Tag: malicious
-
Over 2,000 Devices Compromised by Weaponized Social Security Statement Phishing Attacks
CyberArmor analysts have uncovered a meticulously crafted phishing campaign that has already compromised over 2,000 devices by exploiting the trusted theme of Social Security Administration (SSA) statements. Cybercriminals behind this operation deployed a highly convincing email lure masquerading as an official SSA communication, deceiving users into downloading malicious software. The campaign’s technical sophistication, coupled with…
-
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials.Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page -Those that save collected data to…
-
NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH SSH Protocols
The National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious software demonstrates a high level of sophistication by leveraging DNS-over-HTTPS (DoH) for command and control (C2)…
-
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence platform, showcases a dynamic and evolving framework with over 20 distinct samples. Sophisticated Malware Framework The…
-
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
Tags: cve, cvss, cyber, exploit, flaw, malicious, remote-code-execution, risk, vulnerability, windowsA newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this flaw allows attackers to execute arbitrary code simply by convincing a victim to open a…
-
Google Integrates GenAI to Counter Indirect Prompt Injection Attack Vectors
Google has revealed a thorough protection technique aimed at indirect prompt injection attacks, a subtle but powerful threat, marking a major advancement in cybersecurity in the age of generative AI. Unlike direct prompt injections, where malicious commands are overtly inserted into AI prompts, indirect injections embed harmful instructions within external data sources such as emails,…
-
UAC-0001 Hackers Target ICS Devices Running Windows-Based Server Systems
The national team for responding to cyber incidents, CERT-UA, has exposed a sophisticated cyberattack targeting the information and communication system (ICS) of a central executive body in March-April 2024. During the implementation of response measures, a technical device running a Windows operating system, functioning as a server, was found to be compromised with two malicious…
-
APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign
APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files…
-
Shadow Vector Malware Uses SVG Images to Deliver AsyncRAT and RemcosRAT Payloads
Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called >>Shadow Vector
-
News brief: LOTL attacks, spoofed sites, malicious repositories
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366626071/News-brief-LOTL-attacks-spoofed-sites-malicious-repositories
-
DDoS Attack on Financial Sector Triggers Multi-Day Service Outages
In an analysis by FS-ISAC and Akamai, the financial services sector has emerged as the primary target of Distributed Denial of Service (DDoS) attacks, with a dramatic surge in both the frequency and volume of malicious traffic. These attacks, designed to overwhelm systems and disrupt operations, have evolved into highly sophisticated campaigns that exploit complex…
-
North Korean Hackers Weaponize GitHub Infrastructure to Distribute Malware
Tags: attack, cyber, cybersecurity, github, group, hacker, infrastructure, malicious, malware, north-korea, powershell, threatCybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell script posted on X, showcases an alarming abuse of legitimate platforms like GitHub and Dropbox…
-
Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks
Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems.”Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections First seen…
-
CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call
CoinMarketCap, the globally recognized cryptocurrency data aggregator, experienced a significant security incident when a vulnerability in its homepage doodle image was exploited to inject malicious code, leading to a phishing campaign targeting user wallets. Incident Overview The breach originated from a seemingly innocuous doodle image featured on CoinMarketCap’s homepage. Threat actors manipulated the backend API…
-
Threat Casting a Nation State Attack on Critical Infrastructure Scenario at CognectCon2025
Tags: attack, conference, cyber, cyberattack, cybersecurity, data, disinformation, infrastructure, iran, malicious, middle-east, risk, threat, vulnerability, wormDuring exercises at CognectCon2025 a number of cyberattack scenarios were discussed that highlighted the risks of cyber attackers leveraging cognitive vulnerabilities to cause major impacts to nation critical infrastructures. This video is a short report-out on one such possible scenario, before we began discussing how to prevent, detect, and respond to such an event. In…
-
Open Directories Exposes Publically Available tools Used by Hackers
A series of misconfigured web servers have been uncovered, revealing a treasure trove of publicly accessible tools and tactics employed by malicious actors targeting critical infrastructure. These exposed open directories, discovered through Hunt’s advanced scanning capabilities, highlight a significant security lapse that threat actors are exploiting with low-cost, high-reward methods. Unveiling Hidden Threats on the…
-
Your passwords are everywhere: What the massive 16 billion login leak means for you
Security researchers discovered 16 billion stolen passwords from Apple, Google, Facebook and more. Unlike traditional hacks, malicious software infected millions of personal devices, secretly stealing every login. Here’s what this means for your accounts and how to protect yourself immediately. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/your-passwords-are-everywhere-what-the-massive-16-billion-login-leak-means-for-you/
-
Internet users advised to change passwords after 16bn logins exposed
Tags: access, credentials, cybercrime, data, data-breach, google, Internet, login, malicious, password, softwareHacked credentials could give cybercriminals access to Facebook, Meta and Google accounts among othersInternet users have been told to change their passwords and upgrade their digital security after researchers claimed to have revealed the scale of sensitive information 16bn login records potentially available to cybercriminals.Researchers at Cybernews, an <a href=”https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/”>online tech publication, said they had…
-
Hackers Post Dozens of Malicious Copycat Repos to GitHub
As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dozens-malicious-copycat-repos-github
-
Beware of Weaponized MSI Installer Masquerading as WhatsApp to Deliver XWorm RAT
A newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file. This deceptive campaign delivers a customized version of the XWorm Remote Access Trojan (RAT), a malicious tool designed to infiltrate systems, steal sensitive…
-
Malicious AI Agent in LangSmith May Have Exposed API Data
High-Severity Flaw in LangChain’s AI Tooling Hub Now Patched. A flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents. First seen on govinfosecurity.com Jump…
-
Threat Actors Manipulate Google Search Results to Display Scammer’s Phone Number Instead of Real Number
Threat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft deceptive advertisements that mimic legitimate websites, particularly targeting popular brands and tech support services. By leveraging the visibility of paid ads, which often appear at the top of search results,…
-
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct campaigns, targeting more than 1,271 users with deceptive emails that lead to fraudulent pages hosted…
-
Microsoft boosts default security of Windows 365 Cloud PCs
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/20/microsoft-boosts-default-security-of-windows-365-cloud-pcs/
-
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
The campaign had a tell: ReversingLabs observed a few telling signs about the repositories that can help catch the infection at its source. “For the majority of the malicious repositories, the owner only has that (the malicious one) one repository listed under its GitHub account,” Simmons said. “This indicates that these kinds of user accounts…
-
Versa Director Flaws Let Attackers Execute Arbitrary Commands
A newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems. The vulnerabilities, tracked as CVE-2025-23171 and CVE-2025-23172, stem from insecure file upload and webhook functionalities, both carrying a CVSS score of 7.2, indicating high…
-
Malicious Support Tickets Let Hackers Exploit Atlassian’s Model Context Protocol
A new class of cyberattack is targeting organizations leveraging Atlassian’s Model Context Protocol (MCP), exposing a critical weakness in the boundary between external and internal users. Researchers have demonstrated that malicious support tickets can be weaponized to exploit AI-powered workflows in Atlassian’s Jira Service Management (JSM), enabling attackers to gain privileged access and exfiltrate sensitive…