Tag: malicious
-
Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files
A recent security analysis has uncoveredcritical vulnerabilitiesin the infotainment systems of KIA vehicles, raising alarm across the automotive cybersecurity community. These flaws allow attackers to inject and execute malicious code through specially crafted PNG image files, potentially compromising vehicle safety and user privacy. Security researchers, during an in-depth examination of KIA’s head unit and its…
-
TAG-140 Targets Indian Government Via ‘ClickFix-Style’ Lure
The threat actors trick victims into opening a malicious script, leading to the execution of the BroaderAspect .NET loader. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tag-140-indian-government-clickfix-lure
-
DPRK macOS ‘NimDoor’ Malware Targets Web3, Crypto Platforms
Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-macos-nimdoor-malware-web3-crypto-platforms
-
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader).The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick software professionals First seen on thehackernews.com Jump…
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt
The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
-
Eight Malicious Firefox Extensions Expose Users to Credential Theft and Surveillance
The Socket Threat Research Team recently discovered a troubling network of malicious Firefox browser extensions that pose serious threats to user security and privacy. Initially focusing on a single extension, >>Shell Shockers,>mre1903.
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
New Phishing Attack Impersonates DWP to Steal Credit Card Information from Users
A sophisticated phishing campaign targeting UK residents has been active since late May 2025, with a significant surge in activity during the second half of June. This malicious operation impersonates the Department for Work and Pensions (DWP), a key UK government body responsible for welfare and pension services, by sending fraudulent SMS messages to unsuspecting…
-
XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses
The XWorm Remote Access Trojan (RAT), a longstanding favorite among cybercriminals, has recently showcased a significant evolution in its attack methodology, employing an array of sophisticated stagers and loaders to evade detection and infiltrate systems. Known for its comprehensive malicious capabilities including keylogging, remote desktop access, data exfiltration, and command execution XWorm has become a…
-
Hundreds of Malicious Domains Registered Ahead of Prime Day
Tags: maliciousCheck Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hundreds-malicious-domains/
-
Verified, but vulnerable: Malicious extensions exploit IDE trust badges
Sideloaded extensions are particularly vulnerable: After confirming the behavior on VSCode, OX extended their investigation to other platforms, including Visual Studio, IntelliJ IDEA, and Cursor.The researchers said that despite the differences in file structures and verification mechanisms across platforms, they were able to identify the requests used for verification and locate the relevant values within…
-
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessly with legitimate site components, making detection extremely challenging for administrators. One particularly insidious tactic involves naming the malicious plugin after…
-
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed to simplify software deployment on Windows, Inno Setup has become a favored tool among threat actors due to its trusted appearance and powerful Pascal scripting capabilities. This sophisticated abuse allows…
-
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users
HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure…
-
IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ide-extensions-risks-software-supply-chain
-
Browser Extensions Pose Heightened, but Manageable, Security Risks
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/browser-extensions-heightened-manageable-security-risks
-
You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code
Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/you-cant-trust-ai-chatbots-not-to-serve-you-phishing-pages-malicious-downloads-or-bad-code/
-
Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks
A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM). First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/analysis-surfaces-increased-usage-of-llms-to-craft-bec-attacks/
-
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.”These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox First seen on thehackernews.com…
-
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.The campaign, detected at the beginning of First seen…
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are ‘frequent attack vectors for malicious cyber actors’ First seen on theregister.com Jump to article: www.theregister.com/2025/07/02/cisa_telemessage_patch/
-
Sixfold surge of ClickFix attacks threatens corporate defenses
Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to…
-
U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting
U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services. A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content…
-
Cybercriminals Use Malicious PDFs to Impersonate Microsoft, DocuSign, and Dropbox in Targeted Phishing Attacks
Cisco’s Talos security team has uncovered a surge in sophisticated phishing campaigns leveraging malicious PDF payloads to impersonate trusted brands like Microsoft, DocuSign, and Dropbox. According to a recent update to Cisco’s brand impersonation detection engine, these attacks have expanded in scope, targeting a broader array of well-known organizations with deceptive emails designed to exploit…
-
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
Chained with a legacy flaw for RCE : Oligo demonstrated that the attack vector combines two independent flaws. Attackers could chain the legacy “0.0.0.0-day” browser flaw, which lets web pages send requests to 0.0.0.0 address that browsers treat like localhost, to a CSRF-style attack leveraging the Inspector proxy’s vulnerable “/sse” endpoint that accepts commands via query…
-
Hackers Target Linux SSH Servers to Deploy TinyProxy and Sing-Box Proxy Tools
Tags: credentials, cyber, exploit, hacker, intelligence, linux, malicious, monitoring, strategy, tool, vulnerabilityHackers are exploiting poorly managed Linux servers, particularly those with weak SSH credentials, to install proxy tools such as TinyProxy and Sing-box. The AhnLab Security Intelligence Center (ASEC) has been closely monitoring these intrusions through honeypots mimicking vulnerable SSH services. Their findings reveal a sophisticated strategy where attackers repurpose legitimate tools for malicious intent, transforming…