Tag: malicious
-
Hackers Are Using GitHub and Jira to Bypass Your Security
The modern enterprise runs on collaboration tools. Platforms like GitHub and Jira are deeply embedded in daily workflows, powering everything from development to project management. But that same trust is now being weaponized. New reporting from Cyber Security News reveals how attackers are exploiting notification systems within these platforms to deliver malicious payloads. Instead of…
-
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/
-
Over 100 Chrome extensions in Web Store target users accounts and data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-100-chrome-extensions-in-web-store-target-users-accounts-and-data/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
4 questions to ask before outsourcing MDR
2. Can your team separate real threats from noise?: Alert fatigue is one of the biggest barriers to effective security. Tools generate volumes of signals, but not all alerts represent real risk. When everything looks critical, teams either burn out or miss the alerts that matter most.MDR helps by applying human expertise and threat intelligence…
-
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/
-
Malicious Chrome Extensions Campaign Exposes User Data
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-extensions-expose-user-data/
-
China-linked cloud credential heist runs on typos and SMTP
Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
Janela RAT Spreads via Fake MSI Installers, Malicious Extensions
Janela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers host MSI installation files disguised as legitimate software installers. Unsuspecting users in Chile, Colombia, and Mexico the campaign’s primary targets are lured into downloading these…
-
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.According to Socket, the extensions are…
-
OpenAI’s Mac apps need updates thanks to the Axios hack
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-axios-supply-chain-attack/
-
OpenAI’s Mac apps needs an update thanks to the Axios hack
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-axios-supply-chain-attack/
-
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-rotates-macos-certs-after-axios-attack-hit-code-signing-workflow/
-
Interactive Brokers Phishing Scam: Fake IRS W-8BEN Renewal Alert
The blog describes a phishing campaign identified by Cofense that impersonates Interactive Brokers using a fake IRS W-8BEN renewal email to trick users into clicking a malicious link. The email appears legitimate but uses a suspicious sender address and directs victims to a counterfeit login page designed to steal account credentials. First seen on securityboulevard.com…
-
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised.”Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI…
-
CPUID watering hole attack spreads STX RAT malware
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with the STX RAT, giving attackers remote access to their systems. The short attack…
-
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems,…
-
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) Hackers Are Attempting to Turn ComfyUI Servers Into a…
-
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00…
-
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations.It has…
-
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat…
-
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat…
-
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Indirect prompt injection lets attackers bypass LLM supervisor agents by hiding malicious instructions in profile fields and contextual data. Learn how this attack works and how to defend against it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/bypassing-llm-supervisor-agents-through-indirect-prompt-injection/
-
Third-Party Android Vulnerability Leaves Over 50M Users Exposed
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/
-
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…