Tag: malicious

Law Enforcement Dismantles SocksEscort Proxy Network in Operation Lightning

Mar 13, 2026 12:10 PM

Tags: cybercrime, international, law, malicious, network, service

Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/socksescort-proxy-network-op/
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code

Mar 13, 2026 9:10 AM

Tags: browser, chrome, cve, cyber, exploit, flaw, google, malicious, update, zero-day

Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…
Six Packagist Packages Linked to Trojanized jQuery Campaign

Mar 13, 2026 8:11 AM

Tags: cyber, malicious, threat

Six malicious OphimCMS themes on Packagist have been caught shipping trojanized jQuery and other JavaScript, exposing movie”‘streaming sites and their visitors to redirects, URL exfiltration, and aggressive ad schemes tied to sanctioned FUNNULL infrastructure. Socket’s Threat Research Team found that the attacker embedded all malicious logic in bundled JS assets while leaving the PHP code and package…
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Mar 12, 2026 4:09 PM

Tags: authentication, ciso, detection, infrastructure, malicious, phishing, soc, threat

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that…
Microsoft Authenticator could leak login codes”, update your app now

Mar 12, 2026 2:10 PM

Tags: android, authentication, leak, login, malicious, microsoft, update

A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/microsoft-authenticator-could-leak-login-codes-update-your-app-now/
PhantomRaven returns to npm with 88 bad packages

Mar 12, 2026 2:10 PM

Tags: breach, control, credentials, data, malicious, malware, update

Operational patterns challenge “research experiment” claim: Despite the new waves, PhantomRaven’s core functionality has remained largely unchanged, the researchers said. They found that 257 out of 259 lines of the malware payload are identical across all waves, with the only significant modification being the command-and-control domain used to receive stolen data.Instead, the attacker focused on…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks

Mar 12, 2026 1:09 PM

Tags: access, breach, corporate, cyber, defense, exploit, hacker, malicious, monitoring, network, software, threat, tool

Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks

Mar 12, 2026 1:09 PM

Tags: access, breach, corporate, cyber, defense, exploit, hacker, malicious, monitoring, network, software, threat, tool

Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
Hackers Exploit CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials

Mar 12, 2026 12:10 PM

Tags: attack, credentials, cyber, ddos, exploit, hacker, login, malicious, microsoft, phishing, threat

A recent Microsoft 365 credential harvesting campaign shows how attackers are exploiting CloudFlare’s protective features to shield malicious phishing sites from security scanners and threat researchers. CloudFlare is widely used by organizations to improve website performance and protect against attacks such as bots, DDoS, and automated scanning. However, these same protections can also unintentionally benefit…
Hackers Exploit CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials

Mar 12, 2026 12:10 PM

Tags: attack, credentials, cyber, ddos, exploit, hacker, login, malicious, microsoft, phishing, threat

A recent Microsoft 365 credential harvesting campaign shows how attackers are exploiting CloudFlare’s protective features to shield malicious phishing sites from security scanners and threat researchers. CloudFlare is widely used by organizations to improve website performance and protect against attacks such as bots, DDoS, and automated scanning. However, these same protections can also unintentionally benefit…
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
New PhantomRaven NPM attack wave steals dev data via 88 packages

Mar 11, 2026 6:48 PM

Tags: attack, data, malicious, supply-chain

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-phantomraven-npm-attack-wave-steals-dev-data-via-88-packages/
Salesforce tracks possible ShinyHunters campaign targeting its users

Mar 11, 2026 4:48 PM

Tags: cloud, malicious, open-source, tool

Salesforce warns users of an uptick in malicious activity targeting Experience Cloud customers with misconfigured user settings via an open source tool First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639851/Salesforce-tracks-possible-ShinyHunters-campaign-targeting-its-users
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely

Mar 11, 2026 1:49 PM

Tags: cve, cvss, cyber, flaw, malicious, microsoft, office, remote-code-execution, threat, vulnerability

Microsoft has disclosed a critical security flaw in its Microsoft Office suite, officially tracked as CVE-2026-26110. Released on March 10, 2026, this Remote Code Execution (RCE) vulnerability poses a significant threat to organizations and individuals relying on the widely used productivity software. With a base CVSS score of 8.4, the flaw demands immediate attention from…
Did cybersecurity recently have its Gatling gun moment?

Mar 11, 2026 12:49 PM

Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfare

inflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
Agentic AI security: Why you need to know about autonomous agents now

Mar 11, 2026 11:46 AM

Tags: ai, malicious, risk, risk-management, threat

There are many benefits and security risks of deploying agentic AI within organizations. This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/agentic-ai-security-why-you-need-to-know-about-autonomous-agents-now/
KadNap bot compromises 14,000+ devices to route malicious traffic

Mar 11, 2026 11:46 AM

Tags: botnet, Internet, malicious, malware, router

KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Mar 11, 2026 7:47 AM

Tags: ai, cybersecurity, data, exploit, malicious, rust, threat

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.The Rust packages, published to crates.io, are listed below -chrono_anchordnp3timestime_calibratortime_calibratorstime-syncThe crates, per Socket, impersonate timeapi.io and were published between late February and early March First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html
Fortinet FortiManager fgtupdates Flaw Enables Attackers to Execute Malicious Commands Remotely

Mar 11, 2026 6:48 AM

Tags: cve, cvss, cyber, flaw, fortinet, malicious, network, unauthorized, vulnerability

Fortinet has issued a security alert regarding a high-severity vulnerability affecting its FortiManager platform. Tracked as CVE-2025-54820 and carrying a CVSS score of 7.0, this flaw allows remote, unauthenticated attackers to execute unauthorized commands. Because FortiManager is designed to centrally manage multiple Fortinet security devices, securing these systems is critical to maintaining a strong network…
Microsoft SQL Server Zero-Day Exposes Privilege Escalation Risk for Users

Mar 11, 2026 6:48 AM

Tags: control, cve, cvss, cyber, flaw, malicious, microsoft, risk, sql, unauthorized, vulnerability, zero-day

Microsoft has disclosed a critical security flaw affecting SQL Server, officially tracked as CVE-2026-21262. Released on March 10, 2026, this elevation of privilege vulnerability exposes organizations to significant risks by allowing malicious actors to gain unauthorized control over enterprise database environments. With a maximum severity rating of >>Important<< and a CVSS 3.1 score of 8.8,…
March Patch Tuesday: Three high severity holes in Microsoft Office

Mar 11, 2026 1:48 AM

Tags: ai, apache, backup, browser, chrome, cloud, credentials, cve, cvss, cyber, email, endpoint, exploit, google, incident, incident response, injection, insurance, iot, linux, macOS, malicious, microsoft, network, office, sap, soc, sql, tool, update, vulnerability, windows

aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
Fake OpenClaw npm Package Installs GhostClaw Malware

Mar 10, 2026 11:48 PM

Tags: credentials, malicious, malware

A malicious npm package disguised as OpenClaw installs GhostClaw malware to steal developer credentials and sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fake-openclaw-npm-package-installs-ghostclaw-malware/
Fake Claude Code Spreads Malware to Windows, macOS Users

Mar 10, 2026 6:46 PM

Tags: macOS, malicious, malware, windows

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. The post Fake Claude Code Spreads Malware to Windows, macOS Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-claude-code-install-pages-malware-windows-macos/