Tag: malicious

Malicious Ivanti VPN Client Sites in Google Search Deliver Malware, Users Warned

Oct 16, 2025 10:07 AM

Tags: cyber, cybersecurity, exploit, google, ivanti, malicious, malware, software, threat, vpn

Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting team recently detected a surge in malicious activity leveraging SEO manipulation, primarily targeting Bing search…
When trusted AI connections turn hostile

Oct 16, 2025 9:08 AM

Tags: ai, LLM, malicious

Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/research-mcp-server-attacks/
When trusted AI connections turn hostile

Oct 16, 2025 9:08 AM

Tags: ai, LLM, malicious

Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/research-mcp-server-attacks/
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

Oct 16, 2025 8:07 AM

Tags: attack, banking, computer, cyber, cybersecurity, exploit, infection, malicious, malware, threat

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed >>Maverick.
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

Oct 16, 2025 8:07 AM

Tags: attack, banking, computer, cyber, cybersecurity, exploit, infection, malicious, malware, threat

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed >>Maverick.
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
A View from the C-suite: Aligning AI security to the NIST RMF FireTail Blog

Oct 16, 2025 12:08 AM

Tags: access, ai, attack, breach, csf, cybersecurity, data, data-breach, defense, detection, framework, governance, grc, guide, incident response, infrastructure, injection, jobs, LLM, malicious, nist, RedTeam, risk, risk-management, strategy, supply-chain, theft, tool, vulnerability

Oct 15, 2025 – Jeremy Snyder – In 2025, the AI race is surging ahead and the pressure to innovate is intense. For years, the NIST Cybersecurity Framework (CSF) has been our trusted guide for managing risk. It consists of five principles: identify, protect, detect, respond, and recover. But with the rise of AI revolutionizing…
UK ICO Fines Capita 14M Pounds Over 2023 Hack

Oct 15, 2025 11:14 PM

Tags: data, edr, malicious, privacy

Capita Ignored EDR Alert for 58 Hours, Say Investigators. British outsourcing giant Capita must pay 14 million pounds to British data regulators for privacy violations tied to a 2023 hack that impacted 6 million individuals. An EDR system caught the malicious file within 10 minutes but the company didn’t respond to the alert until 58…
Thousands Hit by Malicious VS Code Extensions Stealing Source Code

Oct 15, 2025 10:07 PM

Tags: crypto, malicious

TigerJack’s fake VS Code extensions stole source code, mined crypto, and hijacked developer systems across 17,000 installations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/malicious-vs-code-extension/
Thousands Hit by Malicious VS Code Extensions Stealing Source Code

Oct 15, 2025 10:07 PM

Tags: crypto, malicious

TigerJack’s fake VS Code extensions stole source code, mined crypto, and hijacked developer systems across 17,000 installations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/malicious-vs-code-extension/
Thousands Hit by Malicious VS Code Extensions Stealing Source Code

Oct 15, 2025 10:07 PM

Tags: crypto, malicious

TigerJack’s fake VS Code extensions stole source code, mined crypto, and hijacked developer systems across 17,000 installations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/malicious-vs-code-extension/
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Oct 15, 2025 5:55 PM

Tags: access, data-breach, exploit, malicious, marketplace, risk, software, supply-chain, update

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.”A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Oct 15, 2025 5:55 PM

Tags: access, data-breach, exploit, malicious, marketplace, risk, software, supply-chain, update

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.”A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension…
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
Introducing MAESTRO: A framework for securing generative and agentic AI

Oct 15, 2025 2:54 PM

Tags: ai, api, attack, banking, business, cloud, compliance, container, control, data, detection, endpoint, fintech, framework, fraud, GDPR, governance, identity, infrastructure, injection, kubernetes, LLM, malicious, mitre, monitoring, network, nist, PCI, radius, risk, saas, service, supply-chain, threat, tool, unauthorized

System boundary: MAESTRO reviews focus on models, AI agents, data flows, CI/CD pipelines, supporting tools and third-party APIs. Broader IT security hygiene (patching, identity governance, endpoint protection) is assumed to be managed by existing programs.Assumptions: organizations have the security baseline configurations and compliance, such as ISO 27XXX, in place. MAESTRO builds on these baselines and…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Oct 15, 2025 12:54 PM

Tags: backup, cyber, flaw, infrastructure, malicious, rce, remote-code-execution, update, veeam, vulnerability

Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. With attackers likely to reverse-engineer the patch, organizations must apply the update without delay to…
Chrome UseFree Flaw Lets Attackers Execute Arbitrary Code

Oct 15, 2025 12:54 PM

Tags: browser, chrome, cve, cyber, cybercrime, flaw, google, malicious, update, vulnerability

Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has earned a High severity rating from Google’s security team. Critical Vulnerability in Chrome’s Safe Browsing…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions

Oct 15, 2025 11:54 AM

Tags: backdoor, crypto, cyber, hacker, malicious, marketplace, threat

Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish remote backdoors for complete system control. A newly identified threat actor known as TigerJack has…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
13 cybersecurity myths organizations need to stop believing

Oct 15, 2025 9:54 AM

Tags: access, ai, attack, authentication, backup, banking, breach, business, ceo, compliance, computer, computing, corporate, credentials, cyber, cybersecurity, data, data-breach, deep-fake, defense, encryption, finance, government, group, identity, incident response, infrastructure, jobs, law, malicious, mfa, monitoring, network, nist, openai, passkey, password, phishing, privacy, regulation, risk, service, skills, strategy, technology, theft, threat, tool, vulnerability

Big tech platforms have strong verification that prevents impersonation: Some of the largest tech platforms like to talk about their strong identity checks as a way to stop impersonation. But looking good on paper is one thing, and holding up to the promise in the real world is another.”The truth is that even advanced verification…
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence

Oct 14, 2025 8:24 PM

Tags: apt, china, exploit, group, malicious, software

The China-based APT group Flax Typhoon used a function within ArcGIS’ legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/chinas-flax-typhoon-exploits-arcgis-app-for-year-long-persistence/