Tag: malicious
-
Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting cryptocurrency developers through the NuGet package registry. The malicious packages, which exfiltrate sensitive wallet data including private keys and mnemonics, highlight a critical vulnerability in package registry security practices. The attack centers on a package named Netherеum.All, which appears identical to the legitimate…
-
YouTube Ghost Malware Campaign: Over 3,000 Infected Videos Target Users
Check Point Research has uncovered a massive malware distribution operation called the YouTube Ghost Network, featuring over 3,000 malicious videos designed to infect unsuspecting users with dangerous information-stealing malware. This sophisticated cybercriminal network has been operating since at least 2021, with activity tripling in 2025 as threat actors increasingly exploit YouTube’s trusted platform to bypass…
-
New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious applications through legitimate-looking Microsoft authorization screens. This method bypasses traditional password protection and multi-factor authentication, making it particularly…
-
New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious applications through legitimate-looking Microsoft authorization screens. This method bypasses traditional password protection and multi-factor authentication, making it particularly…
-
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration. The research demonstrates how attackers can…
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
News Alert: SquareX reveals new browser threat, AI sidebars cloned to exploit user trust
PALO ALTO, Calif., Oct. 23, 2025, CyberNewswire: SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/news-alert-squarex-reveals-new-browser-threat-ai-sidebars-cloned-to-exploit-user-trust/
-
Microsoft disables File Explorer preview for downloads to block attacks
Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
-
Vulnerability in Perplexity’s Comet Browser Screenshot Feature Allows Malicious Prompt Injection
Researchers have discovered a critical security vulnerability in Perplexity’s Comet AI browser that allows attackers to inject malicious commands through hidden text in screenshots. The vulnerability, disclosed on October 21, 2025, demonstrates how AI-powered browsers can become dangerous gateways for attackers to access users’ sensitive accounts like banking and email services. How Attackers Hide Dangerous…
-
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
Palo Alto, California, 23rd October 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars/
-
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
Palo Alto, California, 23rd October 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars/
-
Global SMS Phishing Campaign Traced to China Targets Users Worldwide
A sophisticated and widespread smishing campaign originating from China has emerged as a significant threat to users worldwide. Researchers have attributed the ongoing attack to a group known as the Smishing Triad, which has demonstrated unprecedented scale and complexity through a decentralized infrastructure capable of registering and churning thousands of malicious domains daily. Since January…
-
Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security
Tags: access, ai, api, application-security, attack, authentication, awareness, breach, business, cloud, compliance, container, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, identity, infrastructure, intelligence, malicious, risk, saas, service, software, strategy, tactics, technology, threat, tool, update, vulnerability, wafSmarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security madhav Thu, 10/23/2025 – 05:36 Critical infrastructure (CI) organizations are, as the name suggests, some of the most important in the global economy. They’re also some of the most technologically complex and, crucially, vulnerable. Their security must reflect that. Data Security…
-
Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security
Tags: access, ai, api, application-security, attack, authentication, awareness, breach, business, cloud, compliance, container, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, identity, infrastructure, intelligence, malicious, risk, saas, service, software, strategy, tactics, technology, threat, tool, update, vulnerability, wafSmarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security madhav Thu, 10/23/2025 – 05:36 Critical infrastructure (CI) organizations are, as the name suggests, some of the most important in the global economy. They’re also some of the most technologically complex and, crucially, vulnerable. Their security must reflect that. Data Security…
-
Prompt hijacking puts MCP-based AI workflows at risk
oatpp-mcp, the MCP implementation for Oat++ (oatpp), a popular framework for developing web applications in C++. Tracked as CVE-2025-6515, the flaw stems from the fact that oatpp-mcp generates guessable session IDs for use in its communication with MCP clients, an issue that other MCP servers might have as well. The Model Context Protocol was developed…
-
Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks
South Asian hacking group Bitter (APT-Q-37) is deploying a C# backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors. First seen on hackread.com Jump to article: hackread.com/bitter-apt-winrar-vulnerability-backdoor-attacks/
-
Auditing MCP Server Access and Usage
6 min readRobust auditing is essential for secure MCP deployments, providing compliance evidence, forensic capabilities, and operational confidence for managing AI agents and context-aware systems at scale. The dynamic nature of MCP makes a lack of visibility dangerous, as attackers can exploit complex workflows and ephemeral infrastructure to hide malicious activity. First seen on securityboulevard.com…
-
Cybersecurity Awareness Month Is for Security Leaders, Too
Think you know all there is to know about cybersecurity? Guess again. Shadow AI is challenging security leaders with many of the same issues raised by other “shadow” technologies. Only this time, it’s evolving at breakneck speed. Key takeaways: The vast majority of organizations (89%) are either using AI or piloting it. Shadow AI lurks…
-
Auditing MCP Server Access and Usage
6 min readRobust auditing is essential for secure MCP deployments, providing compliance evidence, forensic capabilities, and operational confidence for managing AI agents and context-aware systems at scale. The dynamic nature of MCP makes a lack of visibility dangerous, as attackers can exploit complex workflows and ephemeral infrastructure to hide malicious activity. First seen on securityboulevard.com…
-
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet keys.The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and First seen on…
-
Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR
CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade endpoint detection and response (EDR) solutions. By leveraging highly obfuscated PowerShell scripts and process hollowing into Microsoft’s RMClient.exe, attackers are gaining stealthy persistence and targeting browser credentials. Although Remcos is…
-
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools
Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trustEvolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
-
Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
Tags: china, cyber, cybersecurity, detection, exploit, framework, hacker, malicious, monitoring, threatIn September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation campaign by a Chinese-speaking threat actor. Using this method, the attackers installed a malicious IIS module named TOLLBOOTH, deployed a Godzilla-forked webshell framework, leveraged the GotoHTTP remote monitoring and management…
-
Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns and business email compromise attacks. Security researchers across the industry are sounding the alarm as malicious actors leverage this trusted pathway to bypass authentication checks and deliver convincing internal-looking messages…
-
How Proxies Help Combat Data Scraping and Fraud
Proxies block malicious bots, prevent data scraping, and detect proxy-aided fraud by filtering traffic and enforcing centralized security policies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/how-proxies-help-combat-data-scraping-and-fraud/
-
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
In a newly uncovered campaign, the threat group known as Bitter”, also tracked as APT-Q-37″, has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and…
-
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287) Notice
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score…The…