Tag: malicious
-
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-ghostaction-campaign-3325-secrets-stolen-through-compromised-github-workflows/
-
Over 143,000 Malware Files Target Android and iOS Users in Q2 2025
In the second quarter of 2025, users of Android and iOS devices faced relentless cyberthreats, with Kaspersky Security Network reporting nearly 143,000 malicious installation packages detected across its mobile security products. Although the overall number of mobile attacks”, including malware, adware, and potentially unwanted software”, dropped to 10.71 million in Q2, Trojans remained the predominant…
-
Cybercriminals ‘Grok’ Their Way Past X’s Defenses to Spread Malware
Hackers exploit X’s Grok AI to spread malware via promoted ads, exposing millions to malicious links in a scheme researchers call “Grokking.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-grok-ai-malware-grokking/
-
Cybercriminals ‘Grok’ Their Way Past X’s Defenses to Spread Malware
Hackers exploit X’s Grok AI to spread malware via promoted ads, exposing millions to malicious links in a scheme researchers call “Grokking.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-grok-ai-malware-grokking/
-
Stealthy attack serves poisoned web pages only to AI agents
AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/05/ai-agents-prompt-injection-poisoned-web/
-
Threat Actors Exploit ScreenConnect Installers for Initial Access
A marked escalation in the abuse of ConnectWise ScreenConnect installers since March 2025, with U.S.-based businesses bearing the brunt of these incursions. Adversaries are now deploying lightweight ClickOnce runner installers”, devoid of embedded configurations”, to evade static detection, fetching malicious components at runtime. Post-installation, attackers automate the rapid deployment of two distinct remote access trojans…
-
New Exploit Bypasses Code Integrity to Backdoor Signal, 1Password, Slack, and More
A new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Electron CVE-2025-55305, affects nearly every app built on the Chromium engine when they use Electron, a popular framework for making…
-
North Korean Hackers Expose Their Playbook for Swapping Infrastructure
Tags: cyber, cybersecurity, data-breach, hacker, infrastructure, intelligence, malicious, north-korea, threatA sophisticated North Korean cyber operation has been exposed, revealing how state-sponsored hackers systematically monitor cybersecurity intelligence platforms to detect when their malicious infrastructure is discovered and rapidly deploy replacement assets to maintain operations. The analysis, conducted by SentinelLABS in collaboration with Validin, provides unprecedented insight into the operational practices of threat actors behind the…
-
Hackers Exploit Google Calendar API with Serverless MeetC2 Framework
A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamlessly blend C2 communications into everyday SaaS usage, presenting fresh detection, telemetry, and response challenges for red and blue teams alike. In a recent internal purple-team…
-
Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability
Tags: access, attack, authentication, business, ciso, credentials, data, exploit, malicious, monitoring, password, programming, sans, sap, service, threat, vulnerability, zero-daydelete and insert data directly in the SAP Database;creating SAP users with SAP_ALL; download password hashes; modify business processes.”Historically, it has been difficult to apply patches to these complex systems, and many organizations will require careful (and slow) testing before the patches are deployed in production,” Johannes Ullrich, dean of research at the SANS Institute, told CSO.”ERP…
-
Sitecore zero-day configuration flaw under active exploitation
__VIEWSTATE and can be signed and encrypted with keys, called ValidationKey and DecryptionKey, stored in the application configuration file.If these keys are stolen or leaked, attackers can use them to craft malicious ViewState payloads inside POST requests that the server will then decrypt, validate, and execute by loading them into the memory of its worker…
-
Chinese Hackers Game Google to Boost Gambling Sites
New threat actor GhostRedirector is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/chinese-hackers-google-boost-gambling-sites
-
Iran-Nexus Hackers Impersonate Omani MFA to Target Governments Entities
