Tag: malicious
-
Cybercriminals are getting personal, and it’s working
Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/07/email-attacks-q2-2025/
-
Researchers uncover RCE attack chains in popular enterprise credential vaults
Tags: access, api, attack, authentication, cloud, credentials, cve, encryption, exploit, flaw, identity, infrastructure, login, malicious, mfa, open-source, password, ransomware, rce, remote-code-execution, risk, service, software, vulnerabilityFrom identity forgery to full RCE: An AWS instance identity typically corresponds to a hostname. But the researchers explored how this could be abused within Conjur’s resource model, which uses three parameters: Account (Conjur account name), Kind (resource type, host, user, variable, policy, etc.), and Identifier (unique resource name). These parameters are also used in…
-
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
Project Ire promises to use LLMs to detect whether code is malicious or benign First seen on theregister.com Jump to article: www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
-
VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
New research reveals that a malicious traffic distribution system (TDS) is run not by hackers in hoodies, but by a series of corporations operating in the commercial digital advertising industry. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/vextrio-cybercrime-outfit-legit-ad-tech
-
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in…
-
Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets
SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code deployed on platforms like the Remix Solidity Compiler, targeting Ethereum-based ecosystems. The campaigns, active since early 2024, employ…
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data
Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously reported in February and June 2024. This latest iteration involves twelve malicious NPM packages, including cloud-binary, json-cookie-csv, cloudmedia, and nodemailer-enhancer, which were flagged by automated monitoring systems and subsequently removed from the NPM registry. The…
-
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
Tags: ai, cyber, data, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat, vulnerabilityFortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply chain ecosystems. As development workflows increasingly depend on third-party packages, adversaries are capitalizing on vulnerabilities in platforms like NPM and PyPI to inject malicious code, facilitate data exfiltration, and inflict broader damage. Leveraging proprietary AI-driven…
-
How Can Dynamic Application Security Testing (DAST) Help Your Organization?
Dynamic Application Security Testing (DAST) is a black-box security testing method that analyzes running applications for vulnerabilities by emulating real-world attacks against their exposed interfaces. Instead of analyzing source code, DAST using manual and automated tools interact with a live deployment of the application (web app, APIs, mobile backend, etc.) and inject malicious payloads to……
-
New Android Malware Poses as SBI Card and Axis Bank Apps to Steal Financial Data
McAfee’s Mobile Research Team has identified a sophisticated Android malware campaign primarily aimed at Hindi-speaking users in India, masquerading as legitimate financial applications from institutions like SBI Card, Axis Bank, and IndusInd Bank. This operation distributes malicious APKs through dynamically created phishing websites that mimic official banking portals, leveraging real assets such as images and…
-
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Cybersecurity researchers have lifted the veil on a widespread malicious campaign that’s targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps.”Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users,” CTM360 said. “The core tactic involves a…
-
LegalPwn Attack Tricks AI Tools Like ChatGPT and Gemini into Running Malicious Code
Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular language models into executing dangerous code. Cybersecurity firm Pangea has unveiled a sophisticated attack method called >>LegalPwn
-
Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with additional promotion occurring in clandestine online communities such as Hackforums. The malware, alternatively branded as Cyber Botnet &…
-
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy the REMCOS backdoor, a potent remote access trojan capable of full system compromise. This fingerprint…
-
CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-spots-malicious-clicktok-campaign-targeting-tiktok-shop-users/
-
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer.The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint First…
-
LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code
A new security flaw, LegalPwn, exploits a weakness in generative AI tools like GitHub Copilot and ChatGPT, where malicious code is disguised as legal disclaimers. Learn why human oversight is now more critical than ever for AI security. First seen on hackread.com Jump to article: hackread.com/legalpwn-attack-genai-tools-misclassify-malware-safe-code/
-
Hackers Leverage AI to Craft Malicious NPM Package That Drains Crypto Wallets
Security researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer. This package, posing as a benign >>NPM Registry Cache Manager>Kodane,
-
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections
Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
-
Interlock Ransomware Uses ClickFix Exploit to Execute Malicious Commands on Windows
The Interlock ransomware group was connected to several sophisticated cyber incidents that targeted firms in North America and Europe, according to a recent report published in July 2025 by eSentire’s Threat Response Unit (TRU). The group, active since September 2024, employs a multi-stage attack chain that begins with the exploitation of compromised websites, such as…
-
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/attackers-exploit-link-wrapping-services-to-steal-microsoft-365-logins/
-
Security Affairs newsletter Round 535 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors…
-
New Linux backdoor Plague bypasses auth via malicious PAM module
A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…
-
New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor
Security firm Point Wild has exposed a new malware campaign using malicious LNK files to install the REMCOS backdoor. This report details how attackers disguise files to gain full system control. First seen on hackread.com Jump to article: hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/
-
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theftCybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
-
New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access
Security researchers have discovered a sophisticated Linux backdoor dubbed >>Plague
-
Malicious AI-generated npm package hits Solana users
AI-generated npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025. AI-generated npm package @kodane/patch-manager was flagged for hiding malicious software to drain Solana wallets. The package was uploaded on July 28, 2025, and it was downloaded more than 1,500 times before takedown. >>The package @kodane/patch-manager, is a sophisticated cryptocurrency wallet…