Tag: malicious
-
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.”This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.”Users unknowingly…
-
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.”This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.”Users unknowingly…
-
Microsoft cracks down on malicious meeting invites
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/25/enhance-microsoft-calendar-threat-protection/
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
-
Attackers are Using Fake Windows Updates in ClickFix Scams
Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
-
Attackers are Using Fake Windows Updates in ClickFix Scams
Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
-
NVIDIA Isaac-GROOT Flaws Let Attackers Inject Malicious Code
NVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system access to execute arbitrary code, escalate privileges, and tamper with sensitive data, potentially compromising robotic systems and their underlying infrastructure. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, affect all versions…
-
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials
Poisoned PNGs contain malicious code First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/clickfix_attack_infostealers_images/
-
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-blender-model-files-deliver-stealc-infostealing-malware/
-
ClickFix attack uses fake Windows Update screen to push malware
New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-update-screen-to-push-malware/
-
Infamous Shai-hulud Worm Resurfaces From the Depths
This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/infamous-shai-hulud-worm-resurfaces-from-depths
-
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious ‘prettier-vscode-plus’ extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data. First seen on hackread.com Jump to article: hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/
-
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.”The campaign introduces a new variant that…
-
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.”The campaign introduces a new variant that…
-
Invisible battles: How cybersecurity work erodes mental health in silence and what we can do about it
Always-on alertness Threats don’t wait. Neither does your pager. You’re expected to respond instantly, on holidays, birthdays, weekends and 2 a.m. system alerts. Even when nothing’s burning, your mind stays wired.That permanent readiness? It’s exhaustion disguised as dedication. Sleep suffers. Focus slips. And when your nervous system never gets to shut down, it starts to…
-
Invisible battles: How cybersecurity work erodes mental health in silence and what we can do about it
Always-on alertness Threats don’t wait. Neither does your pager. You’re expected to respond instantly, on holidays, birthdays, weekends and 2 a.m. system alerts. Even when nothing’s burning, your mind stays wired.That permanent readiness? It’s exhaustion disguised as dedication. Sleep suffers. Focus slips. And when your nervous system never gets to shut down, it starts to…
-
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious ‘prettier-vscode-plus’ extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data. First seen on hackread.com Jump to article: hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/
-
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.”The campaign introduces a new variant that…
-
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.”The campaign introduces a new variant that…
-
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information
Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chainCybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
-
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information
Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chainCybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
-
New EtherHiding Technique Uses Web Attacks to Deploy Malware and Rotate Payloads
A new era of web-delivered malware has arrived with EtherHiding, a technique that fundamentally reshapes how attackers distribute and rotate malicious payloads. Unlike traditional threats that rely on static staging servers or disposable redirect chains, EtherHiding leverages smart contracts on the Binance Smart Chain (BSC) testnet, enabling attackers to update or rotate malicious payloads instantly…
-
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information
Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chainCybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries
K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries
K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…