Tag: malicious
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rustSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
-
Google ads for fake Homebrew, LogMeIn sites push infostealers
A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-ads-for-fake-homebrew-logmein-sites-push-infostealers/
-
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins).”The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher…
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate. First seen on hackread.com Jump to article: hackread.com/perplexity-comet-browser-download-ads-malware-google/
-
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate. First seen on hackread.com Jump to article: hackread.com/perplexity-comet-browser-download-ads-malware-google/
-
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/vanilla-tempest-fake-microsoft-teams/
-
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at risk of deploying malicious code under the guise of routine patches. ConnectWise Automate 2025.9, released…
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
-
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a…
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now
Tags: access, attack, breach, cisa, cloud, crowdstrike, cve, cvss, cyber, cybersecurity, data, data-breach, detection, edr, endpoint, exploit, government, Hardware, infrastructure, intelligence, Internet, kubernetes, malicious, mitigation, monitoring, network, risk, software, supply-chain, technology, theft, threat, tool, update, vulnerability, vulnerability-managementPartnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation, it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno. Key takeaways: F5’s BIG-IP is used to secure everything from government agencies to critical infrastructure. …
-
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now
Tags: access, attack, breach, cisa, cloud, crowdstrike, cve, cvss, cyber, cybersecurity, data, data-breach, detection, edr, endpoint, exploit, government, Hardware, infrastructure, intelligence, Internet, kubernetes, malicious, mitigation, monitoring, network, risk, software, supply-chain, technology, theft, threat, tool, update, vulnerability, vulnerability-managementPartnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation, it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno. Key takeaways: F5’s BIG-IP is used to secure everything from government agencies to critical infrastructure. …
-
Nation-state hackers deliver malware from “bulletproof” blockchains
Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/
-
Microsoft disrupts ransomware attacks targeting Teams users
Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disrupts-ransomware-attacks-targeting-teams-users/
-
North Korean hackers seen using blockchain to hide crypto-stealing malware
Google security researchers said on Thursday that they observed a Pyongyang-backed hacking group, tracked as UNC5342, deploying a method known as EtherHiding, a way of embedding malicious code inside smart contracts on decentralized networks such as Ethereum and BNB Smart Chain. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-blockchain-hiding-malware
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked Update Your LastPass Desktop App to Maintain Vault Security.” In reality, LastPass has not been compromised;…
-
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects to a malicious AMQP server. Attackers can exploit this flaw to run arbitrary code on…
-
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects to a malicious AMQP server. Attackers can exploit this flaw to run arbitrary code on…
-
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware, Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting team recently detected a surge in malicious activity leveraging SEO manipulation, primarily targeting Bing search…
-
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware, Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting team recently detected a surge in malicious activity leveraging SEO manipulation, primarily targeting Bing search…
-
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware, Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting team recently detected a surge in malicious activity leveraging SEO manipulation, primarily targeting Bing search…