Tags: breach, communications, cyber, cybersecurity, exploit, government, group, hacker, intelligence, iran, malicious, mfa, phishing, spear-phishingCybersecurity researchers uncovered a sophisticated, Iran-linked spear-phishing operation that exploited a compromised Ministry of Foreign Affairs (MFA) mailbox in Oman to deliver malicious payloads to government entities worldwide. Analysts attribute the operation to the “Homeland Justice” group, believed to be aligned with Iran’s Ministry of Intelligence and Security (MOIS). Leveraging stolen diplomatic communications, encoded macros,…
-
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
-
Cybercriminals ‘Grok’ Their Way Past X’s Defenses to Spread Malware
Hackers exploit X’s Grok AI to spread malware via promoted ads, exposing millions to malicious links in a scheme researchers call “Grokking.” First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/grokking/
-
GhostRedirector Hackers Target Windows Servers Using Malicious IIS Module
ESET security researchers have uncovered a sophisticated cyber threat campaign targeting Windows servers across multiple countries, with attackers deploying custom malware tools designed for both remote access and search engine manipulation. Cybersecurity experts at ESET have identified a previously unknown threat group dubbed GhostRedirector, which has successfully compromised at least 65 Windows servers primarily located in…
-
Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.The approach is…
-
Chinese APT Groups Exploit Router Flaws to Breach Enterprises
Chinese state-sponsored Advanced Persistent Threat (APT) groups have escalated their cyber espionage campaigns, systematically targeting global telecommunications, government, and military networks through sophisticated router exploitation techniques since 2021. Since at least 2021, Chinese state-sponsored cyber actors have been conducting extensive, stealthy operations to infiltrate and control key network devices across critical sectors worldwide. These malicious…
-
Hackers Exploit X’s Grok AI to Push Malicious Links Through Ads
Malicious actors have found a new way to slip harmful links into X’s promoted posts by tricking Grok, the platform’s AI assistant. Although X explicitly bans links in paid promotions to curb malvertising, scammers now harness Grok’s content amplification to “grok” these URLs into wide circulation. AI Bypass Sparks New Threat X prohibits any URLs…
-
Hackers Exploit X’s Grok AI to Push Malicious Links Through Ads
Malicious actors have found a new way to slip harmful links into X’s promoted posts by tricking Grok, the platform’s AI assistant. Although X explicitly bans links in paid promotions to curb malvertising, scammers now harness Grok’s content amplification to “grok” these URLs into wide circulation. AI Bypass Sparks New Threat X prohibits any URLs…
-
Smashing Security podcast #433: How hackers turned AI into their new henchman
Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator). First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-433/
-
Malicious npm packages use Ethereum blockchain for malware delivery
Tags: attack, blockchain, crypto, github, infrastructure, malicious, malware, open-source, software, supply-chaincolortoolsv2 and mimelib2 that used Ethereum smart contracts for malware delivery in July. But not much effort was put into making those packages look legitimate and attractive for developers to include in their projects, which is usually the goal of supply chain attacks with rogue npm packages.The colortoolsv2 package, and the mimelib2 one that later…
-
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-abuse-xs-grok-ai-to-spread-malicious-links/
-
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.”The two npm packages abused…
-
Malicious npm Packages Exploit Ethereum Smart Contracts
A malicious campaign using Ethereum smart contracts has been observed targeting developers via npm and GitHub First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-npm-packages-exploit/
-
Namespace Reuse Vulnerability Exposes AI Platforms to Remote Code Execution
A newly discovered vulnerability in the AI supply chain”, termed Model Namespace Reuse”, permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. By re-registering abandoned or deleted model namespaces on Hugging Face, malicious actors can trick pipelines that fetch…
-
Indirect Prompt Injection Attacks Against LLM Assistants
Tags: attack, automation, control, data, disinformation, email, framework, google, injection, LLM, malicious, mitigation, mobile, phishing, risk, risk-assessment, threat, toolReally good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware”, maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of…
-
Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tycoon-phishing-kit-hide-malicious/
-
Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tycoon-phishing-kit-hide-malicious/
-
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for…