Tag: malicious
-
PyArmor Obfuscation as a Method to Hinder Static and Signature-Based Analysis
Malware authors continue to adopt legitimate software protection tools to shield their malicious code from security researchers. A prime example is the >>VVS Stealer,
-
NDSS 2025 DLBox: New Model Training Framework For Protecting Training Data
Session 7D: ML Security Authors, Creators & Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University) PAPER DLBox: New Model Training Framework For Protecting Training Data Sharing training data for deep…
-
APT36 Uses Malicious Windows Shortcuts to Target Indian Government
APT36 is targeting Indian government entities using malicious Windows shortcut files disguised as PDFs. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apt36-uses-malicious-windows-shortcuts-to-target-indian-government/
-
DarkSpectre Malware Hit 8.8M Browsers via Malicious Extensions
DarkSpectre infected over 8.8 million browser users by abusing trusted extensions and advanced evasion techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/darkspectre-malware-hit-8-8m-browsers-via-malicious-extensions/
-
New GlassWorm malware wave targets Macs with trojanized crypto wallets
A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/
-
Microsoft Makes Teams ‘Secure by Default’ Starting January 2026
Microsoft will enable Teams messaging security by default in January 2026, blocking risky files and malicious links to protect against AI-driven threats. The post Microsoft Makes Teams ‘Secure by Default’ Starting January 2026 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-secure-by-default-january-2026/
-
Malicious Jackson Lookalike Library Slips Into Maven Central
A malicious Jackson lookalike library was used to distribute Cobalt Strike malware through Maven Central. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-jackson-lookalike-library-slips-into-maven-central/
-
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully operational infrastructure. Security researchers have identified three malicious extensions on the Open VSX marketplace linked…
-
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors. The research demonstrates that threat actors no longer need deep technical expertise to compromise enterprise…
-
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files
A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
-
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the…
-
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/
-
Zero-day vulnerabilities: what they are and how to respond
Zero-day vulnerabilities often attract attention and concern because of their unpredictability. They are, by definition, weaknesses that are unknown to software vendors and therefore have no official fix at the point of discovery. When discovered and exploited by malicious actors, they allow attackers to bypass controls before organisations even realise there is a problem. The”¦…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce platforms. Unlike traditional skimming attacks that >>listen
-
Hackers Impersonated Jackson JSON Library to Infiltrate Maven Central
Security researchers have uncovered a sophisticated multi-stage malware campaign targeting Maven Central, the primary repository for Java dependencies. The attack centered on a malicious package impersonating the legitimate Jackson JSON library marking the first significant detection of advanced malware in an ecosystem that has historically remained resilient against supply chain attacks. The malicious package, published…
-
Chinese Hackers Deploy Rootkit to Stealthily Mask ToneShell Malware
Tags: apt, backdoor, china, cyber, cyberespionage, government, group, hacker, malicious, malware, technology, toolA sophisticated cyberespionage campaign leveraging kernel-mode rootkit technology has been discovered targeting government organizations across Southeast and East Asia, with Myanmar and Thailand bearing the brunt of attacks. Security researchers identified a malicious driver delivering the ToneShell backdoor, a hallmark tool of the Chinese-nexus HoneyMyte APT group, also tracked as Mustang Panda or Bronze President.…
-
2.5M Malicious Requests Hit Adobe ColdFusion and Others in Holiday Attack
A holiday-timed campaign drove 2.5 million malicious requests targeting Adobe ColdFusion and other enterprise platforms. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2-5m-malicious-requests-hit-adobe-coldfusion-and-others-in-holiday-attack/
-
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas
OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered…
-
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical First seen…
-
Top 5 real-world AI security threats revealed in 2025
Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerabilityA critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
-
NDSS 2025 CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP
Tags: attack, conference, control, data-breach, exploit, germany, Hardware, Internet, leak, malicious, network, oracle, side-channelSession 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Stefan Gast (Graz University of Technology), Hannes Weissteiner (Graz University of Technology), Robin Leander Schröder (Fraunhofer SIT, Darmstadt, Germany and Fraunhofer Austria, Vienna, Austria), Daniel Gruss (Graz University of Technology) – PAPER CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP Confidential virtual machines (VMs) promise higher security…
-
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment. Blockchain investigator ZachXBT initially flagged the incident on the social media platform…
-
ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in, they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use.This week’s findings show…
-
Israeli Organizations Targeted by AV-Themed Malicious Word and PDF Files
SEQRITE Labs’ Advanced Persistent Threat (APT) Team has uncovered a sophisticated campaign targeting Israeli organizations through weaponized Microsoft Word and PDF documents disguised as legitimate antivirus software. The operation, tracked as UNG0801 or >>Operation IconCat,
-
DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak
As automated attack networks grow larger and more sophisticated, security teams are struggling to keep pace with a surge in malicious bot activity that is reshaping the DDoS threat landscape In December 2025, Solana experienced one of the largest DDoS attacks in history, with traffic peaking at 6 Tbps. Although the attack continued over more…