Tag: malicious

AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Chrome Extension Malware Secretly Adds Hidden SOL Fees to Solana Swap Transactions

Nov 26, 2025 3:50 PM

Tags: browser, chrome, crypto, cyber, malicious, malware, tool

Security researchers at Socket have uncovered a deceptive Chrome extension called Crypto Copilot that masquerades as a legitimate Solana trading tool while secretly siphoning SOL from users’ swap transactions. The malicious extension, published on June 18, 2024, extracts undisclosed fees by injecting hidden transfer instructions into every transaction users execute. Crypto Copilot markets itself on…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Nov 26, 2025 12:49 PM

Tags: browser, chrome, crypto, cybersecurity, malicious

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet.The extension, named Crypto Copilot, was first published by a user named “sjclark76” on May 7, 2024. The developer describes the browser…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
Reward-Hacking Training Produces Malicious Cross-Task Behaviors

Nov 26, 2025 12:49 PM

Tags: ai, cyber, hacking, intelligence, malicious, training

Anthropic researchers have discovered a troubling phenomenon in the development of artificial intelligence: when large language models learn to >>reward hack
Reward-Hacking Training Produces Malicious Cross-Task Behaviors

Nov 26, 2025 12:49 PM

Tags: ai, cyber, hacking, intelligence, malicious, training

Anthropic researchers have discovered a troubling phenomenon in the development of artificial intelligence: when large language models learn to >>reward hack
Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads

Nov 26, 2025 7:49 AM

Tags: apt, cyber, exploit, group, infrastructure, malicious, microsoft, powershell, social-engineering, threat, vulnerability, windows

Water Gamayun, a Russia”‘aligned advanced persistent threat (APT) group, has launched a new multi”‘stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE”‘2025″‘26633 to inject malicious code into mmc.exe, ultimately delivering hidden…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Spyware Abuse of Signal and WhatsApp Targeting US Officials

Nov 26, 2025 12:49 AM

Tags: advisory, cyber, defense, exploit, government, group, malicious, military, spyware

Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
Spyware Abuse of Signal and WhatsApp Targeting US Officials

Nov 26, 2025 12:49 AM

Tags: advisory, cyber, defense, exploit, government, group, malicious, military, spyware

Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
The Latest Shai-Hulud Malware is Faster and More Dangerous

Nov 25, 2025 10:49 PM

Tags: attack, github, malicious, malware, supply-chain

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-latest-shai-hulud-malware-is-faster-and-more-dangerous/
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer

Nov 25, 2025 7:49 PM

Tags: attack, credentials, cyber, data, login, malicious, malware, marketplace

A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer

Nov 25, 2025 7:49 PM

Tags: attack, credentials, cyber, data, login, malicious, malware, marketplace

A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer

Nov 25, 2025 7:49 PM

Tags: attack, credentials, cyber, data, login, malicious, malware, marketplace

A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution

Nov 25, 2025 7:49 PM

Tags: ai, flaw, malicious, remote-code-execution, risk

A critical flaw in vLLM allows attackers to crash AI servers or execute code remotely by sending malicious prompt embeddings to the Completions API. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/critical-vllm-flaw-puts-ai-systems-at-risk-of-remote-code-execution/
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer

Nov 25, 2025 7:49 PM

Tags: attack, credentials, cyber, data, login, malicious, malware, marketplace

A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
Would Your Business Survive a Black Friday Cyberattack?

Nov 25, 2025 4:49 PM

Tags: access, ai, api, application-security, attack, authentication, automation, backup, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, defense, encryption, exploit, finance, fraud, identity, infection, infrastructure, intelligence, Internet, login, malicious, mfa, monitoring, password, phishing, ransomware, resilience, risk, soar, software, strategy, threat, training, unauthorized

Would Your Business Survive a Black Friday Cyberattack? madhav Tue, 11/25/2025 – 13:54 Black Friday and Cyber Monday can make or break the year for retailers. Sales soar, carts fill, and data pours in. However, the same things that drive growth for retailers also draw in malefactors. For them, it’s open season. Cyber War Cloud…
Would Your Business Survive a Black Friday Cyberattack?

Nov 25, 2025 4:49 PM

Tags: access, ai, api, application-security, attack, authentication, automation, backup, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, defense, encryption, exploit, finance, fraud, identity, infection, infrastructure, intelligence, Internet, login, malicious, mfa, monitoring, password, phishing, ransomware, resilience, risk, soar, software, strategy, threat, training, unauthorized

Would Your Business Survive a Black Friday Cyberattack? madhav Tue, 11/25/2025 – 13:54 Black Friday and Cyber Monday can make or break the year for retailers. Sales soar, carts fill, and data pours in. However, the same things that drive growth for retailers also draw in malefactors. For them, it’s open season. Cyber War Cloud…
Morphisec warns StealC V2 malware spread through weaponized blender files

Nov 25, 2025 4:49 PM

Tags: automation, cybersecurity, malicious, malware, marketplace, russia, threat

StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
Morphisec warns StealC V2 malware spread through weaponized blender files

Nov 25, 2025 4:49 PM

Tags: automation, cybersecurity, malicious, malware, marketplace, russia, threat

StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Nov 25, 2025 3:49 PM

Tags: cybersecurity, malicious, malware, phishing, update, windows

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update.”Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
Fluent Bit vulnerabilities could enable full cloud takeover

Nov 25, 2025 1:51 PM

Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerability

File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…