Lucene search
K

69 matches found

The Hacker News
The Hacker News
added 2026/05/26 7:13 a.m.27 views

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore aka Screening Serpens and UNC1549 has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 11:30 a.m.6 views

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/17 11:36 a.m.6 views

How searching for a VPN could mean handing over your work login details

This blog is about how trying to do the “right thing” can lead you straight into a trap. People searching for a VPN ended up downloading credential-stealing malware. From the victim’s perspective, their trust was exploited at every step: trust in search engines, in familiar logos, in digital...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/12 5:0 p.m.7 views

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/12 5:0 p.m.12 views

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/16 5:59 p.m.7 views

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript aka JScript malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/04 5:25 p.m.6 views

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization SEO poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloadin...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/11 3:44 p.m.4 views

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/18 6:51 a.m.9 views

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT

The threat actors behind a malware family known as Winos 4.0 aka ValleyRAT have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan RAT tracked as HoldingHands RAT aka Gh0stBins. "The campaign relied on phishing emails with PDFs...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/23 8:13 a.m.2 views

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Cybersecurity researchers are calling attention to a search engine optimization SEO poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/20 7:7 a.m.8 views

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a...

6.9AI score
Exploits0
HackRead
HackRead
added 2025/09/12 4:15 p.m.5 views

SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware

New SEO poisoning campaign exposed! FortiGuard Labs reveals how attackers trick users with fake websites to deliver Hiddengh0st…...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/05 2:7 p.m.6 views

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

The threat actor behind the malware-as-a-service MaaS framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downloading and executin...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/21 4:25 p.m.11 views

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/13 3:46 p.m.13 views

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/08 4:14 p.m.4 views

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence AI-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivat...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/07 5:26 p.m.8 views

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization SEO poisoning techniques to deliver a known malware loader called Oyster aka Broomstick or CleanUpLoader. The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/06/17 4:30 p.m.26 views

Hacklink Market Linked to SEO Poisoning Attacks in Google Results

Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/29 3:47 p.m.21 views

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence AI tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and LuckyGh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 9:52 a.m.13 views

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Threat hunters have exposed a novel campaign that makes use of search engine optimization SEO poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is...

7.2AI score
Exploits0
Rows per page
Query Builder