Tag: malicious
-
Fortinet Firewalls Hit With Malicious Configuration Changes
Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/fortinet-firewalls-malicious-configuration-changes
-
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and…
-
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual…
-
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for…
-
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
-
JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure
JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about JA3’s relevance fueled by frozen public databases and inconsistent threat intelligence updates the indicator remains a powerful asset for SOC and threat hunting teams.…
-
Node.js binary-parser Library Flaw Enables Malicious Code Injection
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process…
-
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that they…
-
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover
Tags: access, authentication, cisa, cve, cvss, cyber, data-breach, exploit, firewall, flaw, fortinet, Internet, malicious, threat, vulnerabilityThreat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited…
-
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users
A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
-
ClearFake malware Exploits Proxy Execution to Run Malicious PowerShell Commands via Trusted Windows Feature
Tags: cyber, detection, endpoint, exploit, injection, malicious, malware, powershell, vulnerability, windowsA sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The operation, which has compromised hundreds of websites since August 2025, now leverages a command injection vulnerability in a trusted Windows script to silently execute malicious PowerShell code, while hosting its…
-
NDSS 2025 Dissecting Payload-Based Transaction Phishing On Ethereum
Authors, Creators & Presenters: Zhuo Chen (Zhejiang University), Yufeng Hu (Zhejiang University), Bowen He (Zhejiang University), Dong Luo (Zhejiang University), Lei Wu (Zhejiang University), Yajin Zhou (Zhejiang University) PAPER Dissecting Payload-Based Transaction Phishing On Ethereum In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new…
-
CI/CD Under Attack: What the AWS CodeBuild “CodeBreach” Flaw Reveals About Modern Supply Chain Risk
A recent disclosure revealed a critical flaw in AWS CodeBuild that could allow attackers to abuse CI/CD pipelines and inject malicious code into trusted software builds by exploiting weaknesses in webhook validation, according to WebProNews. Rather than targeting production systems directly, the issue exposed how attackers can compromise software supply chains by manipulating trusted automation.…
-
Magecart Hack Injects JavaScript to Steal Online Payment Data
A new Magecart-style campaign is actively targeting e-commerce websites by injecting malicious JavaScript that intercepts and exfiltrates payment card data during checkout. The malicious script was hosted at cc-analytics[.]com/app.js and discovered on compromised e-commerce sites through script injection. The code employs heavy obfuscation using hex encoding and base conversion functions to evade detection. Security researchers…
-
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems
The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in the Contagious Interview campaign represents a sophisticated shift toward weaponizing legitimate developer tools. The infection chain begins when victims clone and open malicious Git repositories hosted on GitHub or GitLab, typically…
-
Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs
mcp-server-git versions prior to 2025-12.18.The three vulnerabilities are·CVE-2025-68143, an unrestricted git_init.·CVE-2025-68145, a path validation bypass.·CVE-2025-68144, an argument injection in git_diff.Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to…
-
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.”This activity involved…
-
Gemini AI assistant tricked into leaking Google Calendar data
Using only natural language instructions, researchers were able to bypass Google Gemini’s defenses against malicious prompt injection and create misleading events to leak private Calendar data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gemini-ai-assistant-tricked-into-leaking-google-calendar-data/
-
New Windows Flaw Lets Attackers Bypass Mark of the Web
Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files. The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-flaw-bypass-mark-of-the-web/
-
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions.”These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant…
-
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Tags: access, cybersecurity, exploit, hacker, linkedin, malicious, malware, open-source, phishing, ratCybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT).The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with First…
-
When Language Becomes the Attack Surface: Inside the Google Gemini Calendar Exploit
Tags: ai, attack, cybersecurity, data-breach, exploit, flaw, google, LLM, malicious, software, vulnerabilitySecurity teams have spent decades hardening software against malicious input, yet a recent vulnerability involving Google Gemini demonstrates how those assumptions begin to fracture when language itself becomes executable. The issue, disclosed by cybersecurity researchers at Miggo Security, exposed a subtle but powerful flaw in how natural language interfaces like AI LLMs interact with privileged…
-
CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension
Payload delivery: When the user executes the supplied commands, a multistage infection process begins that ultimately deploys a previously undocumented Python-based remote access trojan, which the researchers dubbed ModelRAT. The malware establishes persistence and enables remote control of the infected system.Huntress’ telemetry suggested differing behavior based on the environment. Systems joined to a domain were…
-
Google Gemini flaw exposes new AI prompt injection risks for enterprises
Real enterprise exposure: Analysts point out that the risk is significant in enterprise environments as organizations rapidly deploy AI copilots connected to sensitive systems.”As internal copilots ingest data from emails, calendars, documents, and collaboration tools, a single compromised account or phishing email can quietly embed malicious instructions,” said Chandrasekhar Bilugu, CTO of SureShield. “When employees…
-
Predator bots are exploiting APIs at scale. Here’s how defenders must respond.
The rise of malicious bots is changing how the internet operates, underscoring the need for stronger safeguards that keep humans firmly in control. Bots now account for more than half of global web traffic, and a new class of “predator bots” has emerged, unleashing self-learning programs that adapt in real time, mimic human behavior, and…
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered attack infrastructure designed to steal browser credentials and establish persistent backdoor access on Windows systems.…