Tag: malicious
-
21 Countries Sign Onto Voluntary Pact to Stem the Proliferation of Spyware
Twenty-one countries signed onto the Pall Mall Process, an effort a year in the making that was created to develop a framework nations could adopt to address the proliferation and malicious use of spyware by governments that want it to track human rights workers, activists, journalists, and other such targets. First seen on securityboulevard.com Jump…
-
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office.”One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a First seen on…
-
WhatsApp flaw can let attackers run malicious code on Windows PCs
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/
-
Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws
A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally. The medium-severity vulnerability, with a CVSS score of 4.6, enables unauthenticated attackers on adjacent networks to compromise meeting integrity by executing arbitrary code. Zoom…
-
Malicious VS Code Extensions with Millions of Installs Put Developers at Risk
A sophisticated cryptomining campaign has been uncovered, targeting developers through malicious Visual Studio Code (VS Code) extensions. These extensions, masquerading as legitimate tools, have collectively accumulated over one million installations, exposing the scale of the attack. Researchers at ExtensionTotal detected the operation, which deploys a multi-stage payload to mine cryptocurrency in the background while delivering…
-
ToddyCat APT Targets ESET Bug to Load Silent Malware
Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/toddycat-apt-eset-bug-silent-malware
-
Chinese ToddyCat abuses ESET antivirus bug for malicious activities
A range of affected products: The flaw affects all of ESET offerings with the command line scanner which includes an array of products used by power users, IT admins, and enterprise environments.According to the advisory, the affected antivirus versions include ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, and ESET Security Ultimate 18.0.12.0…
-
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.The attacks involve distributing phishing emails First seen on thehackernews.com Jump…
-
Google fixed two actively exploited Android zero-days
Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices…
-
Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums
A new malicious AI tool,Xanthorox AI, has emerged on underground hacker forums. Dubbed the >>Killer of WormGPT and all EvilGPT variants,
-
Warning to developers: Stay away from these 10 VSCode extensions
Prettier Code for VSCode (by prettier);Discord Rich Presence for VS Code (by Mark H);Rojo Roblox Studio Sync (by evaera);Solidity Compiler (by VSCode Developer);Claude AI (by Mark H)Golong Compiler (by Mark H);ChatGPT Agent for VSCode (by Mark H);HTML Obfuscator (by Mark H);Python Obfuscator for VSCode (by Mark H);Rust Compiler for VSCode (by Mark H).Although the extensions…
-
CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass Security
Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding their malicious activity within the context of legitimate security software. In early 2024, Kaspersky’s investigation into ToddyCat incidents revealed a suspicious file named >>version.dll
-
Lazarus Expands NPM Campaign With Trojan Loaders
North Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…
-
Trio of malicious PyPI packages target sensitive information
First seen on scworld.com Jump to article: www.scworld.com/brief/trio-of-malicious-pypi-packages-target-sensitive-information
-
Malicious npm packages, BeaverTail malware leveraged in new North Korean attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-npm-packages-beavertail-malware-leveraged-in-new-north-korean-attacks
-
ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the temp directories of multiple compromised systems. This file was identified as a tool called TCESB,…
-
Malicious VSCode extensions infect Windows with cryptominers
Nine VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/
-
This $16 AdGuard plan protects your whole family from malicious ads
You have until April 27 at 11:59 p.m. PT to grab lifetime access to AdGuard’s privacy and ad-blocking tools for just $15.97 (reg. $169)”, remember to enter code FAMPLAN at checkout for this limited-time discount. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/this-16-adguard-plan-protects-your-whole-family-from-malicious-ads/
-
Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-vs-code-cryptojacking/
-
CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel.”‘Fast flux’ is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain…
-
Xanthorox AI The Next Generation of Malicious AI Threats Emerges
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted… First…
-
Threat Actors Use Windows Screensaver Files as Malware Delivery Method
Cybersecurity experts at Symantec have uncovered a sophisticated phishing campaign targeting various sectors across multiple countries, leveraging the Windows screensaver file format (.scr) as a vector for malware distribution. This method, while seemingly innocuous, allows attackers to execute malicious code under the guise of a harmless screensaver file. Campaign Overview The campaign, observed by Symantec,…
-
NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA researchers have identified the latest version of this Remote Access Trojan (RAT), revealing alarming details about its distribution, functionality, and impact on compromised systems. Technical Overview of Neptune RAT Neptune…
-
PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets. Silent Push researchers warn of a malicious PoisonSeed campaign that uses stolen CRM and bulk email provider credentials to send crypto seed phrase spam. Victims are tricked into importing compromised seed phrases into…
-
Fast Flux is the New Cyber Weapon”, And It’s Hard to Stop, Warns CISA
Tags: advisory, cisa, cyber, cybercrime, cybersecurity, detection, infrastructure, international, maliciousThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.” The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection…
-
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
North Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT) loaders, targeting developers to exfiltrate credentials, financial data, and cryptocurrency wallets. SecurityScorecard researchers identified 11…
-
Malicious Python Packages Target Popular Cryptocurrency Library to Steal Sensitive Data
In a recent development, the ReversingLabs research team has uncovered a sophisticated software supply chain attack targeting developers of cryptocurrency applications. The attack involved the creation of two malicious Python packages, bitcoinlibdbfix and bitcoinlib-dev, which were uploaded to the Python Package Index (PyPI) with the intent to exfiltrate sensitive database files. Fake Fix for Bitcoinlib…
-
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.”Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an First…
-
Python JSON Logger Vulnerability Enables Remote Code Execution PoC Released
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1. This vulnerability arises from a missing dependency, >>msgspec-python313-pre,
-
Critical pgAdmin Flaw Allows Remote Code Execution
A severe Remote Code Execution (RCE) vulnerability in pgAdmin (CVE-2025-2945), the popular PostgreSQL database management tool, has been patched after researchers discovered attackers could hijack servers through malicious API requests. The flaw affects pgAdmin versions ≤9.1 and allows authenticated users to execute arbitrary commands on affected systems. Technical Breakdown The vulnerability stems from improper use…