Tag: malicious

Your personal OpenClaw agent may also be taking orders from malicious websites

Feb 27, 2026 1:37 PM

Tags: access, ai, api, attack, authentication, credentials, identity, malicious, monitoring, radius, software, update, vulnerability

A larger blast radius: Unlike regular software vulnerabilities, compromised AI agents have a bigger blast radius as they hold sensitive API keys, session tokens, file system access, and the authority to execute tasks across enterprise tools.Barr emphasized that autonomous systems “aggregate identity, credentials, and workflow authority,” meaning a failure doesn’t occur quietly. Instead, the agent…
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers

Feb 27, 2026 1:37 PM

Tags: google, hacker, malicious, phishing, threat, tool

Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security. First seen on hackread.com Jump to article: hackread.com/hackers-1campaign-hide-malicious-ads-google-reviewers/
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Feb 27, 2026 12:37 PM

Tags: access, intelligence, malicious, microsoft, powershell, rat, threat, tool

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT).”A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. “This…
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution

Feb 27, 2026 11:37 AM

Tags: cyber, endpoint, flaw, malicious, update, vulnerability, windows

Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution

Feb 27, 2026 11:37 AM

Tags: cyber, endpoint, flaw, malicious, update, vulnerability, windows

Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments

Feb 27, 2026 10:36 AM

Tags: backdoor, crypto, cryptography, cyber, linux, malicious, open-source, password

Malicious actors are abusing Go’s open-source ecosystem by deploying a backdoored crypto module that steals passwords and installs a Rekoobe Linux backdoor on developer and CI environments. The package imitates Go’s trusted cryptography library to turn ordinary password prompts into a full compromise chain quietly. On pkg.go.dev it appears as a normal cryptography library with…
Microsoft Defender Enhances Security with URL Click Alerts for Microsoft Teams

Feb 27, 2026 8:37 AM

Tags: cyber, detection, email, malicious, microsoft, monitoring, office, threat, update

Microsoft is expanding its threat detection capabilities by extending Microsoft Defender for Office 365 (MDO) URL click alerting into Microsoft Teams. This critical update allows security teams to detect, investigate, and respond to potentially malicious link clicks within Teams messages, expanding threat monitoring beyond traditional email vectors. By surfacing these alerts, organizations can identify threats…
Microsoft Defender Discovers Trojanized Gaming Utility Campaign Stealing Data with RATs

Feb 27, 2026 7:37 AM

Tags: access, cyber, data, malicious, malware, microsoft, rat, theft, tool

Microsoft Defender researchers have uncovered a new campaign that abuses trojanized gaming utilities to deliver multi”‘stage malware with remote access, data theft, and payload delivery capabilities. Attackers are masquerading as popular tools such as Xeno.exe and RobloxPlayerBeta.exe, tricking gamers into launching the malicious chain via downloads shared through web browsers and chat platforms. Once a…
Juniper Networks PTX Vulnerability Allows Full Router Takeover, Exposing Networks

Feb 27, 2026 7:37 AM

Tags: cyber, flaw, infrastructure, malicious, network, router, vulnerability

Juniper Networks has issued an out-of-cycle critical security bulletin addressing a severe vulnerability affecting its PTX Series routers running Junos OS Evolved. The flaw allows an unauthenticated, network-based attacker to execute malicious code with root privileges, potentially leading to complete device takeover. This critical security issue underscores the importance of securing core network infrastructure against…
Malicious Repo Files Could Hijack Claude Code Sessions

Feb 26, 2026 8:37 PM

Tags: ai, api, flaw, malicious

Flaws Let Attackers Run Commands and Steal API Keys Before Trust Prompt. Check Point research found three critical flaws in Anthropic’s Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities. First seen on…
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Feb 26, 2026 5:37 PM

Tags: attack, backdoor, cisco, dns, healthcare, malicious, threat

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Feb 26, 2026 5:37 PM

Tags: attack, backdoor, cisco, dns, healthcare, malicious, threat

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Feb 26, 2026 5:37 PM

Tags: attack, backdoor, cisco, dns, healthcare, malicious, threat

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Feb 26, 2026 5:37 PM

Tags: attack, backdoor, cisco, dns, healthcare, malicious, threat

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
How to report suspicious activity to Spamhaus (with all the right info!)

