Tag: malicious
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…
-
Evaluating the Security Efficacy of Web Application Firewalls (WAFs)
Web Application Firewalls (WAFs) are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most. Not all WAFs are created equal, and a……
-
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking pirated software, cybercriminals trick unsuspecting viewers into executing malicious PowerShell commands. These commands download dangerous malware strains such as Vidar and StealC, designed to harvest sensitive data from infected systems.…
-
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias >>cappership.
-
Novel Malware Evades Detection by Skipping PE Header in Windows
Researchers have identified a sophisticated new strain of malware that bypasses traditional detection mechanisms by entirely omitting the Portable Executable (PE) header in Windows environments. This innovative evasion tactic represents a significant shift in how malicious software can infiltrate systems, posing a critical challenge to conventional antivirus and endpoint detection solutions. Breakthrough in Malware Evasion…
-
FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure
The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-philippines-crypto-scam/
-
Interlock ransomware: what you need to know
“We don’t just want payment; we want accountability.” The malicious hackers behind the Interlock ransomware try to justify their attacks. First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know
-
Warning: Threat actors now abusing Google Apps Script in phishing attacks
script[.]google[.]com. The attacker is betting the user will see and trust the Google brand, and therefore trust the content.”By using a trusted platform to host the phishing page, the threat actor creates a false sense of security, obscuring the underlying threat with the goal of getting the recipient to enter their email and password without…
-
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
-
Tenable Bolsters AI Controls With Apex Security Acquisition
Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse. Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.…
-
Florida Health System Pays $800K for Insider Record Snooping
Case Stems From ‘Malicious Insider’ Accessing One Patient’s Medical Information. A Florida health system paid $800,000 and will implement a corrective action plan to settle a federal HIPAA investigation into a malicious insider incident involving a patient’s medical records in 2018. BayCare Health System did not admit wrongdoing. First seen on govinfosecurity.com Jump to article:…
-
US sanctions firm linked to cyber scams behind $200 million in losses
The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-company-linked-to-hundreds-of-thousands-of-cyber-scam-sites/
-
Cybercriminals exploit AI hype to spread ransomware, malware
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/
-
Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft
A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive”, no further interaction…
-
New PumaBot Hijacks IoT Devices via SSH Brute-Force for Persistent Access
Tags: access, botnet, cyber, cybersecurity, data-breach, exploit, Internet, iot, malicious, malware, software, threat, vulnerabilityA sophisticated new malware, dubbed PumaBot, has emerged as a significant threat to Internet of Things (IoT) devices worldwide. Cybersecurity researchers have identified this malicious software as a highly advanced botnet that exploits weak security configurations in IoT ecosystems, particularly targeting devices with exposed SSH (Secure Shell) ports. Emerging Threat Targets Vulnerable IoT Ecosystems By…
-
New Browser Exploit Technique Undermines Phishing Detection
Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/browser-exploit-technique/
-
Microsoft Entra’s billing roles pose privilege escalation risks in Azure
Potential abuse for persistence, elevated access: Essentially, guest users assigned specific billing roles, such as “Billing Account Contributor”, can create new Azure subscriptions within a host tenant. This action does not require explicit permissions in the target tenant, effectively allowing guests to establish a foothold without direct administrative oversight.Once a subscription is created, the guest…
-
Hackers Exploit Cloudflare Tunnels to Launch Stealthy Cyberattacks
Tags: cyber, cyberattack, cybersecurity, data, endpoint, exploit, group, hacker, international, malicious, network, ransomware, toolThe cybersecurity landscape, malicious actors, including notorious ransomware groups like BlackSuit, Royal, Akira, Scattered Spider, Medusa, and Hunters International, have been exploiting Cloudflared, a legitimate tunneling tool by Cloudflare, to orchestrate stealthy cyberattacks. Originally known as “Argo,” Cloudflared is designed to enable secure communication between remote endpoints over untrusted networks by encapsulating data in proprietary…
-
UTG015 Hackers Launch Massive Brute-Force Attacks on Government Web Servers
The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites like CSDN, has escalated its malicious activities, targeting government and enterprise web servers with unprecedented aggression. Initially disclosed for their tactics of website manipulation, the group has since pivoted to exploiting 0day and Nday vulnerabilities, launching widespread brute-force scanning and…
-
Critical Dell PowerStore T Vulnerability Allows Full System Compromise
As part of its ongoing commitment to product security, Dell Technologies has released a significant update for the PowerStore T family, remediating a series of vulnerabilities that could be exploited by malicious actors to compromise affected systems. The update, detailed in advisory DSA-2025-223, is rated as high impact and urges immediate attention from all PowerStore…
-
New Research Reveals Key TCP SYN Patterns for Detecting Malicious Activity
A groundbreaking study by NETSCOUT, utilizing data from their honeypot systems designed to capture unsolicited internet traffic, has shed light on the intricate patterns within Transmission Control Protocol (TCP) SYN segments the initial step in the TCP three-way handshake. Published in April 2025, the research meticulously analyzes packet headers to identify trends and anomalies in…
-
Malicious WordPress Plugin Disguised as Java Update Infects Site Visitors
A troubling new cyber threat has emerged targeting WordPress websites, where a malicious plugin masquerading as a legitimate tool tricks visitors into downloading harmful software. Disguised as “Yoast SEO” with convincing metadata, this plugin was recently uncovered in the /wp-content/plugins/contact-form/ directory of an infected site. Rather than providing SEO functionality, it injects a deceptive JavaScript…
-
Critical OneDrive Flaw Lets Malicious Websites Access All Your Files
A newly revealed vulnerability in Microsoft’s OneDrive File Picker has placed millions of users at risk, enabling popular web applications, including ChatGPT, Slack, Trello, and ClickUp, to gain full read access to users’ entire OneDrive accounts. The flaw, uncovered by the Oasis Security Research Team, stems from excessive OAuth permissions and insecure token management, raising…
-
How to threat hunt Living Off The Land binaries
In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/29/threat-hunt-living-off-the-land-binaries-video/
-
Stealthy Attacks: Silent Werewolf Deploys Custom Loaders in Espionage Operations
BI.ZONE Threat Intelligence has uncovered two new malicious campaigns attributed to the threat actor Silent Werewolf, once again First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-silent-werewolf-deploys-custom-loaders-in-espionage-operations/
-
APT41 malware abuses Google Calendar for stealthy C2 communication
The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/
-
Separating hype from reality: How cybercriminals are actually using AI
Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, data, defense, exploit, framework, group, incident response, malicious, mitre, strategy, technology, threat, vulnerability, zero-dayThe evolution of AI: Preparing defenders for tomorrow’s threats: As security professionals chart their defensive strategies, we must consider how AI will reshape cybercrime in the coming years. We also need to anticipate the fundamental pivots attackers will make, and what this evolution means for our entire industry. AI will inevitably impact vulnerability discovery, enable…