Tag: malicious
-
PowerShell-Driven Multi-Stage Windows Malware Using Text Payloads
Security researchers have identified a sophisticated multi-stage malware campaign dubbed SHADOW#REACTOR that chains together obfuscated Visual Basic Script (VBS) execution, resilient PowerShell stagers, text-only payload delivery mechanisms, and .NET Reactorprotected in-memory loaders to deploy Remcos RAT while evading detection and analysis reliably. Initial infection begins when users execute a malicious VBS script, typically delivered through…
-
Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities.
A sophisticated Android banking trojan known as deVixor has emerged as a significant threat to mobile users, combining financial data theft, device surveillance, and ransomware capabilities into a single malicious platform. Active since October 2025, the malware represents a concerning evolution in Android-based financial threats, targeting victims through fake automotive websites and leveraging Telegram infrastructure…
-
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still First…
-
Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform…The…
-
Hackers Remotely Took Control of an Apex Legends Player’s Inputs
A critical security vulnerability has emerged in Respawn Entertainment’s popular battle royale title, allowing threat actors to remotely manipulate player inputs without requiring code execution capabilities. Respawn Entertainment, the developer of Apex Legends, has confirmed an active security incident affecting its player base. Malicious actors have discovered a vulnerability that enables them to remotely control…
-
New Angular Vulnerability Allows Attackers to Execute Malicious Payloads
A high Cross-Site Scripting (XSS) vulnerability has been discovered in Angular’s Template Compiler, potentially exposing millions of web applications to malicious JavaScript execution. The flaw, tracked as CVE-2026-22610, affects multiple versions of Angular’s core packages and carries a High severity rating with a CVSS score of 7.3/10. Attribute Details CVE ID CVE-2026-22610 Severity High (CVSS 4.0: 7.3/10) Vulnerability…
-
Instagram Confirms Password-Reset Spam Flood, Denies Breach
Security Experts See Coincidental Timing After Leak of Scraped Instagram User Data. Instagram said a massive wave of password reset emails sent to its users traced to malicious abuse of a legitimate feature, but didn’t result from any breach of its systems. Separately, security experts said a threat actor leaked 6.2 million users’ email addresses,…
-
Malicious npm packages target the n8n automation platform in a supply chain attack
Tags: attack, automation, detection, infrastructure, malicious, monitoring, network, risk, service, supply-chainTips for reducing risks: Workflow automation platforms like n8n are widely adopted for their capability to let teams link disparate systems without hand-coding every integration. But the community node ecosystem depends on npm packages and, therefore, inherits associated risks.To mitigate exposure, Endor Labs researchers recommended measures such as preferring built-in integrations over community nodes, auditing…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding…
-
North Korealinked APT Kimsuky behind quishing attacks, FBI warns
FBI warns that North Korealinked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korealinked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. >>As of 2025, Kimsuky actors have targeted think tanks, academic…
-
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
-
ZombieAgent ChatGPT attack shows persistent data leak risks of AI agents
Worm-like propagation: The email attack even has worming capabilities, as the malicious prompts could instruct ChatGPT to scan the inbox, extract addresses from other email messages, exfiltrate those addresses to the attackers using the URL trick, and send similar poisoned messages to those addresses as well.If the victim is the employee of an organization that…
-
Radware Discloses ZombieAgent Technique to Compromise AI Agents
Radware this week announced it has discovered a zero-click indirect prompt injection (IPI) vulnerability targeting the Deep Research agent developed by OpenAI. Dubbed ZombieAgent, Radware researchers have discovered that it is possible to implant malicious rules directly into the long-term memory or working notes of an AI agent. That technique enables a malicious actor to..…
-
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
Security researchers last year wrote about a surge in the use by threat actors of the legitimate XMRig cryptominer, and cybersecurity firm Expel is now outlining the widening number of malicious ways they’re deploying the open-source tool against corporate IT operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/use-of-xmrig-cryptominer-by-threat-actors-expanding-expel/
-
xRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center (ASEC) has uncovered a dangerous distribution campaign targeting Windows users through Korean web hard services. Threat actors are leveraging xRAT (QuasarRAT) malware, disguising it as legitimate adult game content to deceive unsuspecting users into downloading and executing malicious files. Korean webhard services have become a prime vector for malware distribution, with…
-
Breach Roundup: Firewalls Headed for Obsolescence
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.”As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) First…
-
Cisco identifies vulnerability in ISE network access control devices
rotate ISE credentials for those with existing and approved access;ensure only those who need access have credentials;reduce the number of devices that can access the ISE server;patch as soon as it’s possible to take the server offline.In its notice to customers, Cisco says a vulnerability [CVE-2026-20029] in the licensing features of ISE and Cisco ISE…
-
135% Surge: Inside the Holiday Bot Attacks of December 2025
DataDome detected a 135% surge in malicious bot attacks during December 2025. Discover how AI-powered bots targeted retailers and how we defended customers First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/135-surge-inside-the-holiday-bot-attacks-of-december-2025/
-
Why FIM Add-Ons Aren’t Integrity Monitoring ( Why EDR Still Isn’t Enough)
<div cla If you are running a strong EDR platform, you’re doing something right. EDR is essential. It’s great at detecting and responding to malicious activity: suspicious processes, behaviors, lateral movement, and indicators of compromise. But here’s the uncomfortable truth: EDR does not tell you, with certainty, whether your systems are still in a known and…
-
Breach Roundup: Firewalls Headed for Obsolesce
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…