Feb 26, 2026 3:36 PM

Tags: cybercrime, data, malicious, malware, phishing, spam, threat

Cybercriminals never rest but anyone can play a role in stopping them. Sharing malicious activity is one of the most important ways we can strengthen safety on the internet. Spamhaus Threat Intel Community brings individuals and organizations together to share threat data and block spam, phishing, and malware campaigns worldwide. Find out how you can…
Fraudsters integrate ChatGPT into global scam campaigns

Feb 26, 2026 3:36 PM

Tags: ai, chatgpt, fraud, malicious, openai, scam, update

AI models are being folded into fraud and influence operations that follow long standing tactics. A February 2026 update to OpenAI’s Disrupting Malicious Uses of Our Models … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/openai-malicious-chatgpt-use-report/
What is Polymorphic Malware?

Feb 26, 2026 2:40 PM

Tags: cyber, detection, malicious, malware, software, threat

Malware continues to evolve, becoming more sophisticated and harder to detect. One of the most challenging types is polymorphic malware, malicious software that constantly changes its code to evade detection by traditional security systems. In a world where cyber threats are growing in scale and complexity, understanding how polymorphic malware works and how to… First…
Zoom Update Scam Infects 1,437 Users in 12 Days to Deploy Surveillance Tools

Feb 26, 2026 2:40 PM

Tags: cyber, exploit, malicious, scam, tool, update, windows

A dangerous new scam is targeting Zoom users by exploiting their trust in video meeting invites. Over just twelve days, 1,437 Windows users unknowingly installed a malicious version of the Teramind monitoring agent after visiting a fake Zoom meeting page designed to trigger silent downloads. The operation starts at uswebzoomus[.]com/zoom/ a domain mimicking Zoom’s legitimate interface. When opened, it displays…
OpenAI Confirms Chinese Hackers Used ChatGPT in Cyberattack Campaign

Feb 26, 2026 2:40 PM

Tags: chatgpt, china, cyber, cyberattack, exploit, hacker, malicious, network, openai, tactics, threat

OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” While the models were not used to write exploits or break into networks directly, they were repeatedly abused to plan…
Malicious Ads Bypass Google Ads Screening via New Campaign Platform Exploit

Feb 26, 2026 1:44 PM

Tags: crypto, cyber, exploit, google, infrastructure, malicious, malware, phishing, service

A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full”‘service infrastructure for malvertising, filtering out researchers and automated scanners to keep phishing and cryptocurrency drainer sites online for extended periods. Operated by a developer using the alias DuppyMeister, 1Campaign has been…
New Dohdoor malware campaign targets education and health care

Feb 26, 2026 12:36 PM

Tags: backdoor, cisco, malicious, malware, threat

Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-dohdoor-malware-campaign/
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Feb 26, 2026 12:36 PM

Tags: access, jobs, malicious, malware, microsoft, threat

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines.”The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code First seen…
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Feb 26, 2026 12:36 PM

Tags: api, cybersecurity, finance, malicious, service

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector.The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a…
Government Data Stolen After Hacker Jailbreaks Claude AI to Write Malicious Exploit Code

Feb 26, 2026 11:36 AM

Tags: ai, breach, cyber, cyberattack, cybersecurity, data, exploit, government, hacker, malicious, vulnerability

A hacker successfully manipulated Anthropic’s Claude AI to launch a sophisticated month-long cyberattack against Mexican government agencies. Between December 2025 and January 2026, the attacker utilized >>jailbreaking<< techniques to bypass safety guardrails, forcing the AI to identify vulnerabilities, generate functional exploit code, and exfiltrate sensitive data. The Jailbreak Method Cybersecurity firm Gambit Security revealed that…
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

Feb 26, 2026 8:37 AM

Tags: access, authentication, cisco, cve, exploit, flaw, malicious, vulnerability, zero-day

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain First…
Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day

Feb 26, 2026 12:36 AM

Tags: access, advisory, authentication, cisa, cisco, cloud, communications, control, cve, endpoint, exploit, firewall, flaw, government, group, guide, identity, infrastructure, malicious, network, office, risk, software, threat, unauthorized, update, vulnerability, zero-day

Software updates available: SD-WAN controllers play a central role in orchestrating traffic across distributed enterprise networks, including branch offices and cloud environments. Compromise at the controller level could provide attackers with broad visibility and control across large portions of an organization’s network infrastructure.In a separate security advisory, Cisco confirmed the vulnerability and released software updates…
Fake Next.js job interview tests backdoor developer’s devices

Feb 25, 2026 11:37 PM

Tags: backdoor, jobs, malicious, microsoft, software

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/
RAMP Forum Seizure Fractures Ransomware Ecosystem

Feb 25, 2026 11:37 PM

Tags: group, guide, malicious, ransomware, threat

Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/ramp-forum-seizure-fractures-ransomware-ecosystem