Tag: malicious
-
Rubio Impersonation Incident is Latest High-Profile Deepfake Scam
The State Department sent an alert to embassies and consulates warning of AI-generated impersonations of high-ranking federal officials after someone posing at Secretary of State Marco Rubio tried to contact foreign ministers and U.S. Congress members. It’s the latest incident in what the FBI calls an “ongoing malicious campaign.” First seen on securityboulevard.com Jump to…
-
Crypto Roundup: Malicious Firefox Extensions
Also: Winkle Abduction Sentencing and Crypto Theft Rising. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee. First seen on govinfosecurity.com…
-
Weaponized AI Extension Used by Hackers to Swipe $500,000 in Crypto
Tags: ai, attack, blockchain, crypto, cyber, cyberattack, cybersecurity, hacker, malicious, open-source, russia, toolA Russian blockchain engineer lost over $500,000 in cryptocurrency holdings in June 2025 after being the victim of a carefully planned cyberattack, serving as a terrifying reminder of the perils that might exist in open-source ecosystems. The attack, investigated by cybersecurity experts, revealed the use of a malicious extension disguised as a legitimate tool for…
-
Hackers Exploit GitHub to Distribute Malware Disguised as VPN Software
CYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware masquerading as genuine software. Masquerading as “Free VPN for PC” and “Minecraft Skin Changer,” these malicious payloads are designed to trick users into downloading a dangerous malware dropper named Launch.exe. Hosted on the GitHub repository github[.]com/SAMAIOEC,…
-
AirMDR Tackles Security Burdens for SMBs With AI
This security startup provides managed detection and response services for small-to-midsized businesses to detect and address modern threats such as ransomware, phishing attacks, and malicious insiders. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/airmdr-tackles-smb-security-burdens-with-ai
-
Rhadamanthys Infostealer Uses ClickFix Technique to Steal Login Credentials
The Rhadamanthys Stealer, a highly modular information-stealing virus that was first discovered in 2022, has made a comeback with a clever and dishonest delivery method called ClickFix Captcha. This is a terrifying development for cybersecurity experts. This technique disguises malicious payloads behind seemingly legitimate CAPTCHA interfaces, tricking users into executing sophisticated malware. Leverages CAPTCHA Disguise…
-
GitLab Vulnerabilities Allow Execution of Malicious Actions via Content Injection
GitLab has released critical security patches addressing four vulnerabilities, including a high-severity cross-site scripting flaw that could enable attackers to execute malicious actions on behalf of users through content injection. The company has issued patch releases 18.1.2, 18.0.4, and 17.11.6 for both Community Edition (CE) and Enterprise Edition (EE), urging immediate upgrades for all self-managed…
-
MCP is fueling agentic AI, and introducing new security risks
Tags: access, ai, api, attack, authentication, best-practice, ceo, cloud, corporate, cybersecurity, gartner, injection, LLM, malicious, monitoring, network, office, open-source, penetration-testing, RedTeam, risk, service, supply-chain, technology, threat, tool, vulnerabilityMitigating MCP server risks: When it comes to using MCP servers there’s a big difference between developers using it for personal productivity and enterprises putting them into production use cases.Derek Ashmore, application transformation principal at Asperitas Consulting, suggests that corporate customers don’t rush on MCP adoption until the technology is safer and more of the…
-
Open source has a malware problem, and it’s getting worse
Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/10/open-source-malware-trends-2025/
-
Serious Flaws Patched in Model Context Protocol Tools
Always Secure MCP Servers Connecting LLMs to External Systems, Experts Warn. Warning: Popular technology designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use. Researchers discovered two separate vulnerabilities tied to tools in the ecosystem around model context protocol, or MCP. First…
-
TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions
A new Android vulnerability called TapTrap that allows malicious apps to bypass the operating system’s permission system without requiring any special permissions themselves. The attack exploits activity transition animations”, a core feature of Android’s user interface”, to trick users into unknowingly granting sensitive permissions or performing destructive actions. Unlike traditional tapjacking attacks that rely on…
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure
A sophisticated threat network called >>Triad Nexus,
-
Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
Tags: cve, cyber, flaw, malicious, microsoft, network, remote-code-execution, update, vulnerability, windowsMicrosoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction. The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks. Critical Security Vulnerability Details TheSPNEGO Extended…
-
XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment
A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology,…
-
Malicious Open Source Packages Spike 188% YoY
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-open-source-packages-spike
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique
The Cybereason Global Security Operations Center (GSOC) has uncovered a sophisticated campaign by threat actors who are exploiting compromised WordPress websites to distribute malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). This campaign, detailed in a recent report, employs phishing emails, PDF attachments, and even gaming websites to lure unsuspecting users into…
-
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware.The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the…
-
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace.The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their…
-
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times.The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025.First released by 7finney in 2022, Ethcode…
-
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/
-
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
-
Malicious Open Source Packages Surge 188% Annually
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-open-source-surge-188/
-
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia.The activity, per cybersecurity vendor Kaspersky, has been active since July 2024.”The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The main goal…
-
End of life for Microsoft Office puts malicious macros in the security spotlight
Attack Surface Reduction rules to abide by: Implementing Attack Surface Reduction rules can greatly limit the scope and impact of most malicious macros.If you’ve completely disabled macros in your organization, then ASR rules are not needed. But if you still rely on macros, the following rules are worth setting:Block all Office applications from creating child…
-
Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files
A recent security analysis has uncoveredcritical vulnerabilitiesin the infotainment systems of KIA vehicles, raising alarm across the automotive cybersecurity community. These flaws allow attackers to inject and execute malicious code through specially crafted PNG image files, potentially compromising vehicle safety and user privacy. Security researchers, during an in-depth examination of KIA’s head unit and its…
-
Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files
A recent security analysis has uncoveredcritical vulnerabilitiesin the infotainment systems of KIA vehicles, raising alarm across the automotive cybersecurity community. These flaws allow attackers to inject and execute malicious code through specially crafted PNG image files, potentially compromising vehicle safety and user privacy. Security researchers, during an in-depth examination of KIA’s head unit and its…