Collecting Cyber-News from over 60 sources

Tag: malicious

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

Apr 1, 2025 3:55 PM

Tags: apple, cve, exploit, macOS, malicious, vulnerability, zero-day

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.The vulnerabilities in question are listed below -CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already installed on…
LLMs are now available in snack size but digest with care

Apr 1, 2025 1:55 PM

Tags: access, ai, attack, business, control, data, defense, email, exploit, finance, gartner, group, incident response, LLM, malicious, monitoring, phishing, risk, scam, security-incident, strategy, threat, vulnerability

Passed down wisdom can distort reality: Rather than developing their own contextual understanding, student models rely heavily on their teacher models’ pre-learned conclusions. Whether this limitation can lead to model hallucination is highly debated by experts.Brauchler is of the opinion that the efficiency of the student models is tied to that of their teachers, irrespective…
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices

Apr 1, 2025 1:55 PM

Tags: apple, cve, exploit, macOS, malicious, vulnerability

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.The vulnerabilities in question are listed below -CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already installed on…
Hackers exploit little-known WordPress MU-plugins feature to hide malware

Apr 1, 2025 11:58 AM

Tags: access, exploit, hacker, malicious, malware, wordpress

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware
Hackers Deploy 24,000 IPs to Breach Palo Alto Networks GlobalProtect

Apr 1, 2025 11:36 AM

Tags: access, breach, cyber, cybersecurity, defense, hacker, malicious, network, unauthorized

A wave of malicious activity targeting Palo Alto Networks PAN-OS GlobalProtect portals has been observed, with nearly 24,000 unique IPs attempting unauthorized access over the past 30 days. This coordinated effort, flagged by cybersecurity firm GreyNoise, highlights the growing sophistication of attackers probing network defenses as a precursor to potential exploitation. GreyNoise detected the surge…
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks

Apr 1, 2025 12:19 AM

Tags: edr, malicious, malware, software, tool

Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/coffeeloader-malware-evasion-tricks
Triton RAT Uses Telegram for Remote System Access and Control

Mar 31, 2025 10:19 PM

Tags: access, control, credentials, cyber, data, github, malicious, malware, open-source, rat, theft, tool

Cado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration. This open-source malware, available on GitHub, is designed to execute a wide range of malicious activities, including credential theft, system control, and persistence establishment. Technical Overview Triton RAT initiates its…
Latest gambit for Gamaredon: Fake Ukraine troop movement documents with malicious links

Mar 31, 2025 9:19 PM

Tags: group, hacking, malicious, tool, ukraine

The Kremlin-linked hacking group Gamaredon appears to be behind a recent campaign that aims to install a malicious version of the Remcos tool on Ukrainian computers. First seen on therecord.media Jump to article: therecord.media/gamaredon-phishing-campaign-fake-ukraine-documents-remcos
Hackers abuse WordPress MU-Plugins to hide malicious code

Mar 31, 2025 8:19 PM

Tags: hacker, malicious, wordpress

Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code/
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Mar 31, 2025 6:20 PM

Tags: attack, captcha, linkedin, malicious

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/qakbot-resurfaces-fresh-wave-clickfix-attacks
Beware! A Fake Zoom Installer Drops BlackSuit Ransomware on Your Windows Systems

Mar 31, 2025 4:13 PM

Tags: attack, cyber, cybersecurity, exploit, malicious, malware, ransomware, software, threat, windows

Cybersecurity analysts have uncovered a sophisticated campaign exploiting a fake Zoom installer to deliver BlackSuit ransomware across Windows-based systems. The attack, documented by DFIR experts, highlights how threat actors are leveraging popular software to deceive unsuspecting victims into installing malware capable of crippling entire networks. The Fake Zoom Installer The malicious activity began with a…
Apache Tomcat Vulnerability Exploited to Execute Malicious Arbitrary Code on Servers

Mar 31, 2025 4:13 PM

Tags: apache, cve, cyber, exploit, flaw, malicious, rce, remote-code-execution, vulnerability

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers. Critical RCE Flaw in Apache Tomcat The flaw allows attackers to upload malicious files via unauthenticated HTTP PUT requests, followed by a GET request to trigger deserialization, leading to arbitrary code execution. Affected versions include Tomcat 9.0.0-M1…
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine

Mar 31, 2025 4:13 PM

Tags: control, cyber, data, exploit, framework, hacker, malicious, microsoft, russia, threat, vulnerability, windows, zero-day

Water Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…
Evilginx Tool (Still) Bypasses MFA

Mar 31, 2025 4:13 PM

Tags: credentials, malicious, mfa, open-source, threat, tool

Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/evilginx-bypasses-mfa
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Mar 31, 2025 4:13 PM

Tags: access, exploit, hacker, malicious, spam, threat, wordpress

Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plugins in a special directory (“wp-content/mu-plugins”) that are automatically executed by WordPress without the need to enable them explicitly via…
CISA warns of RESURGE malware exploiting Ivanti flaw

Mar 31, 2025 5:13 AM

Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, ivanti, malicious, malware, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware calledRESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect…
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Mar 29, 2025 9:13 PM

Tags: backdoor, cisco, cyber, group, hacker, malicious, phishing, spear-phishing, tactics, threat, ukraine

