Tag: backdoor
-
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
by
in SecurityNewsCISA Publishes Anatomy of Advanced Ivanti VPN Malware. Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
by
in SecurityNewsThe threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
by
in SecurityNewsCisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
by
in SecurityNewsCrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
by
in SecurityNewsCisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
-
China’s FamousSparrow flies back into action, breaches US org after years off the radar
by
in SecurityNewsCrew also cooked up two fresh SparrowDoor backdoor variants, says ESET First seen on theregister.com Jump to article: www.theregister.com/2025/03/27/china_famoussparrow_back/
-
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
by
in SecurityNewsDeep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research Institute and the Mohamed bin Zayed University of Artificial Intelligence have developed DeBackdoor, a novel…
-
Chinese FamousSparrow hackers deploy upgraded malware in attacks
by
in SecurityNewsA China-linked cyberespionage group known as ‘FamousSparrow’ was observed using a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/
-
Malicious npm packages found to create a backdoor in legitimate code
by
in SecurityNewsAttackers open a reverse shell: This payload is a reverse shell that uses the ssh2 client functionality from the original ethers-provider2 to establish an SSH connection to an attacker-controlled server. The ethers-provider2 ssh client code is modified to listen to certain messages from the server and turn into a reverse shell, meaning the server can…
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
New npm Malware Attack Infects Popular Ethereum Library with Backdoor
by
in SecurityNewsSecurity researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new… First seen on hackread.com Jump to article: hackread.com/npm-malware-infects-ethereum-library-with-backdoor/
-
New npm attack poisons local packages with backdoors
by
in SecurityNewsTwo malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
-
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
by
in SecurityNewsThe threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.”In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious…
-
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared…
-
New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit
by
in SecurityNewsResearchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the U.S., employs advanced techniques to evade detection and maintain persistence on compromised systems. Exploitation of…
-
Novel Betruger backdoor deployed by RansomHub affiliate
by
in SecurityNews
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-betruger-backdoor-deployed-by-ransomhub-affiliate
-
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
by
in SecurityNewsResearchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s…
-
RansomHub affiliate uses custom backdoor Betruger
by
in SecurityNewsSymantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture,…
-
Cisco Smart Licensing Utility flaws actively exploited in the wild
by
in SecurityNewsExperts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the…
-
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
by
in SecurityNewsAttackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-smart-licensing-utility-flaws-now-exploited-in-attacks/
-
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
by
in SecurityNewsSymantec’s Threat Hunter team has identified a sophisticated custom backdoor named >>Betruger
-
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
by
in SecurityNewsSecurity researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/
-
RansomHub affiliate leverages multi-function Betruger backdoor
by
in SecurityNewsA RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/ransomhub-affiliate-leverages-multi-function-betruger-backdoor/
-
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
by
in SecurityNewsCybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.”This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent First seen on thehackernews.com Jump…
-
Tomcat PUT to active abuse as Apache deals with critical RCE flaw
by
in SecurityNews
Tags: apache, api, attack, authentication, backdoor, cve, cvss, data, encryption, exploit, flaw, malicious, rce, remote-code-execution, tactics, threat, update, vulnerability) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed.”A devastating new remote code execution (RCE) vulnerability is now actively exploited in the wild,” Wallarm said in a blog post. “Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers.”PUT API requests are used to update…
-
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo,…
-
Chinese Hackers Target European Diplomats with Malware
by
in SecurityNewsMirrorFace Expands Operations, Revives Anel Backdoor for Espionage. A threat actor associated with Chinese cyberespionage campaigns against Japan stepped outside its East Asian comfort zone to target a European organization with a refreshed set of hacking tools. A hacking group tracked as MirrorFace and Earth Kasha deployed a backdoor once exclusively used by APT10. First…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
by
in SecurityNews
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Transparency in UK-Apple backdoor hearing urged by US lawmakers, privacy advocates
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/transparency-in-uk-apple-backdoor-hearing-urged-by-us-lawmakers-privacy-advocates