Tag: malicious
-
NDSS 2025 ERW-Radar
Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, softwareAuthors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
-
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat First…
-
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio First seen on…
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL
A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000 and comes with a guarantee that it will pass Google’s Chrome Web Store review process.…
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint
Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing campaign targeting energy sector organizations. The campaign misused SharePoint file-sharing to deliver phishing links and created inbox rules to hide malicious activity and maintain persistence. After the initial…
-
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process. First seen on hackread.com Jump to article: hackread.com/stanley-toolkit-russia-forum-fakes-chrome-urls/
-
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in…
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
1Password adds pop-up warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/1password-adds-pop-up-warnings-for-suspected-phishing-sites/
-
1Password adds pop-pup warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/1password-adds-pop-pup-warnings-for-suspected-phishing-sites/
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver,…
-
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta Alerts Customers’ CISOs to Malicious Campaigns Seeking Single Sign-On Access. A surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among…
-
Malicious AI extensions on VSCode Marketplace steal developer data
Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ai-extensions-on-vscode-marketplace-steal-developer-data/
-
NDSS 2025 Attributing Open-Source Contributions Is Critical But Difficult
Tags: attack, awareness, conference, cryptography, email, github, Internet, malicious, network, open-source, programming, software, supply-chainSession 9D: Github + OSN Security Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information…
-
Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware
Fake Captcha and >>ClickFix<< lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions…
-
20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access
A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict…
-
What are drive-by download attacks?
A drive-by download attack is a type of cyber threat where malicious software is downloaded and installed on a user’s device without their knowledge or consent simply by visiting a compromised or malicious website. Unlike traditional malware attacks, users often do not have to click a link or open an attachment, the infection can… First…
-
Fortinet Firewalls Hit With Malicious Configuration Changes
Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/fortinet-firewalls-malicious-configuration-changes
-
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and…
-
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual…
-
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for…
-
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
-
JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure
JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about JA3’s relevance fueled by frozen public databases and inconsistent threat intelligence updates the indicator remains a powerful asset for SOC and threat hunting teams.…
-
Node.js binary-parser Library Flaw Enables Malicious Code Injection
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process…