MAL-2026-2466 Malicious code in strapi-plugin-hextest (npm)

strapi-plugin-hextest is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

UNC3886 Covert Operations Leveraging Rootkits and Backdoored Applications

...

Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat

In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The...

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine,...

Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine

Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group TAG and Mandiant disclosed in a new joint report. The targeting, which coincided and has since persisted following the country's military invasion of Ukraine in February...

Aggrokatz - An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely

aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the fil...

This is How CIA Disables Security Cameras During Hollywood-Style Operations

In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence. Whenever I see such scenes in a movie, I wonder and ask...

FBI used Anonymous and Lulzsec Hackers to attack foreign governments

Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as "Sabu" , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years. Another Lulzsec Hacker Jeremy Hammond has claimed tha...

FBI used Anonymous and Lulzsec Hackers to attack foreign governments

Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as "Sabu" , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years. Another Lulzsec Hacker Jeremy Hammond has claimed tha...

Report: Iran Claims To Have Hacked, Then Hijacked Stealth Drone

A report on the Web site of the Christian Science Monitor claims that Iran exploited a long-known vulnerability in the GPS navigation system of the U.S.’s RQ-170 Sentinel drone to force it into landing safely within Iran. The report, Thursday, cites an Iranian engineer that is part of a team that...