This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:34:32+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in]]> 2025-05-09T21:55:00+00:00 https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html www.secnews.physaphae.fr/article.php?IdArticle=8673789 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl]]> 2025-05-08T19:17:00+00:00 https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html www.secnews.physaphae.fr/article.php?IdArticle=8673237 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from]]> 2025-05-08T16:02:00+00:00 https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8673189 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat]]> 2025-05-08T12:27:00+00:00 https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8673091 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.]]> 2025-05-07T13:07:00+00:00 https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8672656 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) What if attackers aren\'t breaking in-they\'re already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn\'t just the breach-it\'s not knowing who\'s still lurking in your]]> 2025-05-05T16:59:00+00:00 https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8671823 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast]]> 2025-05-05T11:09:00+00:00 https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html www.secnews.physaphae.fr/article.php?IdArticle=8671701 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system\'s primary disk and render it unbootable. The names of the packages are listed below - github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate,]]> 2025-05-03T20:01:00+00:00 https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html www.secnews.physaphae.fr/article.php?IdArticle=8671070 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future]]> 2025-05-03T15:03:00+00:00 https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html www.secnews.physaphae.fr/article.php?IdArticle=8670979 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future\'s Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain]]> 2025-05-02T14:27:00+00:00 https://thehackernews.com/2025/05/mintsloader-drops-ghostweaver-via.html www.secnews.physaphae.fr/article.php?IdArticle=8670507 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. "Pinging functionality that can report back to a command-and-control (C&C) server]]> 2025-05-01T21:17:00+00:00 https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8670150 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian companies have been targeted as part of a large-scale phishing campaign that\'s designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a]]> 2025-05-01T14:57:00+00:00 https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html www.secnews.physaphae.fr/article.php?IdArticle=8670110 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022. RomCom "employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure – leveraging]]> 2025-04-30T15:50:00+00:00 https://thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8669983 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that\'s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur]]> 2025-04-29T11:13:00+00:00 https://thehackernews.com/2025/04/malware-attack-targets-world-uyghur.html www.secnews.physaphae.fr/article.php?IdArticle=8669338 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the]]> 2025-04-28T14:37:00+00:00 https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668906 False Malware,Tool,Threat,Prediction,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be]]> 2025-04-26T16:08:00+00:00 https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html www.secnews.physaphae.fr/article.php?IdArticle=8668080 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry-BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)-to spread]]> 2025-04-25T19:35:00+00:00 https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667699 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a new malware called DslogdRAT that\'s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma]]> 2025-04-25T14:13:00+00:00 https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8667586 False Malware,Vulnerability,Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea\'s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in]]> 2025-04-24T19:41:00+00:00 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667217 False Malware,Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex]]> 2025-04-23T18:38:00+00:00 https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html www.secnews.physaphae.fr/article.php?IdArticle=8666669 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed a malware campaign that\'s targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain]]> 2025-04-22T22:16:00+00:00 https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html www.secnews.physaphae.fr/article.php?IdArticle=8666262 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware\'s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.]]> 2025-04-22T16:30:00+00:00 https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html www.secnews.physaphae.fr/article.php?IdArticle=8666111 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report]]> 2025-04-22T09:59:00+00:00 https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html www.secnews.physaphae.fr/article.php?IdArticle=8665974 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to]]> 2025-04-21T20:43:00+00:00 https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html www.secnews.physaphae.fr/article.php?IdArticle=8665729 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.  "Net]]> 2025-04-21T12:31:00+00:00 https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html www.secnews.physaphae.fr/article.php?IdArticle=8665562 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that\'s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool]]> 2025-04-20T10:28:00+00:00 https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8665148 False Malware,Tool,Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The]]> 2025-04-18T17:33:00+00:00 https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html www.secnews.physaphae.fr/article.php?IdArticle=8664477 False Malware,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis. ]]> 2025-04-18T12:40:00+00:00 https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8664372 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement]]> 2025-04-17T20:52:00+00:00 https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html www.secnews.physaphae.fr/article.php?IdArticle=8664108 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater,]]> 2025-04-17T17:02:00+00:00 https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html www.secnews.physaphae.fr/article.php?IdArticle=8664038 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or]]> 2025-04-17T14:27:00+00:00 https://thehackernews.com/2025/04/nodejs-malware-campaign-targets-crypto.html www.secnews.physaphae.fr/article.php?IdArticle=8663974 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of]]> 2025-04-15T19:36:00+00:00 https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html www.secnews.physaphae.fr/article.php?IdArticle=8663120 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,]]> 2025-04-15T14:40:00+00:00 https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html www.secnews.physaphae.fr/article.php?IdArticle=8663026 False Malware,Hack,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers aren\'t waiting for patches anymore - they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week\'s events show a hard truth: it\'s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world]]> 2025-04-14T16:49:00+00:00 https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8662677 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew\'s]]> 2025-04-14T12:25:00+00:00 https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8662587 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a]]> 2025-04-11T13:43:00+00:00 https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8661663 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on]]> 2025-04-10T16:23:00+00:00 https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html www.secnews.physaphae.fr/article.php?IdArticle=8661366 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as \'Superstar,\' faced consequences such as arrests, house searches, arrest warrants or \'knock and talks,\'" Europol said in a]]> 2025-04-10T15:25:00+00:00 https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html www.secnews.physaphae.fr/article.php?IdArticle=8661350 False Malware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an]]> 2025-04-09T17:08:00+00:00 https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html www.secnews.physaphae.fr/article.php?IdArticle=8661117 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a]]> 2025-04-08T21:37:00+00:00 https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html www.secnews.physaphae.fr/article.php?IdArticle=8660987 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine\'s eastern border, the agency said. The attacks involve distributing phishing emails]]> 2025-04-08T15:42:00+00:00 https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8660924 False Malware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. "\'Fast flux\' is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS)]]> 2025-04-07T19:10:00+00:00 https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html www.secnews.physaphae.fr/article.php?IdArticle=8660753 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps - but in job offers, hardware, and cloud services we rely on every day. Hackers don\'t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough. This week,]]> 2025-04-07T16:55:00+00:00 https://thehackernews.com/2025/04/weekly-recap-vpn-exploits-oracles.html www.secnews.physaphae.fr/article.php?IdArticle=8660729 False Malware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation]]> 2025-04-05T19:53:00+00:00 https://thehackernews.com/2025/04/north-korean-hackers-deploy-beavertail.html www.secnews.physaphae.fr/article.php?IdArticle=8660424 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect]]> 2025-04-04T11:37:00+00:00 https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8660179 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service. The threat intelligence firm said it]]> 2025-04-04T11:36:00+00:00 https://thehackernews.com/2025/04/opsec-failure-exposes-coquetttes.html www.secnews.physaphae.fr/article.php?IdArticle=8660217 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate]]> 2025-04-04T10:24:00+00:00 https://thehackernews.com/2025/04/cert-ua-reports-cyberattacks-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8660165 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The]]> 2025-04-03T23:09:00+00:00 https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html www.secnews.physaphae.fr/article.php?IdArticle=8660100 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by]]> 2025-04-03T17:52:00+00:00 https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8660049 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.  Triada is the]]> 2025-04-03T13:04:00+00:00 https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html www.secnews.physaphae.fr/article.php?IdArticle=8659988 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that\'s known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis]]> 2025-04-02T16:13:00+00:00 https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html www.secnews.physaphae.fr/article.php?IdArticle=8659812 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss]]> 2025-04-02T12:22:00+00:00 https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html www.secnews.physaphae.fr/article.php?IdArticle=8659770 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in]]> 2025-04-02T11:25:00+00:00 https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html www.secnews.physaphae.fr/article.php?IdArticle=8659756 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as]]> 2025-04-01T22:38:00+00:00 https://thehackernews.com/2025/04/over-1500-postgresql-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8659668 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every week, someone somewhere slips up-and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights-and the unexpected]]> 2025-03-31T16:55:00+00:00 https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html www.secnews.physaphae.fr/article.php?IdArticle=8659376 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that]]> 2025-03-30T10:37:00+00:00 https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8659193 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that\'s primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"]]> 2025-03-29T12:58:00+00:00 https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html www.secnews.physaphae.fr/article.php?IdArticle=8659042 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that\'s designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading]]> 2025-03-28T17:27:00+00:00 https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html www.secnews.physaphae.fr/article.php?IdArticle=8658865 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first]]> 2025-03-28T13:36:00+00:00 https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8658812 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as]]> 2025-03-27T18:01:00+00:00 https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658566 False Malware,Threat,Mobile APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim\'s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.]]> 2025-03-27T15:30:00+00:00 https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html www.secnews.physaphae.fr/article.php?IdArticle=8658526 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow]]> 2025-03-26T22:29:00+00:00 https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html www.secnews.physaphae.fr/article.php?IdArticle=8658379 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,]]> 2025-03-26T19:23:00+00:00 https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658334 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The]]> 2025-03-25T19:09:00+00:00 https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html www.secnews.physaphae.fr/article.php?IdArticle=8658107 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft\'s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET]]> 2025-03-25T14:40:00+00:00 https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html www.secnews.physaphae.fr/article.php?IdArticle=8658046 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad]]> 2025-03-24T17:05:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=8657756 False Malware,Tool,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place]]> 2025-03-21T16:31:00+00:00 https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html www.secnews.physaphae.fr/article.php?IdArticle=8657175 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What\'s intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and]]> 2025-03-20T21:09:00+00:00 