Tag: malicious
-
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287) Notice
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score…The…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
Hackers Exploit OAuth Apps to Keep Cloud Access Even After Password Resets
Cloud account takeover attacks have evolved beyond simple credential theft. Cybercriminals are now exploiting OAuth applications to maintain persistent access to compromised environments, bypassing traditional security measures like password resets and multifactor authentication. Cloud account takeover (ATO) attacks have become a significant concern in recent years, with cybercriminals and state-sponsored actors increasingly adopting malicious OAuth…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
-
Google finds Russian state hackers replacing burned malware with new tools
A Russia-linked group tracked as Coldriver or Callisto is using three new pieces of malicious code to replace the LostKeys malware outed by Google earlier this year, the company said. First seen on therecord.media Jump to article: therecord.media/coldriver-callisto-russia-hackers-new-malware-google
-
The Unkillable Threat: How Attackers Turned Blockchain Into Bulletproof Malware Infrastructure
The blockchain was supposed to revolutionize trust. Instead, it’s revolutionizing cybercrime. Every foundational principle that makes blockchain technology secure”, decentralization, immutability, global accessibility”, has been systematically inverted by sophisticated threat actors into the most resilient malware delivery system ever created. Welcome to the era of EtherHiding, where malicious code lives forever on public ledgers, protected…
-
Microsoft 365 Copilot Flaw Lets Hackers Steal Sensitive Data via Indirect Prompt Injection
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, when clicked, sent the stolen information to an attacker’s server. When Microsoft 365 Copilot was asked to…
-
Microsoft 365 Copilot Flaw Lets Hackers Steal Sensitive Data via Indirect Prompt Injection
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, when clicked, sent the stolen information to an attacker’s server. When Microsoft 365 Copilot was asked to…
-
Apache Syncope Groovy Flaw Allows Remote Code Injection
Apache Syncope, has disclosed a critical security vulnerability that allows authenticated administrators to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-57738, impacts all Apache Syncope versions 3.x before 3.0.14 and 4.x before 4.0.2, exposing organisations to potential system compromise through malicious Groovy code injection.”‹ Vulnerability Details and Attack Mechanism The vulnerability exists…
-
Threat Actors Reportedly Marketing Monolock Ransomware on Dark Web Forums
Tags: cyber, cybercrime, cybersecurity, dark-web, encryption, malicious, marketplace, monitoring, ransomware, software, threatA recent surge in underground cybercrime chatter has shone a spotlight on Monolock Ransomware V1.0, as multiple posts on dark web forums claim that the malicious software is now available for purchase. Cybersecurity researchers monitoring illicit marketplaces report that threat actors are advertising a fully functional ransomware strain, complete with encryption modules, key exchange mechanisms,…
-
Apache Syncope Groovy Flaw Allows Remote Code Injection
Apache Syncope, has disclosed a critical security vulnerability that allows authenticated administrators to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-57738, impacts all Apache Syncope versions 3.x before 3.0.14 and 4.x before 4.0.2, exposing organisations to potential system compromise through malicious Groovy code injection.”‹ Vulnerability Details and Attack Mechanism The vulnerability exists…
-
Threat Actors Reportedly Marketing Monolock Ransomware on Dark Web Forums
Tags: cyber, cybercrime, cybersecurity, dark-web, encryption, malicious, marketplace, monitoring, ransomware, software, threatA recent surge in underground cybercrime chatter has shone a spotlight on Monolock Ransomware V1.0, as multiple posts on dark web forums claim that the malicious software is now available for purchase. Cybersecurity researchers monitoring illicit marketplaces report that threat actors are advertising a fully functional ransomware strain, complete with encryption modules, key exchange mechanisms,…
-
US NSA alleged to have launched a cyber attack on a Chinese agency
Tags: access, attack, authentication, breach, china, ciso, cloud, communications, control, country, cyber, cybersecurity, defense, finance, hacker, infrastructure, international, login, malicious, mfa, monitoring, network, RedTeam, resilience, sans, service, spy, supply-chain, technology“NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”The Chinese post says the country “shattered the US cyber attack plot of stealing secrets and infiltration and sabotage,…
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions
GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems…
-
AdaptixC2 Emerges in npm Supply-Chain Exploit Against Developers
Tags: attack, cyber, cybersecurity, exploit, framework, kaspersky, malicious, open-source, risk, software, supply-chain, threatCybersecurity researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting the npm ecosystem, where threat actors distributed the AdaptixC2 post-exploitation framework through a malicious package disguised as a legitimate proxy utility. The discovery highlights the growing risk of open-source software repositories as attack vectors for delivering advanced malware. In October 2025, Kaspersky experts…
-
New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions
GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems…
-
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to…
-
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to…
-
US NSA alleged to have launched a cyber attack on a Chinese agency
Tags: access, attack, authentication, breach, china, ciso, cloud, communications, control, country, cyber, cybersecurity, defense, finance, hacker, infrastructure, international, login, malicious, mfa, monitoring, network, RedTeam, resilience, sans, service, spy, supply-chain, technology“NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”The Chinese post says the country “shattered the US cyber attack plot of stealing secrets and infiltration and sabotage,…
-
Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines
Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Microsoft Windows machines. The campaign, first observed in early 2025, has since expanded its operations from Taiwan to Japan and Malaysia,…
-
131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users
A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but function as high-risk automation tools, systematically violating platform policies to facilitate large-scale spam campaigns, primarily targeting Brazilian…
-
Find hidden malicious OAuth apps in Microsoft 365 using Cazadora
Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs’ Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/find-hidden-malicious-oauth-apps-in-microsoft-365-using-cazadora/
-
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA, whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser, most commonly a CAPTCHA, but also things like fixing an error on a…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…