Tag: tool
-
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
-
New malware turns Linux systems into P2P attack networks
Persistence through rootkits and PAM backdoors: The researchers also wrote of QLNX’s use of rootkits and Linux Pluggable Authentication Modules (PAM) to establish long term persistence. According to Trend Micro, the malware leverages rootkit functionality to conceal malicious activity, processes, and components from administrative tools and security monitoring systems.The malware was also observed tampering with…
-
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/research-hub-bridges-cybersecurity-gap-organizations
-
TeamPCP spielt falsches Spiel mit <> Bitwarden-Tool
Sicherheitsforscher von JFrog haben einen ausgeklügelten Supply-Chain-Angriff im npm-Ökosystem aufgedeckt. Ein manipuliertes Bitwarden-CLI-Paket tarnt sich als legitimes Entwickler-Tool und schleust Schadcode direkt beim Installationsprozess ein. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/teampcp-bitwarden-tool
-
CyberSoftware Schutz in Schichten denken
Mehrstufige Sicherheit als Unternehmensstrategie Die Infografik »Cyber Security Software« zeigt, dass IT”‘Sicherheit heute aus einem mehrschichtigen System besteht. Kein einzelnes Tool kann alle Risiken abdecken entscheidend ist das Zusammenspiel spezialisierter Lösungen entlang der gesamten IT”‘Infrastruktur. Prävention und Zugriffsschutz Firewalls, Antivirensoftware und Endpoint”‘Protection bilden die erste Verteidigungslinie. Sie verhindern, dass Schadsoftware oder unautorisierte Zugriffe überhaupt… First…
-
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft.”According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time…
-
Daemon Tools: Offizielle Downloads enthalten seit Wochen Malware
Seit Anfang April wird über die offizielle Webseite des Entwicklers von Daemon Tools Malware verbreitet. Auch in Deutschland gibt es Infektionen. First seen on golem.de Jump to article: www.golem.de/news/daemon-tools-offizielle-downloads-enthalten-seit-wochen-malware-2605-208362.html
-
AIMap: Open-source tool finds and tests exposed AI endpoints
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/aimap-ai-attack-surface-discovery/
-
Offizielle Daemon Tools-Downloads werden zur Malware-Falle
Ein aktueller Supply-Chain-Angriff auf Daemon Tools sorgt für weltweite Sicherheitsrisiken. Über die offizielle Downloadquelle wurde eine manipulierte Installationsdatei verbreitet, die neben der legitimen Software auch Schadcode enthält. Betroffen sind Nutzer in mehr als 100 Ländern, darunter auch Deutschland. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/daemon-tools-malware
-
German officials advance legislation that would expand law enforcement use of surveillance technology
The bills would legalize the use of automated data analysis and artificial intelligence tools that let police upload a photo of a face and scour the internet for more images depicting the same person. First seen on therecord.media Jump to article: therecord.media/german-officials-advance-laws-surveillance
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
German officials advance legislation that would expand law enforcement use of surveillance technology
The bills would legalize the use of automated data analysis and artificial intelligence tools that let police upload a photo of a face and scour the internet for more images depicting the same person. First seen on therecord.media Jump to article: therecord.media/german-officials-advance-laws-surveillance
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-miss/
-
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.”These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid First seen on…
-
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
The cybersecurity company says it’s seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/kaspersky-suspects-chinese-hackers-planted-a-backdoor-into-daemon-tools-in-widespread-attack/
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/
-
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations. Attackers successfully breached the development pipeline of AVB Disc Soft, the creators of the widely…
-
Huntress Expands Channel Partnerships to Boost Cybersecurity Reach Across Mid-Market and Public Sector
Global cybersecurity company Huntress has announced a major expansion of its global channel ecosystem, adding four new distribution partners to accelerate growth across the mid-market, public sector, and EMEA regions. The new partnerships with Ingram Micro, Vertosoft, Liquid PC, and QBS Software are designed to broaden access to enterprise-grade cybersecurity tools for organizations increasingly targeted…
-
The Back Door Attackers Know About, and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets…
-
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
-
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
-
CISOs step up to the security workforce challenge
Tags: ai, attack, automation, ciso, conference, control, cyber, cyberattack, cybersecurity, jobs, malicious, risk, skills, strategy, technology, threat, tool, trainingGomez-Sanchez and Turpin are speaking at the CSO Cybersecurity Awards & Conference, May 11-13. Reserve your place. And then there’s AI. When it comes to security, AI may help partially offset cyber skills shortages by automating certain tasks, but it also ramps up cyberattack volumes and expands the organizational attack surface, without fixing CISOs’ ongoing talent…
-
Zugriff auf Quellcode von Trellix: Cyberangriff trifft große Cybersicherheitsfirma
Ein Angreifer konnte auf Quellcode-Repositorys von Trellix zugreifen. Auch Tools anderer Cybersicherheitsfirmen standen zuletzt unter Beschuss. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-auf-cybersicherheitsfirma-angreifer-gelangt-an-quellcode-von-trellix-2605-208308.html
-
Cyberangriff auf Cybersicherheitsfirma: Angreifer gelangt an Quellcode von Trellix
Ein Angreifer konnte auf Quellcode-Repositorys von Trellix zugreifen. Auch Tools anderer Cybersicherheitsfirmen standen zuletzt unter Beschuss. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-auf-cybersicherheitsfirma-angreifer-gelangt-an-quellcode-von-trellix-2605-208308.html