Tag: malicious
-
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
Chained with a legacy flaw for RCE : Oligo demonstrated that the attack vector combines two independent flaws. Attackers could chain the legacy “0.0.0.0-day” browser flaw, which lets web pages send requests to 0.0.0.0 address that browsers treat like localhost, to a CSRF-style attack leveraging the Inspector proxy’s vulnerable “/sse” endpoint that accepts commands via query…
-
Hackers Target Linux SSH Servers to Deploy TinyProxy and Sing-Box Proxy Tools
Tags: credentials, cyber, exploit, hacker, intelligence, linux, malicious, monitoring, strategy, tool, vulnerabilityHackers are exploiting poorly managed Linux servers, particularly those with weak SSH credentials, to install proxy tools such as TinyProxy and Sing-box. The AhnLab Security Intelligence Center (ASEC) has been closely monitoring these intrusions through honeypots mimicking vulnerable SSH services. Their findings reveal a sophisticated strategy where attackers repurpose legitimate tools for malicious intent, transforming…
-
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
Tags: control, country, cybercrime, group, international, malicious, office, ransomware, russia, service, threatThe U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of…
-
Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely
A newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector that could allow hackers to execute arbitrary code on developers’ machines”, simply by luring them to a malicious website. CVE-2025-49596: A Critical Threat Tracked as CVE-2025-49596 and carrying a CVSS…
-
‘Skynet’ Tries to Outwit AI Malware Analysis
This Is Not the Malicious Code You’re Looking For, Malware Tells AI. If you can’t outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis. First seen on govinfosecurity.com Jump to…
-
We’ve All Been Wrong: Phishing Training Doesn’t Work
Teaching employees to detect malicious emails isn’t really having an impact. What other options do organizations have? First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/phishing-training-doesnt-work
-
New FileFix attack runs JScript while bypassing Windows MoTW alerts
A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-filefix-attack-runs-jscript-while-bypassing-windows-motw-alerts/
-
Kimusky Hackers Employ ClickFix Technique to Run Malicious Scripts on Victim Devices
The North Korean state-sponsored hacker collective Kimsuky has been found to use a dishonest technique called >>ClickFix
-
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines.”We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality First…
-
LLMs are guessing login URLs, and it’s a cybersecurity time bomb
Tags: ai, api, blockchain, cybersecurity, data, github, LLM, login, malicious, monitoring, office, risk, supply-chain, trainingGithub poisoning for AI training: Not all hallucinated URLs were unintentional. In an unrelated research, Netcraft found evidence of attackers deliberately poisoning AI systems by seeding GitHub with malicious code repositories.”Multiple fake GitHub accounts shared a project called Moonshot-Volume-Bot, seeded across accounts with rich bios, profile images, social media accounts and credible coding activity,” researchers…
-
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan
A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
-
Threat Actors Exploit Facebook Ads to Distribute Malware and Steal Wallet Passwords
The Pi Network community eagerly celebrated Pi2Day, an event traditionally associated with platform updates, feature launches, and significant milestones. However, this year’s festivities have been overshadowed by a sinister wave of cyberattacks. Cybercriminals have capitalized on the event’s hype, launching a malicious ad campaign on Facebook to target unsuspecting users with phishing scams and malware…
-
AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers
Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-seo-poisoning-attack-info-crypto-stealers
-
Patch now: Citrix Bleed 2 vulnerability actively exploited in the wild
Indications of real-world exploitation: ReliaQuest researchers said that, in multiple incidents, attackers were seen hijacking active Citrix web sessions and bypassing multi-factor authentication (MFA) without requiring user credentials. The research also highlighted “session reuse across multiple IPs, including combinations of expected and suspicious IPs.”In compromised environments, attackers proceeded with post-authentication reconnaissance, issuing lightweight directory access…
-
Glasgow City Warns of Parking Fine Scam Amid Ongoing Cybersecurity Incident
Glasgow City Council has issued an urgent alert to drivers across the region following a surge in scam text messages targeting unsuspecting motorists with fraudulent demands for parking fine payments. The authority has confirmed that these deceptive communications, often embedded with malicious links, are part of a sophisticated phishing campaign designed to steal personal and…
-
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the…
-
RIFT: New open-source tool from Microsoft helps analyze Rust malware
Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/30/rift-open-source-microsoft-tool-analyze-rust-malware/
-
Threat Actors Impersonate WPS Office and DeepSeek to Spread Sainbox RAT
A malicious campaign has emerged, targeting Chinese-speaking users through fake installers of popular software such as WPS Office, Sogou, and DeepSeek. This operation, attributed with medium confidence to the China-based adversary group Silver Fox, leverages phishing websites that mimic legitimate software portals to distribute malware payloads, primarily in the form of MSI files. Sophisticated Phishing…
-
FedRAMP Pen Test Scope vs. Rules of Engagement Explained
FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over what penetration testing is, what……
-
Threat Actors Exploit Windows and Linux Server Vulnerabilities to Deploy Web Shells
Threat actors have been observed exploiting file upload vulnerabilities to deploy web shells and advanced malware on both Windows and Linux systems. The campaign, which showcases a blend of publicly available tools and custom malicious payloads, indicates a highly coordinated effort to compromise organizational networks through initial access, persistence, and lateral movement. Sophisticated Attack Campaign…
-
Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos
Cybercriminals use malicious AI models to write malware and phishing scams Cisco Talos warns of rising threats from uncensored and custom AI tools. First seen on hackread.com Jump to article: hackread.com/malicious-ai-models-wave-of-cybercrime-cisco-talos/
-
Weaponized DeepSeek Installers Deploy Sainbox RAT and Hidden Rootkit
Netskope Threat Labs has uncovered a malicious campaign exploiting fake software installers, including those mimicking popular tools like DeepSeek, Sogou, and WPS Office, to deliver dangerous malware payloads such as the Sainbox RAT (a variant of Gh0stRAT) and the Hidden rootkit. This operation, primarily targeting Chinese-speaking users through phishing websites and counterfeit MSI installers, showcases…
-
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.”Recent campaigns in June 2025 demonstrate GIFTEDCROOK’s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and First…
-
Some Brother printers have a remote code execution vulnerability, and they can’t fix it
The centerpiece of Rapid7’s disclosure is CVE-2024-51978, a vulnerability rated critical (CVSS 9.8 out of 10) that enables attackers to derive the default administrator password from the device’s serial number.While another of the discovered flaws, a medium severity information disclosure vulnerability (CVE-2024-51977), potentially allows an attacker to leak the prerequisite unique serial number via the…
-
The Age of Integrity
We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring…
-
Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS
A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes. This vulnerability affects MongoDB Server versions…
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…