Tag: malicious
-
US Crackdown With Microsoft: Over 100 Russian Domains Seized
In the most recent US crackdown with Microsoft a total of 107 Russian domains have been seized. Reports claim that these domains were mainly used by state sponsored threat actors for malicious purposes. In this article, we’ll dive into the details of the US crackdown, the threat actor behind the malicious initiatives, and more. Let’s……
-
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.”This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,” French cybersecurity company Sekoia…
-
Daily Cyberattacks Surge to 600 Million
Microsoft has revealed that its customers are subjected to over 600 million cybercriminals and nation-state cyberattacks daily. These threats encompass a broad spectrum of malicious activities, from ransomware and phishing to identity theft. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/nation-state-cyberattacks/
-
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/edrsilencer-red-team-tool-used-in-attacks-to-bypass-security/
-
HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware
The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts. Once executed, these scripts decode and execute the malicious payload, as this new distribution method makes detection and prevention more challenging due…
-
New ConfusedPilot Attack Targets AI Systems with Data Poisoning
Researchers have discovered a new cyber-attack method called ConfusedPilot that can manipulate AI-generated responses by injecting malicious content into documents referenced by AI systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/confusedpilot-attack-targets-ai/
-
Over 200 malicious apps on Google Play downloaded millions of times
Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-200-malicious-apps-on-google-play-downloaded-millions-of-times/
-
Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign
The sophisticate campaign, ErrorFather, employs keylogging, virtual networks and a domain generation algorithm to target Android users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cerberus-android-banking-trojan/
-
Eight Million Users Install 200+ Malicious Apps from Google Play
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/eight-million-download-200-mal/
-
Command-jacking used to launch malicious code on open-source platforms
First seen on scworld.com Jump to article: www.scworld.com/news/command-jacking-used-to-launch-malicious-code-on-open-source-platforms
-
ConfusedPilot Attack Can Manipulate RAG-Based AI Systems
Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/confusedpilot-attack-manipulate-rag-based-ai-systems
-
Nation-state actor exploited three Ivanti CSA zero-days
An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry out malicious activities. The three vulnerabilities exploited by the threat actor are: “an advanced adversary…
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to…
-
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Perfectl Malware
Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity…
-
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/
-
Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/156-increase-in-oss-malicious/
-
OpenAI Disrupts 20+ Malicious Operations, Including Election Interference and Malware Development
OpenAI has published a report detailing its efforts to combat the misuse of its AI models, revealing the disruption of over 20 operations linked to cyberattacks, influence campaigns, and disinformation.... First seen on securityonline.info Jump to article: securityonline.info/openai-disrupts-20-malicious-operations-including-election-interference-and-malware-development/
-
Malicious packages in open-source repositories are surging
The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds. First seen on cyberscoop.com Jump to article: cyberscoop.com/open-source-security-supply-chain-sonatype/
-
Technical Analysis of DarkVision RAT
Tags: access, antivirus, api, attack, cloud, communications, computer, control, cybercrime, data, detection, encryption, endpoint, infection, injection, malicious, malware, network, open-source, password, powershell, rat, remote-code-execution, startup, tactics, theft, threat, tool, windowsIntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. The RAT’s capabilities…
-
Flash Sales, Sneaker Drops, and Concert Tickets: Protecting Your Applications, APIs, and Bottom Line
Flash sales, hype sales, and online product launches like limited-edition sneakers generate interest, excitement, and high demand from customers, so naturally they have also become a target for cyberattacks. These events often involve high-value items, making them prime targets for malicious actors and their bot armies. Understanding application and API vulnerabilities and the… First seen…
-
Best Anti-Malware Software for Mac 2025
Anti-malware for Macs detects, blocks, and removes malicious software, including viruses, ransomware, and spyware. Check out the best solutions here. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/mac-antivirus-malware-software/
-
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year.This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on…
-
Cybercriminals Are Targeting AI Conversational Platforms
Resecurity reports a rise in attacks on AI Conversational platforms, targeting chatbots that use NLP and ML to enable automated, human-like interactions with consumers. Resecurity has observed a spike in malicious campaigns targeting AI agents and Conversational AI platforms that leverage chatbots to provide automated, human-like interactions for consumers. Conversational AI platforms are designed to…
-
Malicious Pixels: Criminals Revamp QR Code Phishing Attacks
Attackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns. Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII full block characters to build working QR codes designed to evade optical character recognition defenses, warns cybersecurity firm Barracuda Networks. First seen…
-
New Generation of Malicious QR Codes Uncovered by Researchers
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-gen-malicious-qr-codes/
-
Creative Abuse of Cloud Files Bolsters BEC Attacks
Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/microsoft-creative-abuse-cloud-files-bec-attacks
-
CISA Alerted Users to Remain Vigil on Natural Disasters Scam
As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent emails and social media messages that often follow in the wake of major natural disasters.…