Category: Attack Feeds

0

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials  – The Hacker News

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. “This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP  – Read More  – The Hacker News 

0

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers  – The Hacker News

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that’s capable of stealing sensitive payment information from online shopping sites. The attacks are known...

0

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics  – The Hacker News

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. “Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on X. “These enhanced features...

0

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations  – The Hacker News

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains  –...

0

CISO’s Expert Guide To CTEM And Why It Matters  – The Hacker News

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the face of evolving attacks. It...

0

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations  – The Hacker News

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. “The malware is compiled in Golang and once executed it acts like a backdoor,” security researcher Leandro Fróes said in an analysis  –...

0

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More  – The Hacker News

Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack ...

0

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls  – The Hacker News

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt  – Read...

0

Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts  – CyberScoop

Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating in the telecom, health, higher...

0

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution  – The Hacker News

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. “If executed at scale, this attack could be used to gain access to thousands of accounts,” Datadog Security Labs researcher Seth Art...

0

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks  – The Hacker News

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a profile named ”  –...

0

RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally  – The Hacker News

The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy. “RansomHub has targeted over 600 organizations globally, spanning sectors  – Read More  – The Hacker News 

0

Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts  – The Hacker News

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas  – Read More  – The...

0

AI-Powered Social Engineering: Ancillary Tools and Techniques  – The Hacker News

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration. And examines what  – Read...

0

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks  – The Hacker News

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. “An  – Read More  –...

0

In Paris, U.S. signals shift from AI safety to deregulation  – CyberScoop

 As technology and policy representatives around the world convened in Paris, France this week to find balance between safety and innovation in AI, Vice President JD Vance was blunt about how the Trump administration is planning to position itself.  “I’m not here to talk about AI safety, which was the title of this conference a few years ago,” Vance said...

0

Nearly a Year Later, Mozilla is Still Promoting OneRep  – Krebs on Security

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it to Firefox users. Mozilla offers...

0

Salt Typhoon remains active, hits more telecom networks via Cisco routers  – CyberScoop

Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating with Salt Typhoon infrastructure on...

0

CyberArk acquires Zilla Security in $175 million deal   – CyberScoop

Identity security giant CyberArk has acquired Boston-based Zilla Security, a cloud-native identity governance and administration startup, in a deal worth up to $175 million. The acquisition, announced Thursday, includes $165 million in cash and a $10 million earn-out contingent on performance milestones. Zilla’s co-founders, CEO Deepak Taneja and Nitin Sonawane, along with their team, will join CyberArk. Zilla’s flagship products...

0

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners  – The Hacker News

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. “The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to ...

0

North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks  – The Hacker News

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet  –...

0

Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams  – The Hacker News

Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, “Opening the Fast Lane for Secure Deployments.” This isn’t another tech talk full of buzzwords—it’s a...

0

AI and Security – A New Puzzle to Figure Out  – The Hacker News

AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security  – Read More  – The Hacker...

0

Hackers Exploited PAN-OS Flaw to Deploy Chinese Malware in Ransomware Attack  – The Hacker News

An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. “During the attack in late 2024, the attacker deployed a distinct toolset...

0

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software  – The Hacker News

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. “An authentication bypass in the Palo Alto Networks...

0

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux  – The Hacker News

Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity...

0

Russian state threat group shifts focus to US, UK targets  – CyberScoop

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state threat group — commonly known...

0

Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries  – The Hacker News

A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. “This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations,” the  – Read More  – The Hacker News 

0

Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability  – The Hacker News

Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container’s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions – NVIDIA Container Toolkit (All  – Read More ...

0

How to Steer AI Adoption: A CISO Guide  – The Hacker News

CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings.  We’ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing...

0

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack  – The Hacker News

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. “To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target...

0

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation  – The Hacker News

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in...