Tag: malware
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/
-
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious ‘prettier-vscode-plus’ extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data. First seen on hackread.com Jump to article: hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware
Zapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently distributed across the npm ecosystem. The attack represents a significant supply chain threat, with the affected packages collectively generating approximately 132 million monthly downloads across critical infrastructure and development tools. The malware-laden packages span multiple…
-
Malware im Anmarsch: Kritische Windows-Lücke ermöglicht Angriffe über JPEG-Daten
Forscher warnen vor einer kritischen Sicherheitslücke in einer Windows-Bibliothek. Angreifer können über JPEG-Bilddaten Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/malware-im-anmarsch-kritische-windows-luecke-ermoeglicht-angriffe-ueber-jpeg-daten-2511-202528.html
-
Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware
Zapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently distributed across the npm ecosystem. The attack represents a significant supply chain threat, with the affected packages collectively generating approximately 132 million monthly downloads across critical infrastructure and development tools. The malware-laden packages span multiple…
-
LLMs Tools Like GPT-3.5-Turbo and GPT-4 Fuel the Development of Fully Autonomous Malware
The rapid proliferation of large language models has transformed how organizations approach automation, coding, and research. Yet this technological advancement presents a double-edged sword: threat actors are increasingly exploring how to weaponize these tools for creating next-generation, autonomously operating malware. Recent research from Netskope Threat Labs reveals that GPT-3.5-Turbo and GPT-4 can be manipulated to…
-
New EtherHiding Technique Uses Web Attacks to Deploy Malware and Rotate Payloads
A new era of web-delivered malware has arrived with EtherHiding, a technique that fundamentally reshapes how attackers distribute and rotate malicious payloads. Unlike traditional threats that rely on static staging servers or disposable redirect chains, EtherHiding leverages smart contracts on the Binance Smart Chain (BSC) testnet, enabling attackers to update or rotate malicious payloads instantly…
-
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries
K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…
-
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries
K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…
-
Operation Endgame disrupts Rhadamanthys information-stealing malware
International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/operation-endgame-disrupts-rhadamanthys-information-stealing-malware
-
Operation Endgame disrupts Rhadamanthys information-stealing malware
International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/operation-endgame-disrupts-rhadamanthys-information-stealing-malware
-
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Tags: access, cve, exploit, flaw, intelligence, malware, microsoft, open-source, service, threat, update, vulnerability, windowsA recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.”The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source First…
-
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Tags: access, cve, exploit, flaw, intelligence, malware, microsoft, open-source, service, threat, update, vulnerability, windowsA recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.”The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source First…
-
China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack
The post China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-apt24-launches-stealth-badaudio-malware-hitting-1000-domains-via-taiwanese-supply-chain-hack/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects GPT Trade: Fake Google Play Store…
-
Security Affairs newsletter Round 551 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, cisa, cyberespionage, email, international, malware, oracle, supply-chain, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle…
-
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks
APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web…
-
Chinese APT24 Deploys Custom Malware, New Stealthy Tactics
3-Year Espionage Campaign Targeted Taiwanese Firms. Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt24-deploys-custom-malware-new-stealthy-tactics-a-30103
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
Cybercriminals Exploit Browser Push Notifications to Deliver Malware
Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/browser-push-notifications-deliver/
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Recognizing and responding to cyber threats: What differentiates NDR, EDR and XDR
Tags: access, attack, automation, breach, cloud, communications, computer, cyber, cybersecurity, data, data-breach, defense, detection, edr, endpoint, firewall, intelligence, iot, malware, microsoft, monitoring, network, siem, software, sql, strategy, technology, threat, tool, windowsEDR identifies noticeable changes at the endpoint EDR, the oldest of the three detection technologies, monitors endpoints to mitigate attacks on them. Endpoints are network devices such as PCs, file servers, smartphones and IoT devices that connect to the network to communicate. A software agent is used to inventory EDR malware and suspicious activity detected…
-
Recognizing and responding to cyber threats: What differentiates NDR, EDR and XDR
Tags: access, attack, automation, breach, cloud, communications, computer, cyber, cybersecurity, data, data-breach, defense, detection, edr, endpoint, firewall, intelligence, iot, malware, microsoft, monitoring, network, siem, software, sql, strategy, technology, threat, tool, windowsEDR identifies noticeable changes at the endpoint EDR, the oldest of the three detection technologies, monitors endpoints to mitigate attacks on them. Endpoints are network devices such as PCs, file servers, smartphones and IoT devices that connect to the network to communicate. A software agent is used to inventory EDR malware and suspicious activity detected…

