Tag: malware
-
FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry
During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker…
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry
During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker…
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
Gefährliche Sicherheitslücke: Hacker schleusen über Notepad++-Updater Malware ein
Angreifer verbreiten über eine Sicherheitslücke im Updater von Notepad++ Malware. Der Entwickler warnt und rät zum Update – aber besser von Hand. First seen on golem.de Jump to article: www.golem.de/news/besser-manuell-patchen-hacker-nutzen-gefaehrliche-luecke-im-notepad-updater-aus-2512-203082.html
-
FlexibleFerret Wenn die Jobsuche zur Malware-Falle wird
Das Threat Labs Team von Jamf hat eine neue Variante der Malware-Familie FlexibleFerret untersucht. Die Schadsoftware wird Gruppen zugeschrieben, die im Umfeld Nordkoreas agieren und bereits durch die sogenannte Contagious Interview Kampagne aufgefallen sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/flexibleferret-jobsuche-malware-falle
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/packer-as-a-service-shanya-hides-ransomware-kills-edr
-
Google Patches AI Flaw That Turned Gemini Into a Spy
Zero-Click Vulnerability Let Attackers Weaponize Enterprise AI Assistant. Google patched a vulnerability in Gemini Enterprise that allowed attackers to steal corporate data through a shared document, calendar invitation or email without any user action or security alerts. No malware was executed, no credentials were phished and no data left through approved channels. First seen on…
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.”EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and First seen on thehackernews.com…
-
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.…
-
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/
-
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Secure by Design auch eine Frage der Firewall
Sophos hat heute die Veröffentlichung der Sophos Firewall v22 (SFOS v22) bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”,…
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
Security researchers at Koi Security have uncovered a sophisticated malware campaign targeting developers through the Visual Studio Code Marketplace. The attack uses two seemingly innocent extensions a dark theme and an AI assistant to unleash a potent infostealer capable of capturing screenshots, hijacking browser sessions, and stealing Wi-Fi passwords. The malicious extensions, identified as >>Bitcoin BlackCodo…
-
Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
Security researchers at Koi Security have uncovered a sophisticated malware campaign targeting developers through the Visual Studio Code Marketplace. The attack uses two seemingly innocent extensions a dark theme and an AI assistant to unleash a potent infostealer capable of capturing screenshots, hijacking browser sessions, and stealing Wi-Fi passwords. The malicious extensions, identified as >>Bitcoin BlackCodo…