Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…

HackRead
Open in Source
#vulnerability#web#mac#windows#cisco#nodejs#git#wordpress#backdoor#pdf#aws#ssh#zero_day#chrome
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

New DCOM Attack Exploits Windows Installer for Backdoor Access

SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…

Governments, Telcos Ward Off China's Hacking Typhoons

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.