Tag: malicious
-
Warning: Malicious AI Tools Being Distributed as Chrome Extensions by Threat Actors
Cybercriminals are exploiting the growing popularity of artificial intelligence tools by distributing malicious Chrome browser extensions that masquerade as legitimate AI services. These fake extensions, mimicking popular AI platforms like ChatGPT, Claude, Perplexity, and Meta’s Llama, are designed to hijack user prompts and redirect them to attacker-controlled domains for malicious purposes. Security researchers from Palo…
-
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Microsoft Threat Intelligence detected a new AI-powered phishing campaign using LLMs to hide malicious code inside SVG files disguised as business dashboards. First seen on hackread.com Jump to article: hackread.com/microsoft-ai-phishing-attack-hiding-svg-files/
-
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Microsoft Threat Intelligence detected a new AI-powered phishing campaign using LLMs to hide malicious code inside SVG files disguised as business dashboards. First seen on hackread.com Jump to article: hackread.com/microsoft-ai-phishing-attack-hiding-svg-files/
-
APT35 Hackers Targeting Government and Military to Steal Login Credentials
Tags: credentials, cyber, government, hacker, intelligence, login, malicious, military, phishing, threatStormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting operation, Stormshield’s Cyber Threat Intelligence (CTI) team discovered two malicious servers exhibiting hallmark characteristics of APT35 infrastructure. These servers, mirroring footprints documented by Check Point, are hosting phishing pages designed…
-
Malicious Code in Fake Postmark MCP Server Steals Thousands of Emails
A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line of code. Over the course of 15 incremental releases, the threat actor behind postmark-mcp built…
-
Lunar Spider Infected Windows Machine in Single Click and Harvested Login Credentials
A sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months. The intrusion, which began in May 2024, demonstrates the evolving threat landscape where initial access can rapidly escalate to full…
-
Hackers Distribute Malicious Microsoft Teams Build to Steal Remote Access
Cybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware. The campaign targets users searching for legitimate Microsoft Teams downloads through search engines. When users search for terms like >>teams download,
-
Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC
The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-mcp-server-exfiltrates-secrets-bcc
-
One line of malicious npm code led to massive Postmark email heist
MCP plus open source plus typosquatting “¦ what could possibly go wrong? First seen on theregister.com Jump to article: www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/
-
Microsoft Sniffs Out AI-Based Phishing Campaign Using Its AI-Based Tools
Microsoft used AI-based tools in Defender for Office 365 to detect and block a phishing campaign in which Security Copilot determined the malicious code was likely written by a LLM, marking the latest incident in which AI security tools were used to combat an AI-based cyberattack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/microsoft-sniffs-out-ai-based-phishing-campaign-using-its-ai-based-tools/
-
Abusing Notion’s AI Agent for Data Theft
Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data”, one of the most common purposes of tools in the first place! Exposure to untrusted content”,…
-
Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv
Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ukrainian-cops-spoofed-fileless-phishing-attacks-kyiv
-
New TamperedChef Malware Exploits Productivity Tools to Access and Exfiltrate Sensitive Data
A sophisticated malware campaign dubbed “TamperedChef” is exploiting trojanized productivity tools”, disguised as seemingly benign applications”, to bypass security controls, establish persistence, and siphon sensitive information from targeted systems. On September 22, 2025, Field Effect researchers investigating a potentially unwanted application (PUA) flagged by Microsoft Defender uncovered two malicious applications”, ImageLooker.exe and Calendaromatic.exe”, delivered via…
-
WhatsApp 0-Click Flaw Abused via Malicious DNG Image File
A newly discoveredzero-click remote code execution (RCE)vulnerability in WhatsApp is putting millions of Apple users at risk. Researchers from DarkNavyOrg have demonstrated a proof-of-concept (PoC) exploit that leverages two distinct flaws to compromise iOS, macOS, and iPadOS devices without any user interaction. The attack chain begins with CVE-2025-55177, a critical logic error in WhatsApp’s message…
-
Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours”, dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication”, often originating from hosting-related ASNs”, threat actors initiated port scans, leveraged Impacket SMB tools for discovery,…
-
Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours”, dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication”, often originating from hosting-related ASNs”, threat actors initiated port scans, leveraged Impacket SMB tools for discovery,…
-
Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say
A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors. First seen on wired.com Jump to article: www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/
-
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks.According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called “postmark-mcp” that copied an official Postmark Labs library of the…
-
Coherence: Insider risk strategy’s new core principle
Malicious action “, deliberate harm from within, often rooted in disaffection, misalignment, or ideological fractureHuman error “, unintentional harm caused by confusion, fatigue, or misjudgment under pressureThese two paths look different but demand the same thing: a system that knows how to detect misalignment early and how to keep people inside the mission before risk…
-
How attackers poison AI tools and defenses
Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/poisoned-ai-prompt/
-
SVG Files Abused to Deploy PureMiner Malware and Exfiltrate Data
Cybercriminals are exploiting SVG files as an initial attack vector in a multi-stage campaign designed to impersonate Ukrainian government communications. FortiGuard Labs has uncovered a sophisticated phishing campaign targeting Ukrainian government agencies through malicious Scalable Vector Graphics (SVG) files, ultimately deploying both cryptocurrency mining malware and information stealers to compromise victim systems. The attack begins…
-
Threat Actors Exploiting Dynamic DNS Providers for Malicious Activity
Cybersecurity researchers have identified a growing trend where threat actors are increasingly exploiting Dynamic DNS providers to host malicious infrastructure, posing significant risks to enterprise organizations worldwide. Dynamic DNS providers, also known as publicly rentable subdomain providers, have become attractive targets for malicious actors due to their accessibility and limited regulatory oversight. These services essentially…
-
Notepad++ DLL Hijack Flaw Lets Attackers Run Malicious Code
Security researchers have identified a critical DLL hijacking vulnerability in Notepad++ version 8.8.3, tracked as CVE-2025-56383. This flaw enables attackers to execute arbitrary code by replacing legitimate Dynamic Link Library (DLL) files within the application’s plugin directory with malicious versions that maintain the same export functions. Technical Details The vulnerability specifically targets Notepad++’s plugin system, particularly…
-
Researchers Expose Phishing Threats Distributing CountLoader and PureRAT
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.”The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with…
-
Hackers Use Fake Invoices to Spread XWorm RAT via Office Files
Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat. First seen on hackread.com Jump to article: hackread.com/hackers-fake-invoices-xworm-rat-office-files/
-
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.”The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with…
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-edge-to-block-malicious-sideloaded-extensions/