Tag: malicious
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector…
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
150,000 Packages Flood NPM Registry in Token Farming Campaign
A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz protocol. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/150000-packages-flood-npm-registry-token-farming
-
TDL 009 – Inside DNS Threat Intelligence: Privacy, Security Innovation
Tags: access, apple, attack, automation, backup, best-practice, business, ceo, cisco, ciso, cloud, computer, control, corporate, country, crime, cybersecurity, data, dns, encryption, finance, firewall, government, infrastructure, intelligence, Internet, jobs, law, linkedin, malicious, marketplace, middle-east, monitoring, msp, network, office, privacy, regulation, risk, service, software, strategy, threat, tool, windows, zero-trustSummary Inside DNS Threat Intelligence: Privacy, Security & Innovation In this episode of the Defenders Log, host David Redekop speaks with Tim Adams, the founder of the protective DNS resolver Scout DNS. Tim shares his origin story, explaining how he transitioned from a wireless network integrator to building his own DNS solution. He saw a…
-
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads.”The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO researchers…
-
Millions of sites at risk from Imunify360 critical flaw exploit
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker”‘supplied malware trigger dangerous PHP…
-
Hackers Exploit Rogue MCP Server to Inject Malicious Code into Cursor’s Built-In Browser
Security researchers have uncovered a critical vulnerability in Cursor, the AI-powered code editor, that allows attackers to inject malicious code through rogue Model Context Protocol (MCP) servers. Unlike VS Code, Cursor lacks integrity checks on its runtime components, making it vulnerable to tampering through MCP server registration. The attack works by registering a local MCP…
-
Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection
Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow linear execution paths, DigitStealer introduced sophisticated multi-stage attack techniques, extensive anti-analysis checks, and novel persistence mechanisms, demonstrating the threat actors’ deep understanding of macOS architecture. The DigitStealer campaign begins…
-
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or…
-
Fighting AI with AI: Adversarial bots vs. autonomous threat hunters
Tags: access, ai, attack, automation, backup, breach, bug-bounty, cloud, credentials, cyber, cybersecurity, data, defense, endpoint, exploit, hacker, healthcare, identity, infrastructure, Internet, iot, least-privilege, malicious, network, phishing, startup, technology, threat, tool, update, vpn, vulnerability, zero-dayWhile there’s no doubt AI holds great potential for cybersecurity, in practice, it’s mainly being used to automate what we’re already doing. For companies to stand a chance, we need new approaches to AI-powered defense, not optimized ones. Attackers already have systemic advantages that AI amplifies dramatically. While there are some great examples of how…
-
Fighting AI with AI: Adversarial bots vs. autonomous threat hunters
Tags: access, ai, attack, automation, backup, breach, bug-bounty, cloud, credentials, cyber, cybersecurity, data, defense, endpoint, exploit, hacker, healthcare, identity, infrastructure, Internet, iot, least-privilege, malicious, network, phishing, startup, technology, threat, tool, update, vpn, vulnerability, zero-dayWhile there’s no doubt AI holds great potential for cybersecurity, in practice, it’s mainly being used to automate what we’re already doing. For companies to stand a chance, we need new approaches to AI-powered defense, not optimized ones. Attackers already have systemic advantages that AI amplifies dramatically. While there are some great examples of how…
-
Palo Alto PAN-OS Flaw Lets Attackers Force Firewall Reboots via Malicious Packets
Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets. The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and VM-Series firewalls, as well as Prisma Access deployments. The vulnerability enables unauthenticated attackers to trigger…
-
Fortinet FortiWeb Zero-Day Exploited to Gain Full Admin Access
A critical zero-day vulnerability in Fortinet FortiWeb has been actively exploited in the wild, allowing attackers to gain complete administrator access without any prior authentication. The flaw affects Fortinet’s Web Application Firewall, which is designed to protect web applications from malicious traffic. Vulnerability Discovery and Exploitation On October 6, 2025, cyber deception company Defused published…
-
NDSS 2025 Incorporating Gradients To Rules
SESSION Session 3A: Network Security 1 Authors, Creators & Presenters: ingzhi Wang (Northwestern University), Xiangmin Shen (Northwestern University), Weijian Li (Northwestern University), Zhenyuan LI (Zhejiang University), R. Sekar (Stony Brook University), Han Liu (Northwestern University), Yan Chen (Northwestern University) PAPER Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection As cyber attacks grow increasingly…
-
Chrome extension “Safery” steals Ethereum wallet seed phrases
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web…
-
“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages
A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/
-
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package >>@acitons/artifact>@actions/artifact
-
SmartApeSG Uses ClickFix to Deploy NetSupport RAT
The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CAPTCHA pages to trick users into executing malicious commands that ultimately deploy NetSupport RAT a Remote Access Trojan capable of giving attackers complete…
-
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the registry for nearly two years before detection. The campaign derives its distinctive name from its unique package naming scheme. The embedded…
-
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web…
-
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called >>Safery: Ethereum Wallet,
-
Google asks US court to shut down Lighthouse phishing-as-a-service operation
Tags: control, crime, cyber, cybercrime, cybersecurity, email, google, government, incident response, law, malicious, network, phishing, risk, sans, scam, service, smishing, technology, threatWill have ‘minimal impact’: Ed Dubrovsky, chief operating officer of incident response firm Cypher, is skeptical of the effectiveness of court action. Phishing-as-a-service operations don’t have to be on American soil, he explained, so court orders and legislation will likely have minimal impact on smishing or phishing attacks.”However,” he added, “I can understand that even…
-
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code. First seen on hackread.com Jump to article: hackread.com/fake-npm-package-downloads-github-credentials/
-
WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp.According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications.…