Lucene search
K

54 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:40 a.m.16 views

Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 4:53 p.m.14 views

Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

5.8AI score
Exploits0References6
The Hacker News
The Hacker News
added 2026/03/04 8:14 a.m.9 views

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat APT group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/23 9:43 a.m.17 views

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

Cybersecurity researchers have disclosed details of a new BackConnect BC malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/11 2:7 p.m.7 views

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System DNS tunnel for command-and-control C2 communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/25 11:24 a.m.7 views

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/14 11:35 a.m.51 views

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance CSA as zero-days to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain...

9.1CVSS8.7AI score0.99951EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/08/20 10:25 a.m.47 views

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control C&C server via DNS traffic," the Symantec Threat Hunter Team, part ...

9.8CVSS9.9AI score0.99987EPSS
Exploits64
The Hacker News
The Hacker News
added 2024/06/04 3:33 p.m.10 views

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/23 11:14 a.m.11 views

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat APT group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term...

7.5AI score
Exploits0
HackRead
HackRead
added 2024/05/14 2:25 p.m.17 views

DNS Tunneling Used for Stealthy Scans and Email Tracking

By Deeba Ahmed Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks. This is a post from HackRead.com Read the original post: DNS...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2024/03/21 11:30 a.m.76 views

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2023/11/05 11:30 a.m.52 views

NetworkAssessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor

The Network Compromise Assessment Tool is designed to analyze pcap files to detect potential suspicious network traffic. This tool focuses on spotting abnormal activities in the network traffic and searching for suspicious keywords. DNS Tunneling Detection : Identifies potential covert...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2023/07/19 12:30 p.m.118 views

Network_Assessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor

With Wireshark or TCPdump, you can determine whether there is harmful activity on your network traffic that you have recorded on the network you monitor. This Python script analyzes network traffic in a given .pcap file and attempts to detect the following suspicious network activities and attack...

7.1AI score
Exploits0References2
Qualys Blog
Qualys Blog
added 2023/05/18 4:3 a.m.22 views

New Strain of Sotdas Malware Discovered

Introduction There are numerous malicious codes that are currently active on smart devices, such as Ddosf, Dofloo, Gafgyt, MrBlack, Persirai, Sotdas, Tsunami, Triddy, Mirai, Moose, and Satori, among others. These malicious codes and their variants can intrude into and control smart devices throug...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/01 12:31 p.m.30 views

New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks

An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of...

6.7AI score
Exploits0
GithubExploit
GithubExploit
added 2023/03/16 2:49 p.m.291 views

Exploit for CVE-2021-26700

CVE-2021-26700 Note: this manual is valid for DSNS lab's...

7.8CVSS8AI score0.05954EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/03/02 8:3 a.m.68 views

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/09 11:0 a.m.139 views

A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

A previously undocumented Chinese-speaking advanced persistent threat APT actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seek...

9.3CVSS1.6AI score0.99966EPSS
Exploits25
The Hacker News
The Hacker News
added 2022/05/13 9:32 a.m.30 views

New Saitama backdoor Targeted Official from Jordan's Foreign Ministry

A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing...

1.4AI score
Exploits0
Rows per page
Query Builder