Tag: malicious
-
Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817)
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the arbitrary file read and SSRF vulnerabilities in Apache Kafka (CVE-2025-27817); Because the Apache Kafka client does not strictly validate and restrict user input, an unauthenticated attacker can elevate the file system/environment/URL access rights of the REST API by constructing malicious configurations…The…
-
INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants.The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies from 26 countries to identify servers, map physical networks, and execute targeted takedowns.”These First…
-
Secure Enterprise Browser Adoption to Hit 25% by 2028
Secure enterprise browsers deliver multi-layered security, including web security, protection against malware on the endpoint, and defense against malicious extensions. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/gartner-secure-enterprise-browser-adoption-25-by-2028
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to enterprise and consumer devices. Insecure NVRAM Variable Handling The vulnerability stems from the improper use…
-
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
New Report Highlights the Internet as the Primary Threat to Industrial Automation Systems
A recent report by Kaspersky ICS CERT, released on June 10, 2025, sheds light on the persistent and evolving cyberthreats targeting industrial automation systems (IAS) worldwide during the first quarter of 2025. The comprehensive analysis, based on data from Kaspersky Security Network (KSN), reveals that 21.9% of Industrial Control System (ICS) computers globally encountered malicious…
-
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools… First seen on hackread.com Jump to article: hackread.com/openai-shuts-down-ai-ops-china-russia-iran-nkorea/
-
OpenAI’s ChatGPT a Hit With Nation-State Hackers
Malicious Accounts Linked to Malware, Influence Operations. OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI’s tools for malware development and social media manipulation. First seen on govinfosecurity.com Jump to article:…
-
Beware of Instagram Growth Tools Stealing Login Credentials and Sending Them to Attackers
A discovery by Socket’s Threat Research Team has unveiled a malicious Python package named imad213, masquerading as an Instagram growth tool. Created by a threat actor identified as im_ad__213 with the associated email madmadimado59@gmail[.]com, this malware cunningly tricks users into surrendering their Instagram credentials. Deceptive Python Package Targets Instagram Users Promoted with a polished GitHub…
-
From malware to deepfakes, generative AI is transforming attacks
Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-malware-open-source-phishing-gartner/750283/
-
From malware to deepfakes, Gen AI is transforming cyberattacks
Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-malware-open-source-phishing-gartner/750283/
-
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites.”Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan First seen on thehackernews.com Jump to…
-
Hackers Persist in Using ConnectWise ScreenConnect Tool to Distribute Malware
Hackers continue to exploit the ConnectWise ScreenConnect remote management and monitoring (RMM) tool to deploy malicious payloads, with a focus on financial organizations. An independent researcher first reported a potential critical vulnerability in ScreenConnect versions 23.9.7 and prior through the ConnectWise Trust Center’s vulnerability disclosure program. Malicious Campaigns Targeting Financial Organizations This flaw has since…
-
New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques
Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely on embedded malicious links, these sophisticated attacks exploit the inherent trust users place in SharePoint, a widely adopted collaboration platform within enterprises. By disguising phishing…
-
New npm threats can erase production systems with a single request
Smart and fail-safe command and control: The ‘monitoring’ malicious package is designed to auto-detect the host OSUnix or Windowsand the server framework (Express, Fastify, or native HTTP). It registers OS-specific destructive routes that execute file-system wipes regardless of the environment.Additionally, to increase reliability, the malware exposes three backdoor endpoints: a default reconnaissance module, a primary…
-
Critical Vulnerability in Lovable’s Security Policies Allows Malicious Code Injection
Security researchers have uncovered a widespread vulnerability in Lovable’s AI-powered development platform that exposes sensitive user data and enables malicious code injection across hundreds of applications. The critical vulnerability, discovered on March 20, 2025, affects the platform’s implementation of Row Level Security (RLS) policies, potentially compromising personal information of thousands of users. The security breach…
-
Malicious Actors Exploit SoraAI’s Popularity GitHub to Distribute Malware
Threat actors are leveraging the growing popularity of OpenAI’s Sora, a cutting-edge video generation model, to distribute malicious software. Disguised as a legitimate shortcut file named >>SoraAI.lnk,
-
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.”A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of…
-
Vulnerability in DanaBot Malware C2 Server Leaks Threat Actor Usernames and Crypto Keys
Tags: breach, control, crypto, cyber, cybersecurity, data, infrastructure, leak, malicious, malware, threat, vulnerabilityA severe vulnerability in the command-and-control (C2) infrastructure of the notorious DanaBot malware has been uncovered, potentially exposing critical data belonging to threat actors. Researchers have identified a misconfiguration in the server setup that inadvertently leaks usernames and cryptographic keys used by malicious operators to manage their campaigns. This breach could provide cybersecurity defenders with…
-
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api. First seen on hackread.com Jump to article: hackread.com/backdoors-npm-packages-attackers-wipe-systems/
-
China-Backed Hackers Target SentinelOne in ‘PurpleHaze’ Attack Spree
Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/china-hackers-target-sentinelone-purplehaze-attack
-
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks.Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that…
-
Hackers Deploy FormBook Malware via Weaponized Excel Files to Target Windows Systems
A critical phishing campaign targeting Windows users has been uncovered by FortiGuard Labs, leveraging malicious Excel attachments to exploit a long-standing vulnerability in older versions of Microsoft Office. This sophisticated attack distributes FormBook, a notorious information-stealing malware designed to harvest sensitive data such as login credentials, keystrokes, and clipboard information. Phishing Campaign Exploits Old Microsoft…
-
Unmasking the silent saboteur you didn’t know was running the show
Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trustCybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
-
Multiple QNAP Flaws Allow Remote Attackers to Hijack User Accounts
QNAP has issued a security advisory warning users of Qsync Central about two critical vulnerabilities that could allow attackers to access sensitive data or execute malicious code. The affected software is widely used for synchronizing files across QNAP NAS devices and connected clients. Below is a comprehensive analysis of the vulnerabilities, their technical details, and…