Tag: malicious
-
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
by
in SecurityNewsCybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a First seen on…
-
Fast Flux Alert: National Security Agencies Warn of Evasive Tactic
by
in SecurityNewsA newly released joint cybersecurity advisory from multiple national security agencies is raising alarms about a sophisticated technique that’s allowing malicious cyber actors to slip past network defenses: Fast Flux. The advisory, issued by agencies including the NSA, CISA, FBI, ASD’s ACSC, CCCS, and NCSC-NZ, warns organizations, ISPs, and cybersecurity providers about the significant threat…
-
Cyber agencies urge organizations to collaborate to stop fast flux DNS attacks
by
in SecurityNewsHow to mitigate DNS attacks: Fast flux is one of many types of DNS attack. But there are tactics organizations can use to mitigate them.In the case of fast flux, the report recommends that:defenders should use cybersecurity and PDNS services that detect and block fast flux. “By leveraging providers that detect fast flux and implement…
-
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
by
in SecurityNewsA concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to, a prominent developer community, and lured victims with promises of lucrative job offers. Instead of attaching malware directly to emails, they provided a BitBucket link…
-
Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks
by
in SecurityNewsAs the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft has identified these campaigns as employing advanced redirection techniques such as URL shorteners and QR codes embedded in malicious attachments to evade detection. By abusing legitimate services…
-
Beware of Clickfix: ‘Fix Now’ and ‘Bot Verification’ Lures Deliver and Execute Malware
A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like >>Fix Now>Bot Verification,
-
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script
by
in SecurityNewsCybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging PyPI as a distribution platform to reach a broad audience of fraudsters. The package specifically…
-
CISA, FBI warn of fast flux technique used to hide malicious servers
by
in SecurityNewsCriminal and state-linked hackers use fast-changing DNS records to make it harder for defenders to detect or disrupt malicious activity. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-fbi-fast-flux-hide-malicious-servers/744486/
-
Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers
by
in SecurityNews
Tags: advisory, control, cyber, cybersecurity, detection, exploit, hacker, infrastructure, malicious, threatCybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by >>fast flux,
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
by
in SecurityNewsNo known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses
by
in SecurityNewsA joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyber-agencies-warn-of-fast-flux/
-
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations
by
in SecurityNewsUS and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/us-allies-warn-of-threat-actors-using-fast-flux-to-hide-server-locations/
-
Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats
by
in SecurityNewsMalicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for 22% of all malicious email attachments, according to a recent report by Check Point Research. With over 87% of organizations relying on PDFs for business communication, the ubiquitous file format has become a prime target for cybercriminals, who exploit its…
-
Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code
by
in SecurityNewsA critical security flaw has been discovered inHalo ITSM, an IT support management software widely deployed across cloud and on-premise environments. The vulnerability, which allows attackers to inject malicious SQL code, poses a significant threat to organizations relying on the software to manage IT support tickets containing sensitive data such as credentials and internal documentation.…
-
Texas city warns thousands of utility payment site breach
by
in SecurityNewsAt least 12,000 people in Texas had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the City of Lubbock. First seen on therecord.media Jump to article: therecord.media/texas-city-warns-thousands-of-utility-site-breach
-
One mighty fine-looking report
by
in SecurityNewsHazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/one-mighty-fine-looking-report/
-
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
by
in SecurityNewsMicrosoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.”These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with…
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
by
in SecurityNewsA newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
AI-Powered Gray Bots Target Web Applications with Over 17,000 Requests Per Hour
by
in SecurityNewsWeb applications are facing a growing challenge from >>gray bots,
-
Hackers Actively Scanning for Juniper Smart Routers Using Default Passwords
by
in SecurityNewsRecent cybersecurity findings reveal an alarming increase in malicious activity targeting Juniper’s Session Smart Networking Platform (SSR). According to SANS tech reports, Attackers are focusing their efforts on exploiting devices using the default credentials, >>t128>128tRoutes
-
Beware fake AutoCAD, SketchUp sites dropping malware
by
in SecurityNewsMalware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/fake-autocad-sketchup-malware/
-
Cyber Command touts AI-driven gains in cybersecurity, network monitoring
by
in SecurityNewsExecutive Director Morgan Adamski said the agency’s use of generative AI tools has reduced the timeframe for analyzing malicious traffic from days and weeks to hours and minutes. First seen on cyberscoop.com Jump to article: cyberscoop.com/cyber-command-ai-gains-cybersecurity-network-monitoring/
-
Redefining Insider Risk in a Perimeterless World
by
in SecurityNewsOFX CISO Santanu Lodh on the Changing Nature of Insider Threats. The profile of insider risk has changed over a period of time, said Santanu Lodh, CISO at OFX. It is no longer confined to malicious intent. He explains how shifting workforce models, third-party engagement and evolving technology demand continuous monitoring and rethinking of security…
-
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
by
in SecurityNewsA recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate business tools, including UltraViewer, AutoCAD, and SketchUp. Malicious Infrastructure and Infection Chain The TookPS malware…