Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2025/11/24 7:18 a.m.13 views

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

A recently patched security flaw in Microsoft Windows Server Update Services WSUS has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence...

9.8CVSS9AI score0.99962EPSS
Exploits24
The Hacker News
The Hacker News
added 2025/03/26 4:59 p.m.15 views

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew...

7.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/02/20 12:0 a.m.6 views

Updated Shadowpad Malware Leads to Ransomware Deployment

In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/01 6:0 p.m.30 views

There is no real fix to the security issues recently found in GitHub and other similar software

A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...

8.8CVSS7.5AI score0.73469EPSS
Exploits6
The Hacker News
The Hacker News
added 2023/07/18 12:58 p.m.64 views

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunication...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/27 2:19 p.m.48 views

Researchers Expose Over 80 ShadowPad Malware C2 Servers

As many as 85 command-and-control C2 servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit TAU, which studied three ShadowPad variants using TCP, UDP, an...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/08 4:59 p.m.31 views

Chinese Hacker Groups Continue to Target Indian Power Grid Assets

China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/15 2:6 p.m.29 views

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/20 3:44 p.m.30 views

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,...

1.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/08/13 8:23 p.m.48 views

CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets

The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group’s victimology, according to researchers. The group also used a fresh variant of the Bisonal backdoor, which allows the attacke...

7.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/10/21 3:33 p.m.85 views

Avast Network Breached As Hackers Target CCleaner Again

Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account. Avast said that it believes that the intrusion, first detected on Sept. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is...

0.6AI score
Exploits0References10
Rows per page
Query Builder