This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:48:34+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)]]> 2025-02-20T16:42:00+00:00 https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html www.secnews.physaphae.fr/article.php?IdArticle=8649215 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,]]> 2025-02-19T18:15:00+00:00 https://thehackernews.com/2025/02/new-snake-keylogger-variant-leverages.html www.secnews.physaphae.fr/article.php?IdArticle=8648992 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake]]> 2025-02-18T18:30:00+00:00 https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8648864 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a]]> 2025-02-18T16:30:00+00:00 https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8648843 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to]]> 2025-02-18T10:56:00+00:00 https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648815 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to]]> 2025-02-17T22:00:00+00:00 https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8648781 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis]]> 2025-02-17T14:34:00+00:00 https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html www.secnews.physaphae.fr/article.php?IdArticle=8648691 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "]]> 2025-02-14T23:58:00+00:00 https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html www.secnews.physaphae.fr/article.php?IdArticle=8648530 False Malware,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,]]> 2025-02-13T14:41:00+00:00 https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8648331 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for]]> 2025-02-11T20:43:00+00:00 https://thehackernews.com/2025/02/google-confirms-android-safetycore.html www.secnews.physaphae.fr/article.php?IdArticle=8648069 False Spam,Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent]]> 2025-02-10T20:46:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html www.secnews.physaphae.fr/article.php?IdArticle=8647894 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and]]> 2025-02-10T15:14:00+00:00 https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8647834 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles]]> 2025-02-06T20:04:00+00:00 https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html www.secnews.physaphae.fr/article.php?IdArticle=8647236 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple\'s and Google\'s respective app stores to steal victims\' mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,]]> 2025-02-06T17:02:00+00:00 https://thehackernews.com/2025/02/sparkcat-malware-uses-ocr-to-extract.html www.secnews.physaphae.fr/article.php?IdArticle=8647205 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that\'s disguised as a Microsoft Office or PDF document.]]> 2025-02-06T16:35:00+00:00 https://thehackernews.com/2025/02/north-korean-apt-kimsuky-uses-lnk-files.html www.secnews.physaphae.fr/article.php?IdArticle=8647207 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of]]> 2025-02-05T20:25:00+00:00 https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8647065 False Malware APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems]]> 2025-02-05T15:10:00+00:00 https://thehackernews.com/2025/02/asyncrat-campaign-uses-python-payloads.html www.secnews.physaphae.fr/article.php?IdArticle=8646996 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was]]> 2025-02-04T17:58:00+00:00 https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html www.secnews.physaphae.fr/article.php?IdArticle=8646815 False Malware,Tool,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or]]> 2025-02-04T17:41:00+00:00 https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html www.secnews.physaphae.fr/article.php?IdArticle=8646816 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The]]> 2025-02-03T17:09:00+00:00 https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html www.secnews.physaphae.fr/article.php?IdArticle=8646480 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a]]> 2025-02-03T11:00:00+00:00 https://thehackernews.com/2025/02/crazy-evil-gang-targets-crypto-with.html www.secnews.physaphae.fr/article.php?IdArticle=8646348 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063\'s operations, particularly documenting their expansion beyond their initial focus on Central Asia,]]> 2025-01-29T11:22:00+00:00 https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html www.secnews.physaphae.fr/article.php?IdArticle=8644142 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"]]> 2025-01-27T12:46:00+00:00 https://thehackernews.com/2025/01/mintsloader-delivers-stealc-malware-and.html www.secnews.physaphae.fr/article.php?IdArticle=8643202 False Spam,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at]]> 2025-01-23T20:30:00+00:00 https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html www.secnews.physaphae.fr/article.php?IdArticle=8641632 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed]]> 2025-01-23T20:25:00+00:00 https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html www.secnews.physaphae.fr/article.php?IdArticle=8641678 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are]]> 2025-01-23T19:30:00+00:00 https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html www.secnews.physaphae.fr/article.php?IdArticle=8641605 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart\'s Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were \'DarkVNC\' alongside the IcedID]]> 2025-01-23T15:13:00+00:00 https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html www.secnews.physaphae.fr/article.php?IdArticle=8641507 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This]]> 2025-01-21T18:16:00+00:00 https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html www.secnews.physaphae.fr/article.php?IdArticle=8640630 False Spam,Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing]]> 2025-01-21T11:15:00+00:00 https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html www.secnews.physaphae.fr/article.php?IdArticle=8640485 False Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the]]> 2025-01-20T20:23:00+00:00 https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html www.secnews.physaphae.fr/article.php?IdArticle=8640190 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can\'t be fought with]]> 2025-01-20T17:32:00+00:00 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_20.html www.secnews.physaphae.fr/article.php?IdArticle=8640121 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report]]> 2025-01-16T16:45:00+00:00 https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html www.secnews.physaphae.fr/article.php?IdArticle=8638261 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named]]> 2025-01-16T12:15:00+00:00 https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html www.secnews.physaphae.fr/article.php?IdArticle=8638133 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat]]> 2025-01-15T21:07:00+00:00 https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html www.secnews.physaphae.fr/article.php?IdArticle=8637830 False Malware,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People\'s