Vietnamese phishing campaign evolves from Python infostealer to PureRAT trojan This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
Category: EN
Webshells Hiding in .well-known Places, (Thu, Sep 25th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Webshells Hiding in .well-known Places, (Thu, Sep…
Building the IoTrain
While developing the Matter workshop for DEF CON, I wondered what fun IoT project I could create that looks catchy, works well with DEF CON visitors, and is within my capabilities. One day, while walking the baby stroller, I had…
Chainguard Libraries for JavaScript provides developers with malware-free dependencies
Chainguard released Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript dependencies that are malware-resistant and built from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source,…
Microsoft spots LLM-obfuscated phishing attack
Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code…
Digital Experience Monitoring and Endpoint Posture Checks Usage in SASE
In this article, I will go through the concepts of digital experience monitoring (DEM) and Endpoint Posture Checks and discuss how these essential capabilities are integrated into the SASE framework to enforce the zero trust principle. Together, these capabilities empower…
ShadowV2 and AWS: The Rise of Cloud-Native DDoS-for-Hire Attacks
ShadowV2 exploits AWS Docker flaws to deliver advanced DDoS-for-hire attacks. The post ShadowV2 and AWS: The Rise of Cloud-Native DDoS-for-Hire Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: ShadowV2 and…
Onapsis enhances SAP security with latest platform updates
Onapsis announced updates to its Onapsis Platform, including the launch of three new capabilities: the SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP Business Technology Platform (BTP). Together, these enhancements provide organizations with…
Playing Offside: How Threat Actors Are Warming Up for FIFA 2026
Introduction Every four years, the World Cup captures the attention of billions. With that attention comes opportunity – not only for sponsors, broadcasters, and legitimate merchants, but also for adversaries who see in this spectacle a marketplace of deception. As…
Quantum-Safe Cyber Security: Current Capabilities and the Road Ahead
Quantum computing is moving from theory to reality. While largescale quantum computers are not yet available, their future impact on cyber security is clear: algorithms like RSA, Diffie–Hellman, and Elliptic Curve Diffie-Hellman which secure VPNs, TLS, and digital identities, will…
Scientists brew “quantum ink” to power next-gen night vision
Toxic metals are pushing infrared detector makers into a corner, but NYU Tandon researchers have developed a cleaner solution using colloidal quantum dots. These detectors are made like “inks,” allowing scalable, low-cost production while showing impressive infrared sensitivity. Combined with…
COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH
In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate…
New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors
BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early…
SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes
SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms. By polling world-writable directories such as %TEMP%, %APPDATA%, and…
ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data
A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system. This issue underscores the persistent risk in…
New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems
Following a major law enforcement disruption in February 2024, the notorious LockBit ransomware group has resurfaced, marking its sixth anniversary with the release of a new version: LockBit 5.0. Trend Micro has identified and analyzed binaries for Windows, Linux, and…
BreachForums Founder Resentenced to Three Years After Appeal
In a significant legal outcome for the cybersecurity landscape, Conor Fitzpatrick, the founder of the notorious BreachForums underground hacking site, has been resentenced to three years in federal prison after appeals overturned his previous lenient sentence. Fitzpatrick, who operated…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name…
The Threat of Privilege Abuse in Active Directory
In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption across the U.S. healthcare sector. It later emerged that the cause of this major national incident was… The post The Threat of Privilege Abuse in Active Directory…
Volvo Group Reports Data Breach Following Ransomware Attack on HR Vendor
Volvo Group has disclosed that a recent ransomware attack on its human resources software provider, Miljödata, may have resulted in unauthorized access to personal information belonging to its North American workforce. The incident underscores growing concerns about third-party risk and the importance…