyPI color packages revealed a hidden background functionality……
-
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration.The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance…
-
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
Researchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to appear legitimate and relevant to the recipient. These emails carry an archive attachment, which typically…
-
Critical Flaw in PHP’s extract() Function Enables Arbitrary Code Execution
A critical vulnerability in PHP’sextract()function has been uncovered, enabling attackers to execute arbitrary code by exploiting memory corruption flaws. The issue affects PHP versions 5.x, 7.x, and 8.x, allowing malicious actors to trigger double-free (PHP 5.x) or use-after-free (PHP 7.x/8.x) conditions, ultimately leading to remote code execution (RCE). Technical Breakdown According to the SSD report, the flaw stems from…
-
Google Removes 5.5 Billion Malicious Ads, Suspends 700,000+ Offending Advertisers
Google has announced the removal of 5.5 billion malicious advertisements and the suspension of over 700,000 offending advertiser accounts in 2024, according to its recently released Ads Safety Report. This accomplishment underscores Google’s ongoing commitment to fighting digital ad fraud, abuse, and policy violations, and demonstrates the growing power of AI in protecting both […]…
-
Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links
Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers. Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting…
-
New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.The issues have been uncovered in a binary named “schtasks.exe,” which enables an administrator to create, delete, query,…