Tag: malicious
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…
-
Koske Marks a Significant Step in AI-Created Malware: Aqua Security
Aqua Security detected “Koske,” a cryptomining malware that brings malicious code closer to being as good or better than malware created by humans and includes indicators that it was developed with the use of a large language model. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/koske-marks-a-significant-step-in-ai-created-malware-aqua-security/
-
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes, enabling persistence and seamless integration into compromised environments. DLL sideloading tricks trusted applications into loading…
-
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer.The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The First seen on…
-
Threat Actors Impersonate Microsoft OAuth Apps to Steal Login Credentials
Tags: adobe, authentication, credentials, cyber, login, malicious, microsoft, phishing, theft, threatThreat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since early 2025, identifying over 50 impersonated applications, including those mimicking RingCentral, SharePoint, Adobe, and DocuSign. These malicious OAuth apps serve as initial lures,…
-
APT36 Hackers Target Indian Railways, Oil, and Government Systems Using Malicious PDF Files
Tags: cyber, government, group, hacker, india, infection, infrastructure, malicious, military, threatThe Pakistan-linked threat group APT36, also known as Transparent Tribe, has broadened its cyber operations beyond traditional military targets to encompass Indian railways, oil and gas infrastructure, and the Ministry of External Affairs. Security researchers have uncovered two sophisticated desktop-based infection chains leveraging .desktop files disguised as PDF documents, which execute malicious scripts to deploy…
-
Threat Actors Exploit Proofpoint and Intermedia Link Wrapping to Conceal Phishing Payloads
Cybercriminals are increasingly exploiting link wrapping features from vendors like Proofpoint and Intermedia to mask malicious payloads, leveraging the inherent trust users place in these security tools. Link wrapping, intended as a protective measure, reroutes URLs through vendor scanning services such as Proofpoint’s urldefense.proofpoint.com or Intermedia’s url.emailprotection.link to inspect and block threats at click time.…
-
WordPress AI Engine Plugin Bug Allows Remote Code Execution Update Now
A security flaw affecting over 100,000 WordPress websites has been discovered in the AI Engine plugin, specifically impacting versions 2.9.3 and 2.9.4. The vulnerability, classified as an arbitrary file upload vulnerability, allows authenticated users, starting from subscriber-level access, to upload malicious files and potentially gain remote code execution (RCE) privileges on the server. This type…
-
Summer: Why cybersecurity must be strengthened as vacations abound
Tags: access, ai, attack, authentication, automation, awareness, backup, control, corporate, credentials, cybersecurity, data, detection, email, encryption, exploit, infrastructure, malicious, mfa, monitoring, network, office, password, resilience, risk, theft, threat, tool, training, update, usa, vpn, wifiGuillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies. WatchGuard Technologies.Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often…
-
How bright are AI agents? Not very, recent reports suggest
CSOs should ‘skip the fluff’: Meghu’s advice to CSOs: Stop reading the marketing and betting too much of your business on AI/LLM technology as it exists today. Start small and always have a human operator to guide it.”If you skip the fluff and get to the practical application, we have a new technology that could…
-
Attackers wrap phishing links through URL scanning services to bypass detection
urldefense.proofpoint.com and url.emailprotection.link (Intermedia).”Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment of click,” Cloudflare researchers wrote in their report on the attacks. “While this is effective against known threats, attacks can still succeed…
-
Microsoft catches Russian hackers targeting foreign embassies
End goal is the installation of a malicious TLS root certificate for use in intel gathering. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/07/microsoft-catches-russian-hackers-targeting-foreign-embassies/
-
Threat Actors Use Malicious RMM Tools for Stealthy Initial Access to Organizations
A small increase in targeted cyberattacks that make use of Remote Monitoring and Management (RMM) capabilities that are embedded in PDF documents has been seen by WithSecure. These campaigns primarily focus on organizations in France and Luxembourg, employing socially engineered emails to deliver innocuous PDFs containing hyperlinks to legitimate RMM installers. This method effectively circumvents…
-
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses.”Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment…
-
Spikes in malicious activity precede new security flaws in 80% of cases
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts targeting edge networking devices are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spikes-in-malicious-activity-precede-new-cves-in-80-percent-of-cases/
-
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies
Exploits multiply as defenders play catch-up: Vulnerability disclosure rose by 246%, and publicly available exploits increased by 179%, with over 20000 vulnerabilities disclosed in the first half of 202535% of which already have exploit code.A backlog of 42000 vulnerabilities awaiting NVD analysis and delays in CVE enrichment leave organizations blind to many critical flaws, the…
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
What Amazon Q prompt injection reveals about AI security
Experts say a malicious prompt injection in the Amazon Q extension for VS Code doesn’t represent a fundamentally new threat, but reflects how AI amplifies security risks. First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366628167/What-Amazon-Q-prompt-injection-reveals-about-AI-security
-
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets.The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct First…
-
Hackers Deploy Cobalt Strike Beacon Using GitHub and Social Media
A sophisticated cyberattack campaign disrupted the Russian IT industry and entities in several other countries, leveraging advanced evasion techniques to deploy the notorious Cobalt Strike Beacon. Attackers ingeniously concealed payload information within user profiles on platforms like GitHub, Microsoft Learn Challenge, Quora, and Russian social networks, blending malicious data into legitimate user-generated content to bypass…
-
LLM Honeypots Can Deceive Threat Actors into Exposing Binaries and Known Exploits
Large language model (LLM)-powered honeypots are becoming increasingly complex instruments for luring and examining threat actors in the rapidly changing field of cybersecurity. A recent deployment using Beelzebub, a low-code honeypot framework, demonstrated how such systems can simulate vulnerable SSH services to capture malicious activities in real-time. By configuring a single YAML file, defenders can…
-
ChatGPT, GenAI Tools Open to ‘Man in the Prompt’ Browser Attack
A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-use-browser-extensions-inject-ai-prompts
-
Emerging Agentic AI Security Vulnerabilities Expose Enterprise Systems to Widespread Identity-based Attacks
Security researchers have identified several critical ways attackers can exploit agentic AI systems to expose sensitive data and conduct malicious activity First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-agentic-ai-security-vulnerabilities-expose-enterprise-systems-to-widespread-identity-based-attacks/