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
Top 5 Web Application Penetration Testing Companies UK

Mar 29, 2025 10:13 AM

Tags: attack, cyber, cybercrime, exploit, flaw, hacker, malicious, penetration-testing, tactics

Web Application Penetration Testing (WAPT) is a methodical approach to security that involves ethical hackers simulating real-world cyber-attacks on your web application to uncover vulnerabilities. By mimicking the tactics of cybercriminals, these professionals can identify weaknesses before malicious actors can exploit them. This proactive process allows businesses to address security flaws early and maintain a…
4 Tips For Crypto Wallet Security

Mar 29, 2025 10:13 AM

Tags: crypto, exploit, malicious, phishing

Cryptocurrency will be more popular in 2025 than it has ever been and this means that there is a greater need for wallet security. As the crypto sector becomes more profitable and popular, malicious actors will look to exploit investors and steal their funds through methods like phishing schemes, wallet hacks, and so on. Then…
The Trump administration made an unprecedented security mistake you can avoid doing the same

Mar 29, 2025 5:13 AM

Tags: access, attack, business, communications, control, cybersecurity, data, defense, government, group, intelligence, international, malicious, military, mobile, network, office, resilience, risk, russia, social-engineering, technology, threat, ukraine, unauthorized, usa, vulnerability, worm

faux pas of senior administration personnel went from bad to worse to the gutter in the span of 24 hours. If you haven’t read The Atlantic writeup, you should (there are two pieces, the revelation from Goldberg and then the subsequent release of the contents of the Signal chat). There is no getting around it,…
Researchers claim their protocol can create truly random numbers on a current quantum computer

Mar 29, 2025 5:13 AM

Tags: computer, computing, Internet, malicious

Could be used on near-term quantum machines: The authors of the paper, published in Nature, said research shows quantum computers have the potential to solve problems better than classical computing techniques, but the resource requirements of known quantum algorithms for these problems put them far out of reach of quantum machines that exist now or…
Hackers target Taiwan with malware delivered via fake messaging apps

Mar 29, 2025 5:13 AM

Tags: hacker, malicious, malware

Hackers have been targeting users in Taiwan with PJobRAT malware delivered through malicious instant messaging apps, according to new research. First seen on therecord.media Jump to article: therecord.media/hackers-target-taiwan-fake-messaging-apps
Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Mar 29, 2025 5:13 AM

Tags: backdoor, cisco, malicious, powershell, ukraine

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
Malicious Snow White Movie Download Targets Viewers with New Malware

Mar 29, 2025 5:13 AM

Tags: cyber, exploit, malicious, malware

As the latest adaptation of Snow White hits theaters with lukewarm reception, the absence of streaming options on platforms like Disney+ has led many viewers to seek pirated versions online. This trend is not new; every major movie release without a digital option becomes a prime opportunity for attackers to exploit users eager to watch…
Infostealer campaign compromises 10 npm packages, targets devs

Mar 27, 2025 10:34 PM

Tags: data, malicious

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/
Malicious AI tools, AI jailbreaks increasingly sought by cybercriminals

Mar 27, 2025 9:37 PM

Tags: ai, cybercrime, malicious, tool

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-ai-tools-ai-jailbreaks-increasingly-sought-by-cybercriminals
PCI DSS 4.0 Compliance Requires a New Approach to API Security

Mar 27, 2025 9:37 PM

Tags: api, compliance, data, exploit, finance, malicious, PCI, service, threat

Retailers, Financial Services, and the API Security Wake-Up Call With the PCI DSS 4.0 compliance deadline fast approaching, Cequence threat researchers have uncovered troubling data: 66.5% of malicious traffic is targeting retailers. And attackers aren’t just after payment data. They’re weaponizing APIs to exploit every stage of the digital buying process. The conclusions in this……
Browser extension sales, updates pose hidden threat to enterprises

Mar 27, 2025 8:34 PM

Tags: malicious, threat, update

Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop. First seen on cyberscoop.com Jump to article: cyberscoop.com/browser-extension-sales-permissions-hidden-threat/
CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw

Mar 27, 2025 7:34 PM

Tags: access, api, attack, control, cve, cvss, data, exploit, flaw, malicious, risk, router, theft, unauthorized, update, vulnerability

IntroductionOn March 21, 2025, a critical vulnerability, CVE-2025-29927, was publicly disclosed with a CVSS score of 9.1, signifying high severity. Discovered by security researcher Rachid Allam, the flaw enables attackers to bypass authorization checks in Next.js Middleware, potentially granting unauthorized access to protected resources. This poses a risk to applications that rely on Middleware to…
Classiscam Operators Use Automated Malicious Sites to Steal Financial Data

Mar 27, 2025 7:34 PM

Tags: crime, cyber, data, finance, malicious, marketplace, scam, service, threat

Classiscam, an automated scam-as-a-service operation, has been identified as a significant threat in Central Asia, leveraging sophisticated techniques to defraud users of online marketplaces and e-commerce platforms. This fraudulent scheme, highlighted in the High-Tech Crime Trends Report 2025, utilizes Telegram bots to generate fake websites that mimic legitimate services, effectively deceiving victims into sharing their…