North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC … [Read more...] about North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
Hackers
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Apr 23, 2025Ravie LakshmananMalware / Cryptocurrency Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy … [Read more...] about DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Apr 15, 2025Ravie LakshmananLinux / Malware The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save … [Read more...] about Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, … [Read more...] about North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily … [Read more...] about Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Mar 19, 2025Ravie LakshmananThreat Intelligence / Cryptojacking Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that … [Read more...] about Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Mar 18, 2025Ravie LakshmananAI Security / Software Security Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code … [Read more...] about New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Mar 12, 2025Ravie LakshmananCyber Espionage / Vulnerability The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, … [Read more...] about Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), … [Read more...] about Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over … [Read more...] about Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites