Lucene search
K

53 matches found

The Hacker News
The Hacker News
added 2025/08/26 10:45 a.m.3 views

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/19 3:52 p.m.44 views

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans RATs like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in...

9.8CVSS8.1AI score0.99987EPSS
Exploits64
The Hacker News
The Hacker News
added 2025/03/04 9:1 a.m.16 views

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers ISPs in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/13 1:33 p.m.15 views

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the...

10CVSS10AI score0.98545EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/07/11 5:19 a.m.62 views

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service DDoS botnets. The vulnerability in question is CVE-2024-4577 CVSS score: 9.8, which allows an attacker to...

9.8CVSS9.7AI score0.99987EPSS
Exploits64
The Hacker News
The Hacker News
added 2024/07/04 9:10 a.m.68 views

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...

9.8CVSS8.6AI score0.99485EPSS
Exploits20
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/06/06 12:0 a.m.18 views

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/20 12:20 p.m.13 views

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/05 9:40 a.m.31 views

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/12 11:27 a.m.46 views

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/03 4:42 a.m.102 views

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Proof-of-concept PoC exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks formerly vRealize Network Insight. The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been describe...

9.8CVSS9.1AI score0.63947EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/08/29 2:38 p.m.69 views

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/10/04 3:39 p.m.57 views

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/01 1:15 p.m.26 views

YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and trac...

0.9AI score
Exploits0
HackRead
HackRead
added 2022/05/17 7:29 p.m.20 views

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

By Deeba Ahmed Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft… This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer...

3.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/29 10:16 a.m.15 views

New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners

An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indica...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/01/05 5:12 a.m.107 views

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during...

10CVSS9.5AI score0.99999EPSS
Exploits358
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/12/01 12:0 a.m.7 views

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of...

3.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/02/11 5:0 p.m.1029 views

Web shell attacks continue to rise

One year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated: every month from August 2020 to January 2021, we registered an average of 140,000 encounters of these threa...

10CVSS0.4AI score0.99999EPSS
Exploits60
Rows per page
Query Builder