Tag: malicious
-
New ClickFix attacks use fake Windows Update screens to fool employees
Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
-
Spyware Abuse of Signal and WhatsApp Targeting US Officials
Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
-
Spyware Abuse of Signal and WhatsApp Targeting US Officials
Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
-
The Latest Shai-Hulud Malware is Faster and More Dangerous
A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-latest-shai-hulud-malware-is-faster-and-more-dangerous/
-
Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution
A critical flaw in vLLM allows attackers to crash AI servers or execute code remotely by sending malicious prompt embeddings to the Completions API. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/critical-vllm-flaw-puts-ai-systems-at-risk-of-remote-code-execution/
-
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer
A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
-
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer
A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
-
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer
A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
-
VSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia Stealer
A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credentials and private data from developers’ systems. Thanks to the vigilance of the Checkmarx Zero research team specifically…
-
Morphisec warns StealC V2 malware spread through weaponized blender files
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
-
Morphisec warns StealC V2 malware spread through weaponized blender files
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
-
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update.”Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.”This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.”Users unknowingly…
-
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.”This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.”Users unknowingly…
-
Microsoft cracks down on malicious meeting invites
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/25/enhance-microsoft-calendar-threat-protection/
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
Attackers are Using Fake Windows Updates in ClickFix Scams
Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
-
Attackers are Using Fake Windows Updates in ClickFix Scams
Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
-
NVIDIA Isaac-GROOT Flaws Let Attackers Inject Malicious Code
NVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system access to execute arbitrary code, escalate privileges, and tamper with sensitive data, potentially compromising robotic systems and their underlying infrastructure. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, affect all versions…