Tag: malware
-
BADIIS Malware Targets Over 1,800 Windows Servers in Massive SEO Poisoning Attack
Over 1,800 Windows IIS servers worldwide have been compromised in a large-scale search engine optimization (SEO) poisoning campaign driven by the BADIIS malware, a malicious IIS module used to hijack legitimate web traffic. The operation, tracked by Elastic Security Labs as REF4033, is attributed to a Chinese-speaking cybercrime group that monetizes these compromised servers by…
-
Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with >>Graphalgo<< Malware
The post Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with >>Graphalgo<< Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/dream-job-or-nightmare-lazarus-group-hunts-crypto-devs-with-graphalgo-malware/
-
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/booz-allen-announces-general-availability-vellox-reverser
-
The Agentic Virus: How AI Agents Become Self-Spreading Malware
In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot in enterprise identity. The problem: thousands of MCP deployments running with overly broad tokens, no authentication, and no connection to your identity fabric. The solution: federate everything through the Maverics AI Identity Gateway. That post assumed……
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
NDSS 2025 Revisiting Concept Drift In Windows Malware Detection
Session 12B: Malware Authors, Creators & Presenters: Adrian Shuai Li (Purdue University), Arun Iyengar (Intelligent Data Management and Analytics, LLC), Ashish Kundu (Cisco Research), Elisa Bertino (Purdue University) PAPER Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples In applying deep learning for malware classification, it is crucial to…
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fileless .NET stage and a modular XWorm core: Beyond initial access, Fortinet observed a fileless .NET stage loaded directly into memory, followed by process hollowing into msbuild.exe, a legitimate Microsoft build tool capable of executing .NET code. The choice of msbuild.exe aligns with the malware’s runtime requirements while helping it blend into normal system activity.”A…
-
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware
A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
-
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/world-leaks-ransomware-rustyrocket/
-
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Tags: attack, backdoor, botnet, cyber, ddos, exploit, infrastructure, malware, network, vulnerabilityFeiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small”‘business storage into infrastructure for DDoS attacks.”‹ The malware opens an HTTP backdoor on port 57132, letting attackers run arbitrary system commands remotely via crafted GET requests to the /api path. Using traffic fingerprints from…
-
$44 Evilmouse Malware Grants Attackers Full Control of Systems Upon Connection
A new hardware-based threat has emerged that disguises malicious code execution capabilities inside an ordinary computer mouse. Dubbed >>EvilMouse,<< this covert keystroke injector demonstrates how everyday peripherals can become powerful attack tools for just $44 in parts. EvilMouse operates similarly to the well-known USB Rubber Ducky penetration testing tool. However, with a crucial difference: it…
-
Malicious ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users
A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information”‘stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom infostealer calling itself “bada stealer”, and remains available at the time of reporting, which raises serious concerns for developers who may…
-
When security decisions come too late, and attackers know it
In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and how CI/CD … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/chris-oferrell-codehunter-behavioral-intent-analysis-malware-detection/
-
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets GitHub, npm, and PyPI to Spread Malware
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open”‘source ecosystems to deliver malware to cryptocurrency”‘focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hide multi”‘stage payloads behind seemingly legitimate coding tasks and packages. Since early May 2025, attackers have been approaching JavaScript and Python developers via…
-
Fake CAPTCHA Attacks Exploit Key Entry Point for LummaStealer Malware
Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have rebuilt at scale and are again harvesting credentials, crypto wallets, and personal data worldwide. LummaStealer…
-
Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat
Darktrace researchers caught a sample of malware that was created by AI and LLMs to exploit the high-profiled React2Shell vulnerability, putting defenders on notice that the technology lets even lesser-skilled hackers create malicious code and build complex exploit frameworks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/hackers-use-llm-to-create-react2shell-malware-the-latest-example-of-ai-generated-threat/
-
Once-hobbled Lumma Stealer is back with lures that are hard to resist
Tags: malwareClickFix bait, combined with advanced Castleloader malware, is installing Lumma “at scale.” First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/once-hobbled-lumma-stealer-is-back-with-lures-that-are-hard-to-resist/