Tag: malicious
-
Critical Gardyn Flaws Open Smart Garden Devices to Remote Hijacking
A recently updated advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has revealed severe vulnerabilities in Gardyn Home Kit systems. These critical flaws carry a maximum CVSS score of 9.3 and could allow malicious actors to hijack smart gardening devices remotely. According to the April 2026 alert, successful exploitation enables unauthenticated attackers to completely…
-
Malicious Browser Extensions: An Overlooked Security Threat
Malicious browser extensions are an overlooked security threat with access to all your SaaS data. Learn how to detect and stop them before damage is done. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/malicious-browser-extensions-an-overlooked-security-threat/
-
Malicious Browser Extensions: An Overlooked Security Threat
Malicious browser extensions are an overlooked security threat with access to all your SaaS data. Learn how to detect and stop them before damage is done. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/malicious-browser-extensions-an-overlooked-security-threat/
-
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Tags: control, data, detection, endpoint, hacker, malicious, malware, open-source, ransomware, sophosAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…
-
Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies
The intrusions exploited vulnerabilities in the open-source Roundcube webmail platform that allow attackers to execute malicious code when a victim simply opens an email in their inbox. First seen on therecord.media Jump to article: therecord.media/ukraine-confirms-suspected-apt28-campaign-targeting-prosecutors
-
Hackers Deploy ATHR for Scalable AI-Driven Vishing and Credential Theft
Tags: ai, attack, automation, credentials, cyber, cybercrime, email, hacker, malicious, phishing, theftHackers are increasingly turning to telephone-oriented attack delivery (TOAD) to bypass traditional email security, and a new cybercrime platform called ATHR is accelerating this trend with AI-driven automation and integrated phishing capabilities. TOAD attacks rely on a simple but effective tactic: instead of embedding malicious links or attachments, attackers send benign-looking emails containing only a…
-
Google Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion Ads
Google has significantly escalated its fight against cybercriminals, deploying its advanced Gemini AI to neutralize malicious advertising campaigns. By leveraging generative AI, the tech giant intercepted more than 99% of these harmful advertisements before they ever reached end users. This milestone marks a major shift in how cybersecurity defenses handle automated threats. Threat actors have…
-
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign
Multiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors are disguising malicious payloads as legitimate installers for tools such as Proton VPN, OhmGraphite, Sidebar Diagnostics, Pachtop, and HardwareVisualizer. The files are hosted…
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…
-
Hackers Exploit n8n Webhooks to Spread Malware
A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
-
Copilot and Agentforce fall to form-based prompt injection tricks
PipeLeak: Salesforce Agentforce hijacked by a simple lead: In the Salesforce Agentforce case, attackers embed malicious instructions inside a public-facing lead form. When an internal user later asks the agent to review or process that lead, the agent executes the embedded instructions as if they were part of its task.According to a Capsule demonstration, the…
-
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Networking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy management platform that provides secure access to enterprise network resources. The most severe of these new flaws…
-
Copilot and Agentforce fall to form-based prompt injection tricks
PipeLeak: Salesforce Agentforce hijacked by a simple lead: In the Salesforce Agentforce case, attackers embed malicious instructions inside a public-facing lead form. When an internal user later asks the agent to review or process that lead, the agent executes the embedded instructions as if they were part of its task.According to a Capsule demonstration, the…
-
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.”PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos First seen on thehackernews.com…
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/malicious-chrome-extensions-steal-google-telegram-data
-
PowMix botnet targets Czech workforce
Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/
-
Mirax malware campaign hits 220K accounts, enables full remote control
Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices…
-
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
-
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
-
Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug
Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/cargo-theft-malware-actor-decoy-network/
-
Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites
More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-malicious-wordpress-plugins-backdoor-april-2026/
-
Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft
Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection. The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-malicious-chrome-extensions-data-theft/
-
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-expands-gemini-ai-use-to-fight-malicious-ads-on-its-platform/
-
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/
-
Over 100 Chrome Web Store extensions steal user accounts, data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-100-chrome-extensions-in-web-store-target-users-accounts-and-data/
-
Hackers Are Using GitHub and Jira to Bypass Your Security
The modern enterprise runs on collaboration tools. Platforms like GitHub and Jira are deeply embedded in daily workflows, powering everything from development to project management. But that same trust is now being weaponized. New reporting from Cyber Security News reveals how attackers are exploiting notification systems within these platforms to deliver malicious payloads. Instead of…