Tag: malicious
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-edge-to-block-malicious-sideloaded-extensions/
-
Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents
Enterprises everywhere are embracing MCP servers”, tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server”, postmark-mcp”, has emerged, quietly exfiltrating every email it processes. Since its initial release, postmark-mcp…
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
Malicious MCP Server Found Quietly Stealing Emails
A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of code. Koi Security researchers said the incident highlights the security threats organizations are letting in through their blind trust of…
-
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility.”Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,” Infoblox said…
-
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust’s official crate repository scanned developers’ systems to steal cryptocurrency private keys and other secrets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-rust-packages-on-cratesio-steal-crypto-wallet-keys/
-
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP archive containing a malicious executable that encrypts a wide range of file types, appends a custom “.bqtlock” extension, and deletes…
-
Malicious AI Agent Server Reportedly Steals Emails
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-ai-agent-server/
-
Co-op Cyberattack Causes £80 Million Profit Loss and Data Breach Impact
The Co-op has revealed that a malicious cyberattack earlier this year impacted its business, resulting in an £80 million hit to its operating profit. The cyberattack on Co-op forced the retailer to take emergency measures that disrupted both its grocery and funeral services, First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cyberattack-on-co-op/
-
New Malicious Rust Crates Impersonate fast_log to Steal Solana and Ethereum Wallet Keys
A pair of malicious Rust crates masquerading as the popular fast_log library have been uncovered, harvesting private Solana and Ethereum keys from developers’ environments. The impostor crates include legitimate-looking logging functionality to evade detection, while a hidden routine scans source files for wallet keys and exfiltrates them to a hardcoded command-and-control (C2) endpoint. Between them,…
-
Hackers Use AI-Generated Code to Obfuscate Payloads and Bypass Traditional Defenses
A recent credential phishing campaign detected by Microsoft Threat Intelligence used AI-generated code within an SVG file to disguise malicious behavior. While the novel obfuscation techniques showcased attacker ingenuity, AI-powered defenses successfully blocked the attack”, underscoring that AI-augmented threats remain detectable when defenders adapt analytic strategies. On August 18, Microsoft Threat Intelligence identified a targeted…
-
Hackers Use AI-Generated Code to Obfuscate Payloads and Bypass Traditional Defenses
A recent credential phishing campaign detected by Microsoft Threat Intelligence used AI-generated code within an SVG file to disguise malicious behavior. While the novel obfuscation techniques showcased attacker ingenuity, AI-powered defenses successfully blocked the attack”, underscoring that AI-augmented threats remain detectable when defenders adapt analytic strategies. On August 18, Microsoft Threat Intelligence identified a targeted…
-
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
-
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
Demand for UK government debt falls as political risks spook bond market as it happened
UK bond yields have risen today, as an auction of government debt received only weak demand. Economists blame policy uncertainty.<ul><li><a href=”https://www.theguardian.com/business/2025/sep/25/co-op-says-malicious-cyber-attack-has-hit-profits-by-80m”>Co-op says ‘malicious’ cyber-attack has hit profits by £80m</li></ul><strong><br></strong><strong>The Co-op Group expects that its cyber-attack will wipe out £120m of profits for the full financial year, including <a href=”https://www.theguardian.com/business/live/2025/sep/25/co-op-cyber-attack-cost-it-80m-profits-loss-government-support-jlr-suppliers-business-live-news?page=with%3Ablock-68d4d9c68f0892d6aebab4ed#block-68d4d9c68f0892d6aebab4ed”>the £80m already lost in the first…
-
SetupHijack Tool Abuses Race Conditions in Windows Installer to Hijack Setups
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The utility demonstrates how attackers can hijack privileged setup processes to run malicious payloads with SYSTEM or Administrator rights. Exploiting Race Conditions in Windows Installers SetupHijack targets installers and updaters that…
-
LNK Malware Leverages Legit Windows Files to Slip Past Defenses
In a recently observed campaign emerging from Israel, threat actors have revived the use of Windows shortcut (.LNK) files to deliver a potent Remote Access Trojan (RAT). These seemingly innocuous shortcut files exploit Living-off-the-Land Binaries (LOLBins) such as odbcconf.exe to silently register and execute malicious DLLs, evading security tools and complicating detection efforts. The attack…
-
Co-op says ‘malicious’ cyber-attack has hit profits by £80m
Retailer says it needs to focus on weaknesses in food business that led to gaps on shelves in its stores<ul><li><a href=”https://www.theguardian.com/business/live/2025/sep/25/co-op-cyber-attack-cost-it-80m-profits-loss-government-support-jlr-suppliers-business-live-news”>Business live latest updates</li></ul>The Co-op has fallen into the red after it suffered an £80m hit to profits as a result of a “malicious” cyber-attack earlier this year.The group, which owns more than 2,000 grocery…
-
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A severe Stored Cross-Site Scripting (XSS) vulnerability in the Prompt module of the DNN Platform enables low-privilege attackers to inject and execute arbitrary scripts in the context of privileged users. Published as GHSA-2qxc-mf4x-wr29 by Daniel Valadas yesterday, this vulnerability affects all versions of the DotNetNuke.Core package prior to 10.1.0 and carries a CVSS v3.1 base…
-
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
Cisco Talos has uncovered a sophisticated, long-running campaign active since 2022 that leverages DLL search order hijacking to deliver a novel PlugX variant with overlapping characteristics of the RainyDay and Turian backdoors. This operation, targeting telecommunications and manufacturing organizations across Central and South Asia, demonstrates a remarkable convergence of malware functionality and shared infrastructure that…
-
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.”Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious…
-
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are First seen on thehackernews.com Jump to…
-
SEO Poisoning Campaign Tied to Chinese Actor
In Operation Rewrite, an unspecified actor is using legitimate compromised web servers to deliver malicious content to visitors for financial gain. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/seo-poisoning-campaign-chinese-actor