Tag: malicious
-
135% Surge: Inside the Holiday Bot Attacks of December 2025
DataDome detected a 135% surge in malicious bot attacks during December 2025. Discover how AI-powered bots targeted retailers and how we defended customers First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/135-surge-inside-the-holiday-bot-attacks-of-december-2025/
-
Why FIM Add-Ons Aren’t Integrity Monitoring ( Why EDR Still Isn’t Enough)
<div cla If you are running a strong EDR platform, you’re doing something right. EDR is essential. It’s great at detecting and responding to malicious activity: suspicious processes, behaviors, lateral movement, and indicators of compromise. But here’s the uncomfortable truth: EDR does not tell you, with certainty, whether your systems are still in a known and…
-
Breach Roundup: Firewalls Headed for Obsolesce
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…
-
How Attackers Hide Processes by Abusing Kernel Patch Protection
Security researchers have identified a sophisticated technique that allows attackers to hide malicious processes from Windows Task Manager and system monitoring tools, even on systems with Microsoft’s most advanced kernel protections enabled. The bypass leverages legitimate Windows APIs to manipulate core data structures before integrity checks can detect tampering, circumventing both PatchGuard and Hypervisor-Protected Code…
-
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.”The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further…
-
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords. First seen on hackread.com Jump to article: hackread.com/discord-nodecordrat-steal-chrome-data-npm-packages/
-
Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users
Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-deepseek-extensions-spy-chrome-users/
-
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)bitcoin-lib-js (193 Downloads)bip40 (970 Downloads)”The First seen on thehackernews.com Jump…
-
Three Malicious NPM Packages Target Developers’ Login Credentials
Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, collectively registered over 3,400 downloads before being removed from the npm registry in November 2025. The attack exploits developer trust in the legitimate BitcoinJS project…
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
-
900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats
OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users. The post 900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/
-
Hackers Using Malicious QR Codes for Phishing via HTML Table
Threat actors are continuing to refine “quishing” phishing delivered through QR codes by shifting from traditional image-based payloads to “imageless” QR codes rendered directly in email HTML, a tactic designed to sidestep security tools that focus on decoding QR images. QR code abuse is not new, but it remains effective because the user experience is…
-
Threat Actors Exploit Google Cloud Services to Steal Microsoft 365 Credentials
Tags: cloud, credentials, cyber, cybersecurity, email, exploit, google, infrastructure, malicious, microsoft, phishing, service, threatA sophisticated phishing campaign is exploiting Google Cloud infrastructure to bypass email security filters and steal Microsoft 365 credentials, demonstrating how attackers increasingly abuse trusted cloud platforms to lend legitimacy to their malicious activities. Cybersecurity researchers at Check Point have uncovered a large-scale operation targeting approximately 3,200 organizations, resulting in over 9,300 phishing emails over…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
Malicious Windows packer named pkr_mtsi used as a flexible malware loader in malvertising campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-loader-pkrmtsi-payloads/
-
900,000 Users Hit as Chrome Extensions Steal AI Chat Data
Malicious Chrome extensions stole AI chat data from over 900,000 users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/900000-users-hit-as-chrome-extensions-steal-ai-chat-data/
-
Why Legitimate Bot Traffic Is a Growing Security Blind Spot
Tags: maliciousSecurity teams have spent years improving their ability to detect and block malicious bots. That effort remains critical…. First seen on hackread.com Jump to article: hackread.com/legitimate-bot-traffic-security-blind-spot/
-
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.”This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by…
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
Automated data poisoning proposed as a solution for AI theft threat
Tags: ai, breach, business, cyber, data, encryption, framework, intelligence, LLM, malicious, microsoft, resilience, risk, risk-management, technology, theft, threatKnowledge graphs 101: A bit of background about knowledge graphs: LLMs use a technique called Retrieval-Augmented Generation (RAG) to search for information based on a user query and provide the results as additional reference for the AI system’s answer generation. In 2024, Microsoft introduced GraphRAG to help LLMs answer queries needing information beyond the data on…
-
NDSS 2025 HADES Attack: Understanding And Evaluating Manipulation Risks Of Email Blocklists
Tags: attack, conference, dns, email, exploit, infrastructure, Internet, malicious, mitigation, network, risk, service, spam, technologySession 8A: Email Security Authors, Creators & Presenters: Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)…