Tag: malicious

Malicious PyPI packages aim to backdoor Windows, Linux systems

Jun 3, 2025 9:55 PM

Tags: backdoor, linux, malicious, pypi, windows

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-aim-to-backdoor-windows-linux-systems
Malicious RubyGems pose as Fastlane to steal Telegram API data

Jun 3, 2025 6:54 PM

Tags: api, data, malicious

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Jun 3, 2025 5:54 PM

Tags: attack, malicious, powershell, rat, threat

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.” First…
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence

Jun 3, 2025 4:54 PM

Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerability

In healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
Mozilla launches new system to detect Firefox crypto drainer add-ons

Jun 3, 2025 4:54 PM

Tags: browser, crypto, malicious

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 3, 2025 4:54 PM

Tags: cve, cvss, cybersecurity, exploit, flaw, malicious, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case…
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 3, 2025 4:54 PM

Tags: cve, cvss, cybersecurity, exploit, flaw, malicious, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case…
New Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM Guardrails

Jun 3, 2025 1:54 PM

Tags: ai, cloud, cyber, cybersecurity, data, exploit, LLM, malicious, risk, vulnerability

Cybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed to mitigate risks such as data leakage, biased outputs, and malicious exploitation, are critical to the secure deployment of AI models in enterprise environments. Exposing the Dual Nature of AI…
Hackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated Payloads

Jun 3, 2025 1:54 PM

Tags: access, ai, cyber, data-breach, exploit, github, hacker, Internet, malicious, risk, threat, tool, vulnerability

A malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to enhance large language models (LLMs). This incident underscores the growing risks associated with internet-exposed AI tools, as attackers leveraged administrative access on a vulnerable system to inject malicious AI-generated Python…
Threat Actors Exploit DevOps Web Server Misconfigurations to Deploy Malware

Jun 3, 2025 12:55 PM

Tags: attack, cyber, exploit, malicious, malware, threat, tool, vulnerability

Threat actors have increasingly turned their attention to exploiting misconfigurations in DevOps-managed web servers to deploy malicious payloads. Recent investigations into web server vulnerabilities reveal a sophisticated pattern of attacks targeting poorly secured environments. These misconfigurations, often stemming from improper setup of popular tools and platforms, provide an open gateway for attackers to infiltrate systems,…
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript

Jun 3, 2025 11:54 AM

Tags: attack, crypto, cyber, cybersecurity, exploit, malicious, threat

A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in…
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques

Jun 3, 2025 11:54 AM

Tags: cyber, cybersecurity, malicious, ransom, ransomware, software, tactics, threat, windows

A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ransoms for decryption keys. New Threat Emerges with Sophisticated Tactics Unlike typical ransomware, Lyrix incorporates cutting-edge evasion…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Jun 3, 2025 11:54 AM

Tags: android, banking, crypto, detection, finance, malicious, malware

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s…
AI gives superpowers to BEC attackers

Jun 3, 2025 9:54 AM

Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, training

The role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
International law enforcement effort dismantles malicious antivirus scanner

Jun 2, 2025 10:54 PM

Tags: antivirus, international, law, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/international-law-enforcement-effort-dismantles-malicious-antivirus-scanner
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware

Jun 2, 2025 9:54 PM

Tags: attack, captcha, cyber, cybersecurity, data, malicious, malware, rust, social-engineering, tactics, threat

Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack employs the ClickFix technique, tricking victims into executing malicious commands through fake verification prompts, representing a significant evolution in social engineering tactics used by cybercriminals.…
Monster Mitigates Malicious Traffic Fake Accounts with DataDome’s AI-Powered Protection

Jun 2, 2025 6:54 PM

Tags: ai, fraud, jobs, malicious

By eliminating click fraud, blocking job scrapers, stopping fake accounts, and reducing DevOps workload, Monster safeguarded its revenue, improved the platform’s integrity, and freed up engineering resources thanks to DataDome First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/monster-mitigates-malicious-traffic-fake-accounts-with-datadomes-ai-powered-protection/
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

Jun 2, 2025 5:54 PM

Tags: android, cve, cyber, flaw, malicious, risk, theft, unauthorized, vulnerability

On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on smartphones from Ulefone and Krüger&Matz. These flaws, tracked as CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917, expose users to risks ranging from unauthorized device resets to theft of sensitive PIN codes and privilege escalation by malicious applications. Technical…
Sysdig Reveals Discovery of Cyberattack Aimed at Tool to Build AI Apps

Jun 2, 2025 4:54 PM

Tags: ai, attack, cyberattack, injection, intelligence, malicious, threat, tool, training

Sysdig today disclosed an example of how a tool for training artificial intelligence (AI) models was compromised by a cyberattack that led to the injection of malicious code and the downloading of cryptominers. The Sysdig Threat Research Team (TRT) discovered an attack aimed at a misconfigured instance of Open WebUI, a tool widely used by..…
FBI cracks down on crypting crew in a global counter-antivirus service disruption

Jun 2, 2025 2:54 PM

Tags: antivirus, botnet, cybercrime, data, email, group, law, malicious, ransomware, service, threat, tool

Takedown was part of ‘Endgame’ operation: According to the Dutch officials’ statement, the seizure is closely linked to Operation Endgame, a law enforcement operation that conducted the largest botnet takedown exactly a year ago.The DOJ said that undercover purchases and service analysis confirmed that the websites supported cybercrime. Court documents alleged investigators linked emails and…
HuluCaptcha: Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command

Jun 2, 2025 2:54 PM

Tags: attack, captcha, cyber, exploit, malicious, phishing, windows

Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed >>HuluCaptcha
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Jun 2, 2025 1:54 PM

Tags: attack, cyber, linux, malicious, open-source, pypi, supply-chain, tactics, windows

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

Jun 1, 2025 3:55 PM

Tags: data, google, international, leak, malicious, malware, network, powershell, russia

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware…
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

May 31, 2025 10:55 AM

Tags: cybercrime, law, malicious, service, software, threat

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May…
Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

May 30, 2025 5:55 PM

Tags: ai, cisco, cyber, exploit, malicious, malware, ransomware, technology, threat, tool

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed “Numero,” exploit the growing popularity of AI solutions in sectors like B2B sales, technology, and…
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

May 30, 2025 5:55 PM

Tags: browser, captcha, chrome, data, encryption, malicious, malware, powershell, rust, social-engineering

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.”This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as First seen on thehackernews.com…
Evaluating the Security Efficacy of Web Application Firewalls (WAFs)

May 30, 2025 3:55 PM

Tags: api, firewall, malicious, waf

Web Application Firewalls (WAFs) are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most. Not all WAFs are created equal, and a……