Skip to main content

Tag: backdoor

41 articles

Researcher in a lab setting with equipment and a laptop displaying a blurred screen near a bright window.

AI Models Vulnerable to Poisoning for Under $100

A cybersecurity expert recently discovered that AI models can be easily manipulated to behave maliciously, with a backdoor installable in just an hour for under $100. This startling vulnerability was uncovered through a simple fine-tuning test that quickly escalated into a full-blown security threat.

Analyst 207
Cluttered workspace with laptop and technical instruments in a modern research facility.

Microsoft Exposes GigaWiper Malware's Dual Espionage, Destructive Capabilities

Microsoft researchers have uncovered a highly sophisticated malware, GigaWiper, that masterfully combines espionage and destructive capabilities, allowing threat actors to operate efficiently and wreak havoc on infected systems. This multi-purpose backdoor enables attackers to quietly gather intel while packing a punch with its suite of destructive options.

Analyst 207
Coding workstation with laptop, notes, and coffee cups in a blurred office space.

Anthropic's Claude Code Exposes Security Risk, China Alleges

A Chinese cybersecurity group has raised a red flag about a potential backdoor security risk in Anthropic's Claude Code, warning that certain versions can secretly send sensitive user data to remote servers without consent. This alarming claim puts users' identity and location information at risk.

Analyst 207
Developer workstation with laptop, smartphone, and notebook, conveying urgency and caution in a clean office environment.

China Warns of Claude Code Backdoor Risks, Urges Developers to Uninstall

China's National Vulnerability Database has issued a high-priority alert, warning developers to immediately uninstall certain versions of Claude Code due to a potential backdoor risk that could compromise sensitive data. Upgrade to the latest secure version to safeguard your information.

Analyst 207
Python developer workstation with laptop, terminal, and programming notes, hint of Telegram logo in background.

Malicious PyPI Packages Expose Telegram Bot Servers to Hacker Control

Hackers have launched a sneaky attack, hiding malicious code in fake Python packages on PyPI, which can take control of Telegram bot servers and give attackers access to sensitive info like chats, contacts, and environment variables. This backdoor can be activated with a simple command, allowing attackers to execute any Python code on the victim's machine.

Analyst 207
Government ministry building lobby with laptop screen in foreground.

Chinese APT Deploys TinyRCT Backdoor in Southeast Asia Cyberattacks

A Chinese advanced persistent threat actor, CL-STA-1062, has launched a series of cyberattacks in Southeast Asia, targeting government entities and state-owned energy firms with a new .NET backdoor called TinyRCT. This sophisticated attack tool is part of a hybrid toolkit used by the group, which has been active since March 2022.

Analyst 207
Southeast Asian cityscape with industrial control system hinted in background.

China-Linked Hackers Deploy TinyRCT Backdoor in Southeast Asian Infrastructure Attacks

For years, a stealthy China-linked hacking group has been quietly targeting critical infrastructure in Southeast Asia, with a clear strategic interest in disrupting or monitoring key regional industries. Their sophisticated attacks have zeroed in on state-owned energy and government sectors, using a potent tool called the TinyRCT backdoor.

Analyst 207
Corporate office building with subtle network infrastructure hint.

Mistic Backdoor Exposes Link to Corporate Network Access Broker

Meet Mistic, a sneaky new backdoor that allows attackers to secretly access and control corporate networks for months on end, all while erasing its digital tracks. This stealthy threat can execute remote payloads in memory, upload and download files, and even self-destruct to avoid detection.

Analyst 207
Blurred computer workstation in foreground, network equipment rack in background.

Mistic Backdoor Enables Long-Term Access in Ransomware Attacks

Cyber attackers have deployed a sneaky backdoor called Mistic, allowing them to maintain long-term access to infected systems during ransomware attacks, all while staying remarkably under the radar. This stealthy threat uses clever tactics like running payloads in memory and mimicking legitimate Microsoft security tools to evade detection.

Analyst 207
WordPress admin dashboard on laptop with plugin installation page, surrounded by cluttered workspace and office background.

WordPress Plugins Backdoored in ShapedPlugin Supply Chain Attack

A recent supply chain attack on ShapedPlugin compromised the updates for several WordPress plugins, including Product Slider Pro for WooCommerce, injecting backdoor code that could give attackers full control of affected sites. This severe vulnerability, rated 10.0 on the CVSS scale, highlights the importance of staying vigilant about plugin updates and security.

Analyst 207
Busy office in Vietnam with cityscape view and people working at desks.

OceanLotus Targets Vietnam Investors with SPECTRALVIPER Backdoor

The notorious 15-year-old APT group, OceanLotus, is now setting its sights on Vietnam's investors with a cunning new backdoor attack called SPECTRALVIPER, showcasing their relentless adaptability and aggressive tactics. This latest move has left experts wondering if it's a temporary shift or a long-term strategy.

