Tag: malicious
-
Open WebUI bug turns the ‘free model’ into an enterprise backdoor
Tags: access, api, authentication, backdoor, data, exploit, flaw, malicious, mitigation, network, nvd, remote-code-execution, risk, tool, updateEscalating to Remote Code Execution: The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.This turns a browser-level compromise into full remote code execution on the backend server. Once…
-
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX
Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names.The problem, according to Koi, is…
-
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?
Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trustAI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
NDSS 2025 ProbeNot: Protecting Pre-trained Encoders From Malicious Probing
Session 7D: ML Security Authors, Creators & Presenters: Ruyi Ding (Northeastern University), Tong Zhou (Northeastern University), Lili Su (Northeastern University), Aidong Adam Ding (Northeastern University), Xiaolin Xu (Northeastern University), Yunsi Fei (Northeastern University) PAPER Probe-Me-Not: Protecting Pre-Trained Encoders From Malicious Probing Adapting pre-trained deep learning models to customized tasks has become a popular choice for…
-
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives.”This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025,” the 360 Threat Intelligence Center said in First seen on thehackernews.com…
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
VSCode IDE forks expose users to “recommended extension” attacks
Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/
-
PyArmor Obfuscation as a Method to Hinder Static and Signature-Based Analysis
Malware authors continue to adopt legitimate software protection tools to shield their malicious code from security researchers. A prime example is the >>VVS Stealer,
-
NDSS 2025 DLBox: New Model Training Framework For Protecting Training Data
Session 7D: ML Security Authors, Creators & Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University) PAPER DLBox: New Model Training Framework For Protecting Training Data Sharing training data for deep…
-
APT36 Uses Malicious Windows Shortcuts to Target Indian Government
APT36 is targeting Indian government entities using malicious Windows shortcut files disguised as PDFs. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apt36-uses-malicious-windows-shortcuts-to-target-indian-government/
-
DarkSpectre Malware Hit 8.8M Browsers via Malicious Extensions
DarkSpectre infected over 8.8 million browser users by abusing trusted extensions and advanced evasion techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/darkspectre-malware-hit-8-8m-browsers-via-malicious-extensions/
-
New GlassWorm malware wave targets Macs with trojanized crypto wallets
A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/
-
Microsoft Makes Teams ‘Secure by Default’ Starting January 2026
Microsoft will enable Teams messaging security by default in January 2026, blocking risky files and malicious links to protect against AI-driven threats. The post Microsoft Makes Teams ‘Secure by Default’ Starting January 2026 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-secure-by-default-january-2026/
-
Malicious Jackson Lookalike Library Slips Into Maven Central
A malicious Jackson lookalike library was used to distribute Cobalt Strike malware through Maven Central. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-jackson-lookalike-library-slips-into-maven-central/
-
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully operational infrastructure. Security researchers have identified three malicious extensions on the Open VSX marketplace linked…
-
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors. The research demonstrates that threat actors no longer need deep technical expertise to compromise enterprise…
-
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files
A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
-
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the…
-
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/
-
Zero-day vulnerabilities: what they are and how to respond
Zero-day vulnerabilities often attract attention and concern because of their unpredictability. They are, by definition, weaknesses that are unknown to software vendors and therefore have no official fix at the point of discovery. When discovered and exploited by malicious actors, they allow attackers to bypass controls before organisations even realise there is a problem. The”¦…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce platforms. Unlike traditional skimming attacks that >>listen
-
Hackers Impersonated Jackson JSON Library to Infiltrate Maven Central
Security researchers have uncovered a sophisticated multi-stage malware campaign targeting Maven Central, the primary repository for Java dependencies. The attack centered on a malicious package impersonating the legitimate Jackson JSON library marking the first significant detection of advanced malware in an ecosystem that has historically remained resilient against supply chain attacks. The malicious package, published…