Tag: malicious
-
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/
-
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers used a clever prompt injection technique known as >>CamoLeak.<< A security researcher publicly disclosed…
-
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers used a clever prompt injection technique known as >>CamoLeak.<< A security researcher publicly disclosed…
-
ChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line Jailbreak
A newly discovered jailbreak technique named >>sockpuppeting<< successfully forces 11 leading artificial intelligence models, including ChatGPT, Claude, and Gemini, to bypass their safety guardrails. By exploiting a standard application programming interface (API) feature with a single line of code, attackers can trick these models into generating malicious outputs without requiring complex mathematical optimisation. When a…
-
GlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX Extension
A newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace. GlassWorm is not new. Researchers have tracked the campaign since March 2025, when attackers hid malicious payloads inside npm packages using invisible Unicode characters. Since then, the operation has expanded across GitHub repositories, npm…
-
DesckVB RAT Uses Fileless .NET Loader to Evade Detection
DesckVB RAT is emerging as a highly active and stealthy malware threat in 2026, leveraging layered obfuscation and fileless execution techniques to bypass traditional security defenses. The attack chain begins with a malicious JavaScript file that hides its true intent through complex encoding and code replication. This script copies its own logic into PowerShell and…
-
Malicious password-protected files Blog – Menlo Security
Discover the rising threat of malicious password-protected files, evading defenses via encryption and alternative channels. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/malicious-password-protected-files-blog-menlo-security/
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
-
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
Tags: access, adobe, attack, ciso, control, data, email, exploit, hacker, incident response, malicious, malware, monitoring, resilience, risk, sans, software, technology, threat, tool, update, vulnerabilityA high risk exploit: Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, called the exploit “a very high risk.”So far it looks as though this particular malware just exfiltrates data, he said. But it implies there is an ability or capability to turn it into a vehicle for remote code execution.…
-
Malicious PDF reveals active Adobe Reader zero-day in the wild
Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver a sophisticated PDF exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious file and warned the community. On March 26,…
-
Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet
A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-adobe-acrobat-zero-day-pdf-exploit-months/
-
In-Memory Loader Drops ScreenConnect
IntroductionIn February 2026, Zscaler ThreatLabz discovered an attack chain where attackers used a fake Adobe Acrobat Reader download to lure victims into installing ConnectWise’s ScreenConnect. While ScreenConnect is a legitimate remote access tool, it can be leveraged for malicious purposes. In this blog post, ThreatLabz examines the various stages of this attack, from the download lure to the…
-
Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available. First seen on hackread.com Jump to article: hackread.com/adobe-reader-zero-day-exploit-data-malicious-pdfs/
-
Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available. First seen on hackread.com Jump to article: hackread.com/adobe-reader-zero-day-exploit-data-malicious-pdfs/
-
Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available. First seen on hackread.com Jump to article: hackread.com/adobe-reader-zero-day-exploit-data-malicious-pdfs/
-
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/
-
Months-old Adobe Reader zero-day uses PDFs to size up targets
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/monthsold_adobe_reader_zeroday_uses/
-
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot high-value crypto wallets from Mac users. The story starts with 0xFFF, a malware developer who abruptly quit a major Russian-speaking hacking forum in 2023 after claiming he was being investigated and accusing the forum of…
-
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
Security researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with a sophisticated credit card skimmer. To evade security scanners and steal shopper payment data seamlessly, attackers concealed the malicious payload inside an invisible SVG image element. Threat intelligence suggests the attackers likely breached the sites…
-
New ClickFix variant bypasses Apple safeguards with one”‘click script execution
Lightweight staging for Atomic Stealer: Once executed, the AppleScript resolves to an obfuscated shell command. That command decodes a hidden URL, retrieves a remote payload using ‘curl’, and executes it via ‘zsh’. From here, standard info-stealing takes over with a ‘Mach-O’ binary written to a temporary location, its attributes adjusted, permissions set, and execution triggered.This…
-
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025.The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second First seen on…
-
STX RAT Hides Remote Desktop, Steals Data to Dodge Detection
A stealthy new remote access trojan, dubbed STX RAT, that blends hidden remote desktop control with powerful infostealer capabilities while using advanced evasion and encryption techniques to stay under the radar of security tools. The operators rely on opportunistic initial access, including malicious VBScript and JScript chains that download a TAR archive containing the core payload and…
-
STX RAT Hides Remote Desktop, Steals Data to Dodge Detection
A stealthy new remote access trojan, dubbed STX RAT, that blends hidden remote desktop control with powerful infostealer capabilities while using advanced evasion and encryption techniques to stay under the radar of security tools. The operators rely on opportunistic initial access, including malicious VBScript and JScript chains that download a TAR archive containing the core payload and…
-
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
Microsoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain controllers and web servers. By leveraging the new Microsoft Security Exposure Management tool, the system now uses context-aware intelligence to easily distinguish normal administrative tasks from malicious activities on critical network infrastructure. As cyberattacks become…
-
AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog
Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, conference, control, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, framework, gartner, GDPR, governance, guide, infrastructure, injection, LLM, malicious, microsoft, monitoring, network, nvidia, office, regulation, risk, saas, software, threat, tool, training, vulnerabilityApr 08, 2026 – – Quick Facts: Enterprise AI Security Most enterprises are running AI at scale before their security teams have visibility into it. Shadow AI (unsanctioned AI tools spreading department by department) is now the most common entry point for data leakage. Agentic AI introduces a new category of risk: autonomous systems that…
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-thwarts-dns-hijacking-network/
-
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.”The threat actor’s packages were designed to impersonate legitimate developer tooling […], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated First seen on thehackernews.com Jump to…