Analyst 207
Cluttered home office desk with Mac computer and blurred screen, suburban neighborhood visible through window.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users

macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Analyst 207
Rows of rack-mounted computer equipment and cables in a neutral-colored server room.

Turla Upgrades Kazuar Backdoor to Modular P2P Botnet

Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

Analyst 207
Laptop workstation with PyTorch Lightning package terminal open, displaying code on a neutral background.

Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials

A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.

Analyst 207
Network equipment and security appliances in a brightly lit industrial control room.

CISA Exposes Persistent FIRESTARTER Backdoor in Cisco Devices

CISA and NCSC have uncovered a sneaky FIRESTARTER backdoor lurking in Cisco devices, allowing hackers to regain control even after patches are applied. This persistent threat can leave devices vulnerable to re-entry, putting your entire network at risk.

Analyst 207
Laptop screen displays code with cityscape visible through window in background.

Mustang Panda Expands LOTUSLITE Malware to Target India, Korea

Meet the evolved LOTUSLITE backdoor, now wielding dynamic DNS-based command-and-control over HTTPS, enabling its operators to remotely access and manipulate targeted systems for espionage purposes. This sophisticated malware supports remote shell access, file operations, and session management, a potent toolkit for data collection and access persistence.

Analyst 207
Laptop on cluttered desk displays ominous warning icon on dashboard amidst eerie blue glow, with locked door and small gap…

Compromised Plugin Update Injects Backdoor into WordPress Sites

A widely used WordPress plugin, Smart Slider 3 Pro, was compromised when hackers hijacked its update system to push a poisoned version containing a backdoor, putting over 800,000 active installations at risk. This alarming breach raises critical questions about trust and security in the mechanisms we rely on to protect our online presence.

Analyst 207
RoadK1ll WebSocket Implant Poses Critical Threat to Breached Networks

RoadK1ll WebSocket Implant Poses Critical Threat to Breached Networks

A new WebSocket implant called RoadK1ll is putting breached networks at risk by allowing attackers to quietly move from a compromised host to other systems, creating a stealthy backdoor for further exploitation. This emerging threat is the latest reminder that cybersecurity vulnerabilities are constantly evolving, demanding vigilant attention from experts and organizations alike.

Analyst 207
Trojanized ESET Installers Expose Stunning Harmful Backdoor

Trojanized ESET Installers Expose Stunning Harmful Backdoor

Think twice before hitting Install — a May 2025 campaign used trojanized ESET installers, convincing fake vendor pages, and targeted spear‑phishing to slip a stealthy backdoor into Ukrainian victims. This attack is a stark reminder that even trusted updates and familiar brands can be weaponized for espionage.

Analyst 207
HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy exposes a dangerous VPN invoice backdoor in Korea. Find out how attackers are slipping into billing systems and what you can do to stay protected.

Analyst 207
CAPI Backdoor Exclusive Risky Threat to Russian Firms

CAPI Backdoor Exclusive Risky Threat to Russian Firms

Think that invoice is harmless? Seqrite Labs found phishing ZIPs delivering a new .NET CAPI Backdoor that uses Windows crypto to hide C2 activity and is targeting Russian automotive and e‑commerce firms—so double‑check attachments and tighten defenses.

Analyst 207
ArcGIS Server Stunning Risk: Backdoor Exposed

ArcGIS Server Stunning Risk: Backdoor Exposed

Think your network’s safe? Researchers say a China-linked group quietly turned an ArcGIS Server into a persistent backdoor for over a year, using it to move laterally and stash tools while going largely unnoticed. It’s a wake-up call to inventory exposed services, patch urgently, and add monitoring so hidden footholds don’t become strategic liabilities.

Analyst 207
BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM is a stealthy backdoor tied to a Chinese‑aligned group that quietly harvests telemetry to help build and refine zero‑day exploits—what looks like a low‑impact intrusion today could be tomorrow’s weapon. Security teams should hunt, patch, and harden now before collected data is turned into lasting capability.

Analyst 207
SnakeDisk worm: Stunning Risky Thai-Targeted Threat

SnakeDisk worm: Stunning Risky Thai-Targeted Threat

A China-aligned group called Mustang Panda has paired an updated TONESHELL backdoor with a USB worm named SnakeDisk that only activates for Thailand-based devices to drop a persistent Yokai backdoor — a surgical, geographically targeted campaign that ups the stakes for anyone who plugs in removable media. Stay cautious with USB drives and tighten removable-media policies: this is a reminder that one careless plug can invite long-term access.

Analyst 207