Tag: malicious
-
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
-
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts.The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”) First seen on…
-
LayerX Finds Malicious ChatGPT Extensions Hijack User Accounts
LayerX found malicious ChatGPT extensions hijacking user sessions to steal sensitive AI data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/layerx-finds-malicious-chatgpt-extensions-hijack-user-accounts/
-
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially used malicious ZIP and RAR attachments posing as job opportunity documents. More recent activity observed…
-
Critical FortiCloud SSO zero”‘day forces emergency service disablement at Fortinet
Attack details and indicators: Fortinet’s investigation into the exploitation revealed attackers used two specific FortiCloud accounts: “cloud-noc@mail.io” and “cloud-init@mail.io,” though the company warned “these addresses may change in the future.”Fortinet identified multiple IP addresses associated with the attacks, including several Cloudflare-protected addresses that attackers used to obscure their activities.”Following authentication via SSO, it has been…
-
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT).The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times.”Hidden inside the First seen…
-
Researchers Uncover 454,000+ Malicious Open Source Packages
Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/454000-malicious-open-source/
-
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun
Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilities collectively tracked as “PackageGate” affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and…
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft released an emergency Office patch to fix an actively exploited zero-day flaw that lets attackers bypass security via malicious files. The post Microsoft Issues Emergency Patch for Active Office Zero-Day appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-office-zero-day-emergency-patch-january-2026/
-
AI & the Death of Accuracy: What It Means for Zero-Trust
AI model collapse, where LLMs over time train on more and more AI-generated data and become degraded as a result, can introduce inaccuracies, promulgate malicious activity, and impact PII protections. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-death-accuracy-zero-trust
-
Microsoft Rushes Emergency Patch for Office Zero-Day
To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-rushes-emergency-patch-office-zero-day
-
‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/
-
LayerX Discovers Malicious Chrome Extensions Stealing ChatGPT Accounts
Security researchers from LayerX discovered 16 malicious Chrome extensions created by the same threat actor designed to intercept users’ interaction with ChatGPT chatbots and steal their account credentials, the latest instance in a growing trend. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/layerx-discovers-malicious-chrome-extensions-stealing-chatgpt-accounts/
-
16 Fake ChatGPT Extensions Caught Hijacking User Accounts
A coordinated campaign of 16 malicious GPT optimisers has been caught hijacking ChatGPT accounts. These tools steal session tokens to access private chats, Slack, and Google Drive files. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-extensions-hijack-user-accounts/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pyodide-sandbox-escape-rce-grist/
-
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT executable files that impersonate popular applications. Once users execute these files, the malware establishes contact with command-and-control (C2) servers to deliver secondary payloads,…
-
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist”‘Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.”One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” First seen…
-
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments.The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro First seen on…
-
Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud
Tags: authentication, bug-bounty, control, corporate, defense, email, github, guide, hacker, malicious, malware, microsoft, vulnerabilitydisabling the ability to run lifecycle scripts, commands that run automatically during package installation,saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if…
-
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-malware-service-guarantees-phishing-extensions-on-chrome-web-store/
-
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attacks-abuse-windows-app-v-scripts-to-push-malware/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…