Tag: malicious
-
How Attackers Hide Processes by Abusing Kernel Patch Protection
Security researchers have identified a sophisticated technique that allows attackers to hide malicious processes from Windows Task Manager and system monitoring tools, even on systems with Microsoft’s most advanced kernel protections enabled. The bypass leverages legitimate Windows APIs to manipulate core data structures before integrity checks can detect tampering, circumventing both PatchGuard and Hypervisor-Protected Code…
-
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.”The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further…
-
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords. First seen on hackread.com Jump to article: hackread.com/discord-nodecordrat-steal-chrome-data-npm-packages/
-
Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users
Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-deepseek-extensions-spy-chrome-users/
-
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)bitcoin-lib-js (193 Downloads)bip40 (970 Downloads)”The First seen on thehackernews.com Jump…
-
Three Malicious NPM Packages Target Developers’ Login Credentials
Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, collectively registered over 3,400 downloads before being removed from the npm registry in November 2025. The attack exploits developer trust in the legitimate BitcoinJS project…
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
-
900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats
OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users. The post 900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/
-
Hackers Using Malicious QR Codes for Phishing via HTML Table
Threat actors are continuing to refine “quishing” phishing delivered through QR codes by shifting from traditional image-based payloads to “imageless” QR codes rendered directly in email HTML, a tactic designed to sidestep security tools that focus on decoding QR images. QR code abuse is not new, but it remains effective because the user experience is…
-
Threat Actors Exploit Google Cloud Services to Steal Microsoft 365 Credentials
Tags: cloud, credentials, cyber, cybersecurity, email, exploit, google, infrastructure, malicious, microsoft, phishing, service, threatA sophisticated phishing campaign is exploiting Google Cloud infrastructure to bypass email security filters and steal Microsoft 365 credentials, demonstrating how attackers increasingly abuse trusted cloud platforms to lend legitimacy to their malicious activities. Cybersecurity researchers at Check Point have uncovered a large-scale operation targeting approximately 3,200 organizations, resulting in over 9,300 phishing emails over…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
Malicious Windows packer named pkr_mtsi used as a flexible malware loader in malvertising campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-loader-pkrmtsi-payloads/
-
900,000 Users Hit as Chrome Extensions Steal AI Chat Data
Malicious Chrome extensions stole AI chat data from over 900,000 users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/900000-users-hit-as-chrome-extensions-steal-ai-chat-data/
-
Why Legitimate Bot Traffic Is a Growing Security Blind Spot
Tags: maliciousSecurity teams have spent years improving their ability to detect and block malicious bots. That effort remains critical…. First seen on hackread.com Jump to article: hackread.com/legitimate-bot-traffic-security-blind-spot/
-
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.”This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by…
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
Automated data poisoning proposed as a solution for AI theft threat
Tags: ai, breach, business, cyber, data, encryption, framework, intelligence, LLM, malicious, microsoft, resilience, risk, risk-management, technology, theft, threatKnowledge graphs 101: A bit of background about knowledge graphs: LLMs use a technique called Retrieval-Augmented Generation (RAG) to search for information based on a user query and provide the results as additional reference for the AI system’s answer generation. In 2024, Microsoft introduced GraphRAG to help LLMs answer queries needing information beyond the data on…
-
NDSS 2025 HADES Attack: Understanding And Evaluating Manipulation Risks Of Email Blocklists
Tags: attack, conference, dns, email, exploit, infrastructure, Internet, malicious, mitigation, network, risk, service, spam, technologySession 8A: Email Security Authors, Creators & Presenters: Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)…
-
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control.The names of the extensions, which collectively have over 900,000 users, are below -Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI…
-
How Leboncoin Blocks Millions of Malicious Requests Every Day
Learn how Leboncoin blocks 9.5M malicious requests daily with DataDome’s plug”‘and”‘play, AI-driven protection across web & mobile to safeguard user data & brand. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/how-leboncoin-blocks-millions-of-malicious-requests-every-day/
-
Why Fast Flux Is Harder to Detect in CDN and Cloud-Based Setups?
DNS Fast Flux rapidly changes the IP addresses (and even the DNS servers) for a malicious domain, as shown above. Attackers often use compromised machines as proxies, cycling through “hundreds or even thousands” of IP addresses with very low DNS TTL (sometimes as short as 60 seconds). This means each DNS query can return a……
-
Threat Actors Exploit Office Assistant to Deliver Malicious Mltab Browser Plugin
A sophisticated malware campaign has been discovered exploiting Office Assistant, a widely used AI-powered productivity software in China, to distribute a malicious browser plugin that hijacks user traffic and exfiltrates sensitive information. The RedDrip Team from QiAnXin Technology’s Threat Intelligence Center uncovered this operation, which has been active since at least May 2024 and has…
-
Cursor, Windsurf Google Antigravity IDEs Linked to Malicious Extension Exposure
A critical supply chain vulnerability has been discovered affecting millions of developers using popular AI-powered IDEs, including Cursor, Windsurf, and Google Antigravity. Security researchers revealed that these coding environments were actively recommending non-existent extensions, allowing potential attackers to upload malware that users would unthinkingly install. The issue stems from how these tools were built. Cursor,…