Republic of China (PRC]]> 2025-01-15T11:44:00+00:00 https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html www.secnews.physaphae.fr/article.php?IdArticle=8637567 False Malware,Threat,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin\'s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia\'s General Staff Main]]> 2025-01-14T14:40:00+00:00 https://thehackernews.com/2025/01/russian-linked-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8637076 False Malware,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment]]> 2025-01-13T12:10:00+00:00 https://thehackernews.com/2025/01/wordpress-skimmers-evade-detection-by.html www.secnews.physaphae.fr/article.php?IdArticle=8636594 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an]]> 2025-01-10T15:01:00+00:00 https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8635589 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple\'s XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to]]> 2025-01-09T19:10:00+00:00 https://thehackernews.com/2025/01/new-banshee-stealer-variant-bypasses.html www.secnews.physaphae.fr/article.php?IdArticle=8635304 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware isn\'t slowing down-it\'s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join]]> 2025-01-09T16:14:00+00:00 https://thehackernews.com/2025/01/webinar-learn-how-to-stop-encrypted.html www.secnews.physaphae.fr/article.php?IdArticle=8635257 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs]]> 2025-01-08T19:07:00+00:00 https://thehackernews.com/2025/01/researchers-expose-noneuclid-rat-using.html www.secnews.physaphae.fr/article.php?IdArticle=8634905 False Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter]]> 2025-01-08T16:32:00+00:00 https://thehackernews.com/2025/01/top-5-malware-threats-to-prepare.html www.secnews.physaphae.fr/article.php?IdArticle=8634865 False Malware,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard]]> 2025-01-07T19:52:00+00:00 https://thehackernews.com/2025/01/researchers-uncover-major-security-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8634538 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. "The key]]> 2025-01-07T15:16:00+00:00 https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html www.secnews.physaphae.fr/article.php?IdArticle=8634448 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake \'Telegram Premium\' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation,"]]> 2025-01-06T16:40:00+00:00 https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html www.secnews.physaphae.fr/article.php?IdArticle=8634095 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google\'s Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source]]> 2025-01-04T13:22:00+00:00 https://thehackernews.com/2025/01/playfulghost-delivered-via-phishing-and.html www.secnews.physaphae.fr/article.php?IdArticle=8633391 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered three security weaknesses in Microsoft\'s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators]]> 2024-12-31T10:05:00+00:00 https://thehackernews.com/2024/12/misconfigured-kubernetes-rbac-in-azure.html www.secnews.physaphae.fr/article.php?IdArticle=8631917 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into]]> 2024-12-27T23:12:00+00:00 https://thehackernews.com/2024/12/north-korean-hackers-deploy-ottercookie.html www.secnews.physaphae.fr/article.php?IdArticle=8630680 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg]]> 2024-12-27T16:40:00+00:00 https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8630564 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first]]> 2024-12-25T15:54:00+00:00 https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html www.secnews.physaphae.fr/article.php?IdArticle=8629826 False Malware APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that it\'s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers]]> 2024-12-23T19:18:00+00:00 https://thehackernews.com/2024/12/ai-could-generate-10000-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8629128 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are]]> 2024-12-20T16:14:00+00:00 https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html www.secnews.physaphae.fr/article.php?IdArticle=8627927 False Malware,Threat APT 38 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest]]> 2024-12-20T14:09:00+00:00 https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html www.secnews.physaphae.fr/article.php?IdArticle=8627889 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it\'s issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai]]> 2024-12-19T19:07:00+00:00 https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8627521 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the]]> 2024-12-19T14:10:00+00:00 https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html www.secnews.physaphae.fr/article.php?IdArticle=8627441 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a]]> 2024-12-17T22:05:00+00:00 https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html www.secnews.physaphae.fr/article.php?IdArticle=8626672 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint]]> 2024-12-17T16:37:00+00:00 https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8626531 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ]]> 2024-12-17T14:33:00+00:00 https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8626508 False Malware,Tool,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets]]> 2024-12-17T12:25:00+00:00 https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html www.secnews.physaphae.fr/article.php?IdArticle=8626454 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (]]> 2024-12-16T14:39:00+00:00 https://thehackernews.com/2024/12/new-glutton-malware-exploits-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8625988 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Germany\'s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains]]> 2024-12-14T17:03:00+00:00 https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html www.secnews.physaphae.fr/article.php?IdArticle=8625068 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable]]> 2024-12-13T17:14:00+00:00 https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8624551 False Malware,Threat,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both]]> 2024-12-12T19:05:00+00:00 https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8624074 False Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically]]> 2024-12-11T23:32:00+00:00 https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8623598 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "]]> 2024-12-11T20:43:00+00:00 https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8623520 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell]]> 2024-12-11T19:37:00+00:00 https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html www.secnews.physaphae.fr/article.php?IdArticle=8623490 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as]]> 2024-12-11T16:32:00+00:00 https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html www.secnews.physaphae.fr/article.php?IdArticle=8623430 False Malware,Tool,Legislation,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attackers never stop inventing new ways to compromise their targets. That\'s why organizations must stay updated on the latest threats.  