Tag: malicious
-
Koske, a new AI-Generated Linux malware appears in the threat landscape
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…
-
New VoIP Botnet Targets Routers Using Default Passwords
Tags: attack, botnet, cyber, cybersecurity, exploit, intelligence, malicious, password, router, voipCybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. The discovery began when GreyNoise Intelligence engineers noticed an unusual cluster of malicious IP addresses originating from a sparsely populated region of New Mexico…
-
Hackers Inject Destructive Commands into Amazon’s AI Coding Agent
Tags: ai, attack, breach, computer, cyber, data-breach, hacker, infrastructure, intelligence, malicious, threat, tool, vulnerabilityA significant security breach has exposed critical vulnerabilities in Amazon’s artificial intelligence infrastructure, with hackers successfully injecting malicious computer-wiping commands into the tech giant’s popular AI coding assistant. The incident represents a concerning escalation in cyber threats targeting AI-powered development tools and highlights the growing sophistication of attacks against machine learning systems. Security Breach Details…
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Law Enforcement Cracks Down on XSS, but Will It Last?
The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/law-enforcement-cracks-down-xss
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
Coast Guard Issues Cybersecurity Rule for Maritime Transport Safety
The cybersecurity requirements follow an extended timeline over the next two years, and are meant to secure US shipping ports from disruption by malicious actors. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/marine-transportation-final-cyber-rule
-
Operation CargoTalon Targets Russian Aerospace Defense to Deploy EAGLET Implant
SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML…
-
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threatThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
-
Lumma Stealer Masquerades as Pirated Apps to Steal Logins and Data
Lumma Stealer, a notorious information-stealing malware-as-a-service (MaaS) platform, has swiftly reemerged after a coordinated global law enforcement operation in May 2025. The U.S. Department of Justice, alongside international partners, seized approximately 2,300 malicious domains integral to Lumma’s command-and-control (C&C) infrastructure, including administrative login panels. This disruption severed connections between infected endpoints and exfiltration servers, temporarily…
-
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.”As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers,” Matthew Suozzo, Google Open Source…
-
Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub…
-
France: New Data Breach Could Affect 340,000 Jobseekers
The French employment agency’s partner web portal has been accessed by a malicious actor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/france-data-breach-jobseekers/
-
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Tags: attack, authentication, credentials, detection, github, malicious, mfa, phishing, rce, remote-code-execution, supply-chain, updateAutomated GitHub alarms triggered a quick response: Detection was swift once the updates bypassed GitHub’s usual commit-based alerts and raised red flags in registry logs. The maintainer revoked the compromised token, deprecated the malicious releases, and collaborated with npm to remove them.Socket noted that the attack is a textbook example of “multi-stage supply chain compromise,”…
-
wolfSSL Security Update Addresses Apple Trust Store Bypass
wolfSSL has released version 5.8.2 to address several critical security vulnerabilities, with the most significant being a high-severity Apple trust store bypass flaw that could allow malicious actors to circumvent certificate verification processes on Apple platforms. Critical Apple Platform Vulnerability The most serious vulnerability, designated CVE-2025-7395, affects users of wolfSSL versions after 5.7.6 and before…
-
Malicious Implants Are Coming to AI Components, Applications
A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-implants-ai-components-applications
-
Beware of npm Phishing Emails Targeting Developer Credentials
An developer recently came across a highly advanced phishing email that spoofs the support@npmjs.org address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly typosquatted to mimic npmjs.com by swapping ‘m’ for ‘n’. This fake site hosted a complete clone or proxy…
-
AI-Powered Cloaking Tools Help Threat Actors Hide Malicious Domains from Security Scans
Threat actors are increasingly adopting AI-powered cloaking services to obfuscate phishing domains, counterfeit e-commerce sites, and malware distribution endpoints from automated security scanners. This technique, known as cloaking, involves dynamically serving innocuous >>white pages>black pages.
-
Snake Keylogger Uses Persistence via Scheduled Tasks to Steal Login Data Undetected
Researchers have uncovered a sophisticated phishing campaign zeroing in on Turkish enterprises, with a particular focus on the defense and aerospace industries. Threat actors are masquerading as Turkish Aerospace Industries (TUSAÅž), a key defense contractor, to disseminate malicious emails that mimic legitimate contractual documents. These emails carry a variant of the Snake Keylogger, an infamous…
-
Researchers Release PoC Exploit for High-Severity NVIDIA AI Toolkit Bug
Wiz Research has disclosed a severe vulnerability in the NVIDIA Container Toolkit (NCT), dubbed #NVIDIAScape and tracked as CVE-2025-23266 with a CVSS score of 9.0, enabling malicious containers to escape isolation and gain root access on host systems. This flaw, stemming from a misconfiguration in OCI hook handling, affects NCT versions up to 1.17.7 (in…
-
Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug
Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
-
PHP PDO Flaw Allows Attackers to Inject Malicious SQL Commands
A critical vulnerability in PHP’s widely-used PDO (PHP Data Objects) library has been discovered that enables attackers to inject malicious SQL commands even when developers implement prepared statements correctly. The security flaw, revealed through analysis of a DownUnderCTF capture-the-flag challenge, exploits weaknesses in PDO’s SQL parser and affects millions of web applications worldwide. Technical Overview…
-
Microsoft AppLocker Flaw Lets Malicious Apps Bypass Security Restrictions
Security researchers at Varonis Threat Labs have identified a subtle but significant vulnerability in Microsoft’s AppLocker security feature that could allow malicious applications to bypass established security restrictions. While not classified as a critical vulnerability, the discovery highlights important gaps in enterprise security configurations that organizations should address. AppLocker serves as Microsoft’s enterprise-grade application control…
-
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as CVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and system crashes when processing malicious archives. Technical Details of the Vulnerability Security researcher Jaroslav LobaÄevski…
-
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through…
-
Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader Still Swimming Under the […]…