Lucene search
+L

202 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS5.8AI score0.00298EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2024/11/06 1:59 p.m.15 views

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control C&C framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/30 10:0 a.m.12 views

Writing a BugSleep C2 server and detecting its traffic with Snort

In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"aka "BugSleep". This remote access tool RAT gives operators reverse shell and file input/output I/O capabilities on a victim's endpoint using a bespoke command and control C2 protocol. This blog will...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/21 1:8 p.m.22 views

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

The prolific Chinese nation-state actor known as APT41 aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable informati...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/15 3:20 p.m.35 views

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan RAT called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/02 3:8 p.m.20 views

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/24 9:37 a.m.16 views

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover DTO and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabr...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/11 9:46 a.m.13 views

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/10 4:0 a.m.22 views

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

8.4AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/21 3:37 p.m.15 views

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/21 11:0 a.m.36 views

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/31 9:37 a.m.27 views

Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/23 12:28 p.m.24 views

Chinese Hackers Target Taiwan and US NGO with MgBot Malware

Organizations in Taiwan and a U.S. non-governmental organization NGO based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage,"...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/16 10:9 a.m.21 views

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/11 10:12 a.m.18 views

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan RAT called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense...

6.7AI score
Exploits0
Trellix
Trellix
added 2024/06/17 12:0 a.m.12 views

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/13 1:55 p.m.29 views

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a...

7.5AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/29 12:0 a.m.46 views

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...

8.7CVSS7.1AI score0.26937EPSS
In wildExploits1
The Hacker News
The Hacker News
added 2024/05/28 10:15 a.m.100 views

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service DDoS attacks. "CatDDoS-related gangs' samples...

7.1AI score0.01743EPSS
Exploits0
Rows per page
Query Builder