Collecting Cyber-News from over 60 sources

Tag: malicious

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

Apr 13, 2025 3:33 PM

Tags: android, attack, china, international, lazarus, malicious, malware, russia

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic…
Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Apr 12, 2025 11:02 AM

Tags: cyber, cybercrime, exploit, malicious, threat

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning or black hat SEO, has seen cybercriminals hijack the reputation of legitimate websites to promote…
You’re always a target, so it pays to review your cybersecurity insurance

Apr 11, 2025 9:05 AM

Tags: access, ai, attack, authentication, best-practice, cisa, cloud, control, cyber, cybersecurity, data, detection, edr, email, endpoint, google, Hardware, insurance, intelligence, Internet, login, malicious, malware, mfa, monitoring, network, password, phishing, phone, risk, scam, service, smishing, social-engineering, software, training, update, vpn, zero-trust

MFA is a requirement most insurers insist upon: For example, they mandated that all remote access, including VPN access and all remote monitoring and management (RMM) solutions, such as remote desktop protocol (RDP), be protected by multifactor authentication (MFA), mandating that it should also be enforced on email access and any remote access to critical…
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications

Apr 11, 2025 5:05 AM

Tags: access, advisory, ai, api, attack, authentication, computer, control, cybersecurity, data, email, endpoint, injection, jobs, LLM, malicious, monitoring, network, open-source, risk, saas, service, software, tool, training, update

The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about MCP. Background Tenable Research has compiled this blog…
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers

Apr 10, 2025 11:05 PM

Tags: crypto, malicious, malware, software

ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching. First seen on hackread.com Jump to article: hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/
Open Source Poisoned Patches Infect Local Software

Apr 10, 2025 9:06 PM

Tags: malicious, open-source, software, strategy

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering patches for locally installed programs. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms

Apr 10, 2025 6:06 PM

Tags: attack, cyber, email, malicious, phishing, threat

Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm. According to the Report, the operation cunningly disguises a malicious payload as a mundane HR memo. The threat actor begins its attack with a fraudulent email,…
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data

Apr 10, 2025 6:06 PM

Tags: cyber, data, exploit, government, infection, malicious, malware, mobile, software, tactics

A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads…
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet

Apr 10, 2025 6:06 PM

Tags: botnet, law, malicious

Law enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet. The post Europol Targets Customers of Smokeloader Pay-Per-Install Botnet appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/europol-targets-customers-of-smokeloader-pay-per-install-botnet/
Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives

Apr 10, 2025 5:05 PM

Tags: email, malicious, social-engineering, spam, threat

Darktrace researchers detailed spam bombing, a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/threat-actors-spam-bombing-malicious-motives
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Apr 10, 2025 5:05 PM

Tags: crypto, malicious, microsoft, office, software, supply-chain, threat

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to…
Russian hackers attack Western military mission using malicious drive

Apr 10, 2025 5:05 PM

Tags: attack, group, hacker, hacking, malicious, military, russia, ukraine

The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
Domain Reputation Update Oct 2024 Mar 2025

Apr 10, 2025 4:05 PM

Tags: china, malicious, update

New domains are up 7.39%, with 2.9 million malicious domains detected. Chinese gambling sites dominate the Top 20 TLDs, while .top remains a hotspot for abuse – this time with a spike in toll road scams. Read the full report here. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/domain-reputation-update-oct-2024-mar-2025/
SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client

Apr 10, 2025 4:05 PM

Tags: cyber, exploit, flaw, malicious, software, update, vulnerability, windows

SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate file paths. Users are urged to update their software immediately to mitigate potential risks. Overview…
Why Codefinger represents a new stage in the evolution of ransomware

Apr 10, 2025 3:06 PM

Tags: access, advisory, attack, backup, best-practice, breach, business, cisco, cloud, computer, credentials, cybersecurity, data, defense, exploit, malicious, network, password, ransom, ransomware, risk, strategy, technology, threat, vmware

A new type of ransomware attack: The fundamentals of the Codefinger attack are the same as those in most ransomware attacks: The bad guys encrypted victims’ data and demanded payment to restore it.However, several aspects of the breach make it stand out from most other ransomware incidents:Attack vector: In traditional ransomware attacks, the attack vector…
TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials

Apr 10, 2025 2:06 PM

Tags: access, authentication, credentials, cyber, firmware, flaw, malicious, risk, unauthorized, vulnerability, wifi

A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072, affects TP-Link Smart Hub devices. It arises from improper authentication mechanisms in the device’s firmware,…
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