Here\'s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems  The analyst]]> 2024-12-10T15:31:00+00:00 https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=8622795 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) This week\'s cyber world is like a big spy movie. Hackers are breaking into other hackers\' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to]]> 2024-12-09T18:41:00+00:00 https://thehackernews.com/2024/12/thn-recap-top-cybersecurity-threats_9.html www.secnews.physaphae.fr/article.php?IdArticle=8622270 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis]]> 2024-12-09T16:14:00+00:00 https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html www.secnews.physaphae.fr/article.php?IdArticle=8622212 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company]]> 2024-12-07T13:48:00+00:00 https://thehackernews.com/2024/12/hackers-using-fake-video-conferencing.html www.secnews.physaphae.fr/article.php?IdArticle=8621106 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on]]> 2024-12-06T13:52:00+00:00 https://thehackernews.com/2024/12/moreeggs-maas-expands-operations-with.html www.secnews.physaphae.fr/article.php?IdArticle=8620521 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis.]]> 2024-12-06T12:33:00+00:00 https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html www.secnews.physaphae.fr/article.php?IdArticle=8620499 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer]]> 2024-12-03T10:53:00+00:00 https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8618892 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While]]> 2024-12-02T19:31:00+00:00 https://thehackernews.com/2024/12/smokeloader-malware-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8618697 False Malware,Medical None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which]]> 2024-12-02T15:16:00+00:00 https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.html www.secnews.physaphae.fr/article.php?IdArticle=8618634 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique]]> 2024-11-28T14:59:00+00:00 https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html www.secnews.physaphae.fr/article.php?IdArticle=8618136 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a]]> 2024-11-27T10:51:00+00:00 https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html www.secnews.physaphae.fr/article.php?IdArticle=8617968 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed]]> 2024-11-26T15:49:00+00:00 https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8617861 False Malware,Hack,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that \'This is out of scope\' said no hacker ever. Whether it\'s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their]]> 2024-11-25T17:00:00+00:00 https://thehackernews.com/2024/11/flying-under-radar-security-evasion.html www.secnews.physaphae.fr/article.php?IdArticle=8617551 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix]]> 2024-11-25T14:46:00+00:00 https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html www.secnews.physaphae.fr/article.php?IdArticle=8617467 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both]]> 2024-11-23T17:23:00+00:00 https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8616542 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as]]> 2024-11-22T22:29:00+00:00 https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html www.secnews.physaphae.fr/article.php?IdArticle=8616130 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The]]> 2024-11-22T17:36:00+00:00 https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html www.secnews.physaphae.fr/article.php?IdArticle=8615986 False Malware,Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher]]> 2024-11-21T12:04:00+00:00 https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html www.secnews.physaphae.fr/article.php?IdArticle=8615222 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at]]> 2024-11-19T19:31:00+00:00 https://thehackernews.com/2024/11/ngioweb-botnet-fuels-nsocks-residential.html www.secnews.physaphae.fr/article.php?IdArticle=8614128 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security]]> 2024-11-18T22:18:00+00:00 https://thehackernews.com/2024/11/new-stealthy-babbleloader-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8613612 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,]]> 2024-11-16T11:55:00+00:00 https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8612180 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims\' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software,"]]> 2024-11-15T16:42:00+00:00 https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html www.secnews.physaphae.fr/article.php?IdArticle=8611674 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the]]> 2024-11-15T13:41:00+00:00 https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8611840 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including]]> 2024-11-14T15:21:00+00:00 https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8610957 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this]]> 2024-11-14T11:13:00+00:00 https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8610870 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group\'s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said]]> 2024-11-13T12:44:00+00:00 https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html www.secnews.physaphae.fr/article.php?IdArticle=8610277 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built]]> 2024-11-12T18:30:00+00:00 https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html www.secnews.physaphae.fr/article.php?IdArticle=8609811 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend]]> 2024-11-12T11:30:00+00:00 https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html www.secnews.physaphae.fr/article.php?IdArticle=8609672 False Ransomware,Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: \'Are Bengal Cats legal in Australia?,\'" Sophos researchers Trang Tang, Hikaru Koike,]]> 2024-11-11T17:25:00+00:00 https://thehackernews.com/2024/11/new-gootloader-campaign-targets-users.html www.secnews.physaphae.fr/article.php?IdArticle=8609673 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have]]> 2024-11-11T11:43:00+00:00 https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html www.secnews.physaphae.fr/article.php?IdArticle=8609206 False Malware,Threat,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a]]> 2024-11-08T19:32:00+00:00 https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html www.secnews.physaphae.fr/article.php?IdArticle=8608143 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point]]> 2024-11-08T17:53:00+00:00 https://thehackernews.com/2024/11/icepeony-and-transparent-tribe-target.html www.secnews.physaphae.fr/article.php?IdArticle=8608093 False Malware,Tool,Threat APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available]]> 2024-11-08T17:23:00+00:00 https://thehackernews.com/2024/11/malicious-npm-packages-target-roblox.html www.secnews.physaphae.fr/article.php?IdArticle=8608094 False Malware,Threat None 3.0000000000000000