Tag: malicious
-
New VMScape Spectre-BTI Attack Targets Isolation Flaws in AMD and Intel CPUs
Cybersecurity researchers at ETH Zurich have disclosed a critical new Spectre-based attack calledVMSCAPEthat exploits incomplete branch predictor isolation in virtualized cloud environments. The attack, tracked asCVE-2025-40300, affects multiple generations of AMD and Intel processors and enables malicious virtual machines to steal sensitive data from hypervisor processes. Attack Methodology and Impact VMSCAPE represents the first practical…
-
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers…
-
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers…
-
Malicious Chrome Add-On Steals Facebook, Instagram Ad Credentials
A fake Chrome tool, Madgicx Plus, steals Meta ad credentials, hijacking budgets and accounts via stealthy browser exploits. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-add-on-steals-meta-ad-accounts/
-
Microsoft adds malicious link warnings to Teams private chats
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-adds-malicious-link-warnings-to-teams-private-chats/
-
Cryptohack Roundup: SwissBorg’s $41M Exploit
Also: Hackers Use Ethereum Smart Contracts to Hide Malicious npm Code. SwissBorg $41M hack, hidden malicious npm code, sanctions on Southeast Asian networks, California launderer’s sentencing, Kinto’s shuttering, Venus Protocol pays back victim, Nemo Protocol hack, DOJ’s $5M recovery effort, Lagarde’s proposed rules and the SEC-CFTC plan for market clarity. First seen on govinfosecurity.com Jump…
-
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/
-
EggStreme Malware Emerges With Fileless Techniques and DLL Sideloading Payloads
A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data…
-
Default Cursor setting can be exploited to run malicious code on developers’ machines
An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/11/cursor-ai-editor-vulnerability/
-
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)”, ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT”, via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains a malicious executable that initiates a multi-stage attack chain designed to evade analysis,…
-
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data.The malvertising campaign, per Bitdefender, is designed to push fake “Meta Verified” browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37…
-
Cursor AI Code Editor RCE Flaw Allows Malicious Code to Autorun on Machines
A critical vulnerability in the Cursor AI Code Editor exposes developers to stealthy remote code execution (RCE) attacks when opening code repositories, security researchers warn. The flaw, discovered by Oasis Security, allows attackers to deliver and run harmful code automatically, with no warning prompt, putting vital secrets and cloud access at risk. Vulnerability Breakdown Cursor,…
-
1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon
FastNetMon today announced that it detecteda record-scale distributed denial-of-service (DDoS) attacktargeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached1.5 billion packets per second (1.5 Gpps)”, one of the largest packet-rate floods publicly disclosed. The malicious traffic was primarily aUDP floodlaunched from compromised customer-premises equipment (CPE), including IoT devices and…
-
DDoS Mitigation Provider Hit by Massive 1.5 Billion Packets Per Second Attack
FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack peaked at 1.5 billion packets per second (1.5 Gpps), making it one of the largest packet-rate floods ever publicly disclosed. The malicious traffic was primarily a UDP flood launched from…
-
Chrome Extension Scam Exposed: Hackers Stealing Meta Accounts
Tags: ai, browser, business, chrome, credentials, cyber, cybercrime, data-breach, hacker, malicious, scam, service, toolA sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolving malicious Chrome extension campaign that specifically targets Meta (Facebook/Instagram) advertisers through a deceptive platform called >>Madgicx Plus.
-
Students Pose Inside Threat to Education Sector
The threats may not be malicious, but they are more than many security teams can handle. First seen on darkreading.com Jump to article: www.darkreading.com/insider-threats/students-inside-threat-education-sector
-
Adobe Commerce and Magento users: Patch critical SessionReaper flaw now
app/etc/env.php and injecting malicious JavaScript via the REST API to harvest customer data.Adobe stated in its advisory that no active exploitation of SessionReaper has been observed so far. However, given the history of Magento and Adobe Commerce vulnerabilities, this could change quickly.”SessionReaper is among the most severe Magento vulnerabilities to date, comparable to Shoplift (2015),…
-
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it’s opened. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cursor-ai-editor-lets-repos-autorun-malicious-code-on-devices/
-
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme.”This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads,” Bitdefender First seen on thehackernews.com Jump to…
-
Meta Verified Scam Ads on Facebook Steal User Account Details
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unlock Meta’s coveted blue verification tick through a seemingly legitimate browser extension. These ads, accompanied by instructional videos,…
-
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.The vulnerabilities are listed below -CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious First…
-
Malicious npm Code Reached 10% of Cloud Environments
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-npm-code-10-cloud/
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
GitHub Breach Exposed 700+ Companies in Months-Long Attack
Cybersecurity investigators say a massive supply-chain attack affecting over 700 companies began with a seemingly minor GitHub breach earlier this year. Salesloft first disclosed a security issue in the Drift application on Aug. 21, then shared more details about malicious OAuth token abuse five days later. According to an investigation by Mandiant, which is aiding…
-
Inside Rail Europe’s Strategy to Stop Bots Before They Disrupt Business
Discover how Rail Europe blocks malicious traffic in real time”, without latency or impact on user experience”, using DataDome’s AI-powered Cyberfraud Protection Platform. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/inside-rail-europes-strategy-to-stop-bots-before-they-disrupt-business/