Collecting Cyber-News from over 60 sources

Tag: malicious

Malicious crypto developer-targeted coding challenges spread infostealers

Apr 16, 2025 11:28 PM

Tags: crypto, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-crypto-developer-targeted-coding-challenges-spread-infostealers
Malicious bots now make up more than a third of web traffic

Apr 16, 2025 11:28 PM

Tags: malicious

First seen on scworld.com Jump to article: www.scworld.com/news/malicious-bots-now-make-up-more-than-a-third-of-web-traffic
Credential theft achieved by malicious MEXC order-hijacking PyPI package

Apr 16, 2025 11:28 PM

Tags: credentials, malicious, pypi, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/credential-theft-achieved-by-malicious-mexc-order-hijacking-pypi-package
Beware! Online PDF Converters Tricking Users into Installing Password-Stealing Malware

Apr 16, 2025 7:28 PM

Tags: attack, cyber, cyberattack, malicious, malware, office, password

CloudSEK’s Security Research team, a sophisticated cyberattack leveraging malicious online PDF converters has been demonstrated to target individuals and organizations globally. This attack, previously hinted at by the FBI’s Denver field office, involves the distribution of potent malware, known as ArechClient2, which is a variant of the harmful SectopRAT family of information stealers. The Deception…
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates

Apr 16, 2025 7:28 PM

Tags: attack, cyber, cybersecurity, detection, extortion, group, malicious, ransomware, service, threat, update, usa

The Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, Interlock operates independently, focusing primarily on Big Game Hunting and double extortion campaigns. This group’s activities have been closely monitored by cybersecurity firms such as Sekoia Threat Detection & Research…
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

Apr 16, 2025 7:28 PM

Tags: cybersecurity, exploit, flaw, malicious, service, vulnerability, windows

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.The issues have been uncovered in a binary named “schtasks.exe,” which enables an administrator to create, delete, query,…
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2

Apr 16, 2025 6:28 PM

Tags: access, api, business, cloud, control, cryptography, data, defense, edr, encryption, exploit, framework, group, Hardware, kaspersky, malicious, malware, microsoft, mitre, monitoring, network, reverse-engineering, service, technology, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1

Apr 16, 2025 6:28 PM

Tags: access, api, backdoor, china, cloud, control, data, detection, edr, encryption, endpoint, espionage, github, government, group, injection, malicious, malware, military, network, threat, tool, windows

IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
>>Livingthe-Land Techniques<< How Malware Families Evade Detection

Apr 16, 2025 10:28 AM

Tags: attack, cyber, detection, malicious, malware, threat, tool

Living-off-the-Land (LOTL) attacks have become a cornerstone of modern cyber threats, allowing malware to evade detection by leveraging legitimate system tools and processes. Rather than relying on custom malicious binaries that can be flagged by security solutions, attackers use trusted, built-in utilities to perform their objectives, making their activities blend seamlessly with normal system operations.…
Malicious Macros Return in Sophisticated Phishing Campaigns

Apr 16, 2025 10:28 AM

Tags: cyber, cybersecurity, exploit, malicious, microsoft, office, phishing, vulnerability

The cybersecurity landscape of 2025 is witnessing a troubling resurgence of malicious macros in phishing campaigns. Despite years of advancements in security measures and Microsoft’s decision to disable macros by default in Office applications, attackers have adapted their methods to exploit human vulnerabilities and technical loopholes. These malicious macros, embedded within seemingly legitimate documents, have…
Oracle Issues Patch for 378 Vulnerabilities in Major Security Rollout

Apr 16, 2025 9:28 AM

Tags: cyber, cybersecurity, exploit, malicious, oracle, update, vulnerability

Oracle Corporation has released a sweeping Critical Patch Update (CPU) for April 2025, addressing a staggering 378 security vulnerabilities across a wide array of its product families. The rollout underscores Oracle’s continued commitment to proactive cybersecurity and comes amid ongoing reports of malicious exploits targeting unpatched systems worldwide. This massive update, delivered under Oracle’s regular…
Protecting Against Insider Threats Strategies for CISOs

Apr 16, 2025 8:28 AM

Tags: ciso, credentials, cyber, cybersecurity, finance, malicious, risk, strategy, threat, vulnerability

Insider threats represent a critical vulnerability in organizational cybersecurity, posing risks that are often more challenging to mitigate than external attacks. These threats can originate from malicious employees, negligent staff, or compromised credentials, each capable of causing significant financial, operational, and reputational harm. The stakes for Chief Information Security Officers (CISOs) are high: a single…
The Unbearable Drama of a PCI DSS Standard Rollout

Apr 15, 2025 8:28 PM

Tags: cybersecurity, data, malicious, PCI

Last-Minute PCI DSS 4.0 Changes Highlight Challenge of Battling Malicious Scripts. On the eve of enforcement for version 4.0 of the Payment Card Industry’s Data Security Standard, the council relaxed rules for smaller merchants pertaining to combating malicious scripts in their e-commerce environment. Cue confusion and ongoing cybersecurity questions. First seen on govinfosecurity.com Jump to…
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats

Apr 15, 2025 6:28 PM

Tags: attack, backdoor, malicious, phishing, russia

Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages, errr, victims, and delivers a novel backdoor, GrapeLoader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/wine-inspired-phishing-eu-diplomats
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

Apr 15, 2025 5:28 PM

Tags: access, apache, cve, cvss, flaw, malicious, open-source, password, software, unauthorized, vulnerability

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including…
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Apr 15, 2025 5:28 PM

Tags: api, credentials, crypto, cybersecurity, malicious, pypi

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange…
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader

Apr 15, 2025 2:28 PM

Tags: access, attack, cyber, malicious, malware, powershell

Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location. This loader initiates a complex chain involving obfuscated PowerShell scripts, ultimately executing potent malware like the XWorm Remote Access Trojan (RAT) or the Rhadamanthys information stealer. The attack often begins via…
Cybercriminals Exploit Search Results to Steal Credit Card Information

Apr 15, 2025 2:28 PM

Tags: credit-card, cyber, cybercrime, exploit, Internet, malicious, risk

Everyday internet searches, a routine activity for billions, harbor a hidden risk: cybercriminals are increasingly manipulating search engine results to lure unsuspecting users into traps designed to steal credit card details and other sensitive information. This manipulation often involves pushing malicious websites, disguised as legitimate entities, to the top of search results pages where users…
New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures

Apr 15, 2025 2:28 PM

Tags: api, cyber, injection, malicious, malware

Security researchers have unveiled a new malware process injection technique dubbed >>Waiting Thread Hijacking
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

Apr 15, 2025 1:28 PM

Tags: crypto, group, hacking, korea, malicious, malware, network, north-korea, threat

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
Top Four Considerations for Zero Trust in Critical Infrastructure

Apr 15, 2025 11:28 AM

Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trust

Top Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Apr 14, 2025 10:33 PM

Tags: email, healthcare, malicious, malware, phishing

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed ‘ResolverRAT’ that is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims download a malicious file triggering…
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Apr 14, 2025 6:33 PM

Tags: access, attack, cybersecurity, email, healthcare, malicious, phishing, threat

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors.”The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link,” Morphisec Labs researcher Nadav Lorber said in a report shared with The First seen…
Malicious NPM packages target PayPal users

Apr 14, 2025 5:33 PM

Tags: credentials, crypto, finance, malicious, threat

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2, and were used to steal PayPal credentials and hijack cryptocurrency transfers. >>Using PayPal-related…
Package hallucination: LLMs may deliver malicious code to careless devs

Apr 14, 2025 3:33 PM

Tags: attack, LLM, malicious, supply-chain

LLMs’ tendency to >>hallucinate
IBM Aspera Faspex Flaw Allows Injection of Malicious JavaScript in Web UI

Apr 14, 2025 3:33 PM

Tags: cve, cyber, flaw, ibm, injection, malicious, vulnerability

A significant security vulnerability has been identified in IBM Aspera Faspex 5, a popular file exchange solution. The flaw, designated as CVE-2025-3423, allows attackers to inject malicious JavaScript into the web interface, potentially compromising sensitive user data. Vulnerability Details The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue. It enables authenticated users to…
AI hallucinations lead to a new cyber threat: Slopsquatting

Apr 14, 2025 2:33 PM

Tags: ai, cyber, malicious, openai, threat

These hallucinations are bad news: These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable.When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run.The study concluded that this…
Malicious NPM Packages Target Cryptocurrency, PayPal Users

Apr 14, 2025 1:34 PM

Tags: credentials, crypto, finance, malicious, threat

Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/malicious-npm-packages-target-cryptocurrency-paypal-users/
What boards want and don’t want to hear from cybersecurity leaders

Apr 14, 2025 9:33 AM

Tags: access, business, ciso, compliance, control, cyber, cybersecurity, email, malicious, metric, phishing, risk, security-incident, skills, strategy, technology, threat, training, update

“It’s only when you report to someone not involved in technology that you realize you’re talking in jargon or not close to talking the language of the business,” says Bennett. Decoding what the board wants from security leaders: Cybersecurity leaders need regular contact with boards to foster familiarity and understanding. Without this, a lack of…
Ransomware bei einem Einrichtungshaus-Kette in Griechenland

Apr 14, 2025 7:33 AM

Tags: group, malicious, ransomware

Announcement about a malicious external action against the digital and electronic systems of Fourlis Group First seen on fourlis.gr Jump to article: www.fourlis.gr/Files/IR/Press%20Releases/en/2024/FOURLIS%20GROUP_PRESS%20RELEASE_20241202.pdf