Tag: malicious
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
WordPress Woes Continue Amid ClickFix Attacks, TDS Threats
Vulnerable and malicious plug-ins are giving threat actors the ability to compromise WordPress sites and use them as a springboard to a variety of cyber threats and scams. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/wordpress-woes-clickfix-attacks-tds-threats
-
Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-npm-package-email-library/
-
Massive 11.5 Tbps UDP Flood DDoS Attack Originated From Google Cloud
Cloudflare disclosed that its automated defenses intercepted and neutralized a record-shattering Distributed Denial-of-Service (DDoS) assault peaking at 11.5 terabits per second (Tbps). The attack, characterized as a hyper-volumetric UDP flood, lasted just 35 seconds but set a new industry high for network bandwidth consumed by malicious traffic. Detailed analysis from Cloudflare shows that the majority…
-
New WhatsApp Scam Poses Serious Risk: Hackers Can Hijack Your Chats
Users of the popular messaging app WhatsApp are being targeted by a new, highly deceptive scam that grants attackers full access to victims’ contacts, chat history, and media files. Cybercriminals are exploiting the app’s device linking feature to hijack accounts, then using the compromised profiles to spread further malicious links to unsuspecting friends and family.…
-
MobSF Vulnerability Allows Attackers to Upload Malicious Files
Tags: application-security, cyber, exploit, flaw, framework, malicious, mobile, open-source, vulnerabilityCritical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive data. Two significant vulnerabilities have been identified in the popular Mobile Security Framework (MobSF), a widely-used open-source mobile application security testing platform. The flaws, tracked…
-
HashiCorp Vault Vulnerability Allows Attackers to Crash Servers
A critical vulnerability in HashiCorp Vault”, tracked as CVE-2025-6203 and HCSEC-2025-24″, has been disclosed that allows malicious actors to submit specially crafted payloads capable of exhausting server resources and rendering Vault instances unresponsive. The flaw affects both Vault Community and Enterprise editions, spanning versions 1.15.0 through 1.20.2 (with select earlier patch versions), and was publicly…
-
Azure AD Vulnerability Leaks Credentials, Lets Attackers Deploy Malicious Apps
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses acritical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity assessment by Resecurity’s HUNTER Team, researchers discovered that a publicly accessible appsettings.json file had exposed the ClientId and ClientSecret of an Azure AD application,…
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347 First seen…
-
Food Delivery Robots Vulnerable to Hacks That Redirect Orders
A startling vulnerability in Pudu Robotics’ management APIs that allowed anyone with minimal technical skill to seize control of the company’s food delivery and service robots. The vulnerability, which went unaddressed for weeks despite repeated responsible”disclosure attempts, could have enabled malicious actors to redirect BellaBots and other Pudu models to deliver meals to unintended recipients,…
-
Food Delivery Robots Vulnerable to Hacks That Redirect Orders
A startling vulnerability in Pudu Robotics’ management APIs that allowed anyone with minimal technical skill to seize control of the company’s food delivery and service robots. The vulnerability, which went unaddressed for weeks despite repeated responsible”disclosure attempts, could have enabled malicious actors to redirect BellaBots and other Pudu models to deliver meals to unintended recipients,…
-
Crooks exploit Meta malvertising to target Android users with Brokewell
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. >>Bitdefender researchers recently uncovered a wave of malicious ads on Facebook…
-
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
Tags: api, cyber, data-breach, flaw, google, hacker, malicious, remote-code-execution, vulnerability, windowsA critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw allowed attackers to inject malicious CSS into a configuration file and leverage an internal API…
-
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
Tags: api, cyber, data-breach, flaw, google, hacker, malicious, remote-code-execution, vulnerability, windowsA critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw allowed attackers to inject malicious CSS into a configuration file and leverage an internal API…
-
Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware
Tags: cyber, defense, email, exploit, hacker, incident response, infrastructure, intelligence, malicious, malware, phishing, threatIn recent months, Trustwave SpiderLabs”, a LevelBlue company renowned for its threat intelligence and incident response services”, has observed a marked uptick in phishing campaigns that leverage legitimate email marketing platforms to cloak malicious links. By hijacking established infrastructure and URL redirectors, attackers are evading traditional defenses and duping recipients into divulging sensitive information. To…
-
Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems
A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta Threat Intelligence reports that attackers have used malicious search engine advertisements”, particularly sponsored ads on Google Search”, to lure unsuspecting hospitality professionals to counterfeit login portals. The ultimate goal: harvesting credentials for cloud-based property management…
-
Hackers Register Domains to Target 2026 FIFA World Cup in Cyberattack
A concerning surge in malicious domain registrations designed to exploit the upcoming 2026 FIFA World Cup, with threat actors already positioning themselves more than a year before the tournament begins. A comprehensive investigation by PreCrime Labs, the threat research division of BforeAI, has revealed that cybercriminals are systematically registering fraudulent domains to capitalize on the…
-
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever…
-
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Tags: attack, cyber, cybersecurity, endpoint, malicious, monitoring, open-source, software, threat, toolCybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes.”In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating…
-
Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
Tags: access, advisory, attack, authentication, china, cisa, cisco, credentials, cve, cyber, cybersecurity, data, espionage, exploit, firewall, fortinet, germany, government, identity, infrastructure, injection, ivanti, kev, malicious, microsoft, military, mitigation, mitre, network, remote-code-execution, risk, software, tactics, threat, update, vulnerability, zero-dayAn analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ)…
-
When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach
3 min readThis malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/when-salesforce-becomes-a-de-facto-credential-repository-lessons-from-the-drift-oauth-breach/
-
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser… First seen on hackread.com Jump to article: hackread.com/malicious-npm-packages-stole-chrome-user-data-windows/
-
Nevada Dental Practice Notifying 1.2M of Hack
Absolute Dental Says Breach Involved Third-Party Managed Services Firm. A Nevada dental practice is notifying more than 1.2 million individuals of a hacking incident that compromised sensitive health and personal information. The incident involved inadvertent execution of a malicious version of a legitimate software tool, said Absolute Dental. First seen on govinfosecurity.com Jump to article:…
-
Weaponized PDFs and LNK Files Used in Windows Attacks
A clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “êµê°€ì •ë³´ì—°êµ¬íšŒ 소ì‹ì§€ (52호)” (National Intelligence Research Society Newsletter Issue 52), alongside a malicious Windows shortcut (LNK) file named êµê°€ì •ë³´ì—°êµ¬íšŒ 소ì‹ì§€(52호).pdf.LNK. The attackers distribute both files together”, either within the same archive or as seemingly related attachments. When victims open the LNK…
-
VS Code Marketplace Abused by Threat Actors to Deliver Malware via Trusted Extensions
A recently uncovered vulnerability in the Visual Studio Code (VS Code) Marketplace has allowed malicious actors to hijack discontinued extension names and slip malware past unsuspecting developers. In June, ReversingLabs (RL) researchers discovered a new malicious extension, ahbanC.shiba, that bore the same “shiba” identifier as a ransomware-capable extension removed in March”, despite official documentation asserting…
-
AppSuite PDF Editor Exploit Lets Hackers Run Arbitrary Commands
A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its malicious components were deobfuscated and analyzed. Threat actors exploited high-ranking PDF tool websites to distribute a…