Apr 10, 2025 2:06 PM

Tags: attack, breach, country, cyber, group, malicious, malware, military, russia, threat, ukraine

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely

Apr 10, 2025 9:05 AM

Tags: credentials, cyber, detection, endpoint, exploit, malicious, ntlm, RedTeam, service, theft

A sophisticated new red team technique dubbed >>RemoteMonologue
Malicious code execution possible with patched WhatsApp flaw

Apr 9, 2025 11:05 PM

Tags: flaw, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-code-execution-possible-with-patched-whatsapp-flaw
China-Linked Hackers Continue Harassing Ethnic Groups With Spyware

Apr 9, 2025 11:05 PM

Tags: china, group, hacker, malicious, spyware, threat

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-continues-harassing-ethnic-groups-spyware
Whatsapp plugs bug allowing RCE with spoofed filenames

Apr 9, 2025 5:55 PM

Tags: attack, exploit, flaw, google, malicious, malware, mobile, phishing, phone, rce, remote-code-execution, software, spyware, threat, vulnerability, windows, zero-day

Whatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the…
Rogue RDP: Abusing RDP for File Theft and Espionage

Apr 9, 2025 5:55 PM

Tags: attack, espionage, google, government, group, intelligence, malicious, military, phishing, russia, theft, threat

A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
AI agents raise stakes in identity and access management

Apr 9, 2025 5:55 PM

Tags: access, ai, identity, malicious, tool

IT vendors roll out fresh tools to take on identity and access management for AI agents as enterprises deploy them internally and battle malicious ones externally. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366622025/AI-agents-raise-stakes-in-identity-and-access-management
April Patch Tuesday news: Windows zero day being exploited, ‘big vulnerability’ in 2 SAP apps

Apr 9, 2025 5:55 PM

Tags: access, android, attack, authentication, breach, business, ciso, cve, cvss, data, email, exploit, finance, flaw, google, group, infrastructure, injection, malicious, metric, microsoft, network, office, phishing, remote-code-execution, reverse-engineering, risk, sap, service, threat, unauthorized, update, vulnerability, windows, zero-day

Hot News Notes and five High Priority Notes.”This is huge,” Paul Laudanski, director of security research at Onapsis, said in urging CISOs to act fast on applying the SAP patch. “It’s a pretty big vulnerability.”He doesn’t believe the patch requires either SAP application to be rebooted.More on SAP patches later. Applying the patch for Windows Common Log File…
New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control

Apr 9, 2025 5:55 PM

Tags: botnet, control, cyber, exploit, hacking, malicious, vulnerability

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai botnet is at play, exploiting an information disclosure vulnerability to seize administrative control over these…
Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

Apr 8, 2025 9:43 PM

Tags: ai, cyberattack, dark-web, malicious, threat, tool

Xanthorox AI, a darknet-exclusive tool, uses five custom models to launch advanced, autonomous cyberattacks, ushering in a new AI threat era. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/xanthorox-ai/
WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files

Apr 8, 2025 8:42 PM

Tags: flaw, hacker, malicious, update, windows

If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows (CVE-2025-30401) let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure. First seen on hackread.com Jump to article: hackread.com/whatsapp-windows-flaw-hackers-sneak-malicious-files/
When Good Tools Go Bad: Dual-Use in Cybersecurity

Apr 8, 2025 8:42 PM

Tags: access, ai, attack, authentication, automation, awareness, breach, cloud, compliance, computing, control, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, detection, dns, exploit, framework, iam, incident response, infrastructure, intelligence, malicious, malware, mfa, network, nvd, penetration-testing, phishing, psychology, reverse-engineering, risk, software, strategy, tactics, threat, tool, training, unauthorized, update, vulnerability
Attackers Exploit SourceForge Platform to Distribute Malware

Apr 8, 2025 8:42 PM

Tags: attack, cyber, cybercrime, cybersecurity, exploit, infection, malicious, malware, russia, software

A recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This attack, primarily targeting Russian-speaking users, has raised alarms within the cybersecurity community for its level…
Vidar Stealer Uses New Deception Technique to Hijack Browser Cookies and Stored Credentials

Apr 8, 2025 8:42 PM

Tags: credentials, cyber, detection, exploit, malicious, malware, microsoft, tool

Vidar Stealer a notorious information-stealing malware has adopted a deceptive method to disguise itself as Microsoft’s BGInfo application. By exploiting a legitimate tool widely used by IT professionals to display system details, attackers have demonstrated advanced techniques to evade detection and execute malicious code designed to compromise sensitive data. BGInfo, part of Microsoft’s Sysinternals Suite,…