Tag: malicious

SmartTube YouTube app for Android TV breached to push malicious update

Dec 1, 2025 8:49 PM

Tags: access, android, malicious, open-source, update

The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

Dec 1, 2025 7:49 PM

Tags: malicious, spyware, threat

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken…
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Microsoft gives Windows admins a legacy migration headache with WINS sunset

Dec 1, 2025 6:49 PM

Tags: attack, control, cyber, dns, exploit, hacker, infrastructure, malicious, microsoft, network, open-source, penetration-testing, risk, service, technology, tool, vulnerability, windows

Why WINS is still in use: Organizations still using WINS are likely to fall into one of two categories: those using it to support old technologies with long lifecycles such as operational technology (OT) systems, and those that have simply half-forgotten that they are still using it.”For OT stacks built around WINS/NetBIOS, replacing them isn’t…
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Contagious Interview attackers go ‘full stack’ to fool developers

Dec 1, 2025 5:49 PM

Tags: attack, control, credentials, crypto, data, endpoint, exploit, github, infrastructure, intelligence, macOS, malicious, malware, open-source, social-engineering, supply-chain, theft, threat, update, windows, worm

Coding tasks lead to malware delivery: These defensive measures are effective because Contagious Interview’s entry vector relies heavily on social engineering, using fake interview tasks to trick developers into installing compromised dependencies.The campaign exploits NPM, a widely used package registry for JavaScript and Node.js, by publishing packages that appear benign but carry hidden payloads. The…
ShadyPanda browser extensions amass 4.3M installs in malicious campaign

Dec 1, 2025 4:49 PM

Tags: browser, chrome, malicious, malware

A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/
Malware Manipulates AI Detection in Latest npm Package Breach

Dec 1, 2025 4:49 PM

Tags: ai, breach, detection, exploit, malicious, malware

Malicious npm package targets AI security with misleading prompts, exploiting automated analysis First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-ai-detection-npm-package/
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process

Dec 1, 2025 3:49 PM

Tags: cyber, flaw, malicious, software, update, vulnerability

Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup. The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software.…
KimJongRAT Strikes Windows Users via Malicious HTA Files

Dec 1, 2025 3:49 PM

Tags: access, attack, credentials, cyber, group, korea, malicious, north-korea, windows

Security researchers have confirmed that KimJongRAT, a sophisticated remote access Trojan attributed to the Kimsuky group and believed to be backed by North Korea, is being actively distributed via weaponized .hta files targeting Windows users. The discovery reveals a carefully orchestrated attack chain designed to harvest sensitive credentials and system information from compromised machines. The…
Operation Hanoi Thief: Pseudo-Polyglot Payloads Targeting IT Professionals

Dec 1, 2025 3:49 PM

Tags: apt, cyber, cyberattack, jobs, malicious, malware

SEQRITE Labs APT-Team has uncovered a sophisticated cyberattack campaign dubbed >>Operation Hanoi Thief,
Operation Hanoi Thief: Pseudo-Polyglot Payloads Targeting IT Professionals

Dec 1, 2025 3:49 PM

Tags: apt, cyber, cyberattack, jobs, malicious, malware

SEQRITE Labs APT-Team has uncovered a sophisticated cyberattack campaign dubbed >>Operation Hanoi Thief,
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

Nov 30, 2025 5:49 AM

Tags: cybersecurity, korea, malicious, malware, north-korea, threat

North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. TheContagious Interviewcampaign, active since November 2023 and linked to…
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior

Nov 29, 2025 3:49 PM

Tags: ai, attack, control, cybersecurity, flaw, google, malicious, microsoft, network, vulnerability

Cybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the ‘#’ symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google’s Gemini remains at risk. First seen on hackread.com Jump to article: hackread.com/hashjack-attack-url-control-ai-browser-behavior/
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

Nov 28, 2025 6:49 PM

Tags: hacker, malicious, malware, north-korea, threat

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month.According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of…
Malicious LLMs empower inexperienced hackers with advanced tools

Nov 28, 2025 2:49 PM

Tags: hacker, LLM, malicious, ransomware, tool

Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-llms-empower-inexperienced-hackers-with-advanced-tools/
GreyNoise launches free scanner to check if you’re part of a botnet

Nov 28, 2025 2:49 PM

Tags: botnet, malicious, tool

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/greynoise-launches-free-scanner-to-check-if-youre-part-of-a-botnet/
RomCom tries dropping a notromantic payload on Ukraine-linked US firms

Nov 28, 2025 1:49 PM

Tags: attack, defense, detection, endpoint, government, group, malicious, monitoring, threat, ukraine, update

Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
RomCom tries dropping a notromantic payload on Ukraine-linked US firms

Nov 28, 2025 1:49 PM

Tags: attack, defense, detection, endpoint, government, group, malicious, monitoring, threat, ukraine, update

Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…
Microsoft Teams Guest Chat Flaw Could Let Hackers Deliver Malware

Nov 27, 2025 3:49 PM

Tags: cyber, exploit, flaw, hacker, malicious, malware, microsoft, office, vulnerability

Security researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments. The flaw exploits a fundamental architectural gap in how Teams handles cross-tenant collaboration and guest access. The vulnerability centers on a critical misunderstanding held by most security…
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks

Nov 27, 2025 3:49 PM

Tags: attack, cve, cvss, cyber, dos, flaw, malicious, nvidia, service, update, vulnerability

NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…
Shai Hulud v2 Exploits GitHub Actions to Steal Secrets

Nov 27, 2025 3:49 PM

Tags: attack, cyber, cybersecurity, data-breach, exploit, github, malicious, supply-chain, worm

A sophisticated supply chain attack has compromised hundreds of npm packages and exposed secrets from tens of thousands of GitHub repositories, with cybersecurity researchers now documenting how attackers weaponized GitHub Actions workflows to bootstrap one of the most aggressive worm campaigns in recent memory. On November 24, 2025, at 4:11 AM UTC, malicious versions of…
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks

Nov 27, 2025 3:49 PM

Tags: attack, cve, cvss, cyber, dos, flaw, malicious, nvidia, service, update, vulnerability

NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…