https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html www.secnews.physaphae.fr/article.php?IdArticle=8656981 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The]]> 2025-03-19T16:29:00+00:00 https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8656670 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in]]> 2025-03-18T15:54:00+00:00 https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html www.secnews.physaphae.fr/article.php?IdArticle=8656437 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored]]> 2025-03-18T12:30:00+00:00 https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=8656408 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a]]> 2025-03-17T18:42:00+00:00 https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8656239 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week\'s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source]]> 2025-03-17T16:55:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8656205 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that\'s designed to monitor a victim\'s clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses]]> 2025-03-14T11:38:00+00:00 https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html www.secnews.physaphae.fr/article.php?IdArticle=8655682 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It\'s currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task]]> 2025-03-14T11:07:00+00:00 https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html www.secnews.physaphae.fr/article.php?IdArticle=8655674 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It\'s]]> 2025-03-13T20:56:00+00:00 https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8655583 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. "]]> 2025-03-13T19:53:00+00:00 https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html www.secnews.physaphae.fr/article.php?IdArticle=8655561 False Malware,Tool,Threat,Mobile APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal\'s secret weapon for]]> 2025-03-11T16:00:00+00:00 https://thehackernews.com/2025/03/steganography-explained-how-xworm-hides.html www.secnews.physaphae.fr/article.php?IdArticle=8654987 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region\'s current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.]]> 2025-03-10T18:20:00+00:00 https://thehackernews.com/2025/03/desert-dexter-targets-900-victims-using.html www.secnews.physaphae.fr/article.php?IdArticle=8654867 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware]]> 2025-03-10T09:42:00+00:00 https://thehackernews.com/2025/03/silentcryptominer-infects-2000-russian.html www.secnews.physaphae.fr/article.php?IdArticle=8654818 False Malware,Tool,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that\'s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss]]> 2025-03-07T19:45:00+00:00 https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html www.secnews.physaphae.fr/article.php?IdArticle=8654548 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization\'s reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to]]> 2025-03-05T19:38:00+00:00 https://thehackernews.com/2025/03/defending-against-usb-drive-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8653857 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the malware as loaded with a "full suite of espionage features." "It could upload files, capture screenshots]]> 2025-03-05T19:07:00+00:00 https://thehackernews.com/2025/03/dark-caracal-uses-poco-rat-to-target.html www.secnews.physaphae.fr/article.php?IdArticle=8653858 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers]]> 2025-03-05T12:37:00+00:00 https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html www.secnews.physaphae.fr/article.php?IdArticle=8653718 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known]]> 2025-03-03T19:30:00+00:00 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8653008 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a]]> 2025-03-03T10:47:00+00:00 https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html www.secnews.physaphae.fr/article.php?IdArticle=8652857 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow\'s content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. "The attacker uses SEO to trick victims into]]> 2025-02-28T19:19:00+00:00 https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html www.secnews.physaphae.fr/article.php?IdArticle=8651994 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and]]> 2025-02-28T15:06:00+00:00 https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html www.secnews.physaphae.fr/article.php?IdArticle=8651925 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country\'s National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. "The sender claimed that the malicious file attached was a list of]]> 2025-02-27T21:06:00+00:00 https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html www.secnews.physaphae.fr/article.php?IdArticle=8651662 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It\'s tracking the activity under the name Erudite Mogwai. The]]> 2025-02-27T19:20:00+00:00 https://thehackernews.com/2025/02/space-pirates-targets-russian-it-firms.html www.secnews.physaphae.fr/article.php?IdArticle=8651618 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors\' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the]]> 2025-02-27T18:34:00+00:00 https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html www.secnews.physaphae.fr/article.php?IdArticle=8651620 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and]]> 2025-02-27T14:50:00+00:00 https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html www.secnews.physaphae.fr/article.php?IdArticle=8651547 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized]]> 2025-02-26T16:34:00+00:00 https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html www.secnews.physaphae.fr/article.php?IdArticle=8651180 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,]]> 2025-02-25T21:24:00+00:00 https://thehackernews.com/2025/02/belarus-linked-ghostwriter-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8650932 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a technique]]> 2025-02-25T16:30:00+00:00 https://thehackernews.com/2025/02/5-active-malware-campaigns-in-q1-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8650818 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice\'s product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point]]> 2025-02-25T15:52:00+00:00 https://thehackernews.com/2025/02/2500-truesightsys-driver-variants.html www.secnews.physaphae.fr/article.php?IdArticle=8650819 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to an ongoing campaign that\'s targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables]]> 2025-02-25T15:43:00+00:00 https://thehackernews.com/2025/02/gitvenom-malware-steals-456k-in-bitcoin.html www.secnews.physaphae.fr/article.php?IdArticle=8650820 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday]]> 2025-02-25T11:21:00+00:00 https://thehackernews.com/2025/02/fatalrat-phishing-attacks-target-apac.html www.secnews.physaphae.fr/article.php?IdArticle=8650740 False Malware,Threat,Industrial,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop]]> 2025-02-24T22:28:00+00:00 https://thehackernews.com/2025/02/new-malware-campaign-uses-cracked.html www.secnews.physaphae.fr/article.php?IdArticle=8650577 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,]]> 2025-02-20T19:07:00+00:00 https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html www.secnews.physaphae.fr/article.php?IdArticle=8649260 False Malware None 3.0000000000000000