Malicious Package

Overview @car-loans/applicaion-aff is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate...

New .NET AOT Malware Hides Code as a Black Box to Evade Detection

Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system…...

CVE-2023-40718

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets...

MAL-2025-94823 Malicious code in high_whale_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b88f3c4530fd128999f9859649f0c4c30905ac8ca8f071367708c8c29eba33e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

browsersploit

This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...

Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors

All current detection of backdoor attacks on deep learning models fall under the category of a non essential featuresNEF, which focus on fighting against simple and efficient vertical class backdoor -- trigger is small, few and not overlapping with the source. Evade-adaptive backdoor EAB attacks...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from the connect-src directive can be bypassed, and can be exploited by attackers to bypass security restrictions...

The WIRED Guide to Protecting Yourself From Government Surveillance

Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it...

Malicious code in sess-mgmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29c16cd4681ce57c3517c8eb02325b85b1d23b80065b782616b42f03b524a289 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it...

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The...

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector...

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters,...

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...

Turla’s Tiny Backdoor Exploits MSBuild to Evade Detection

...

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure ICS involved the threat actor creating rogue virtual machines VMs within its VMware environment. "The adversary created...

New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location...

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and...

Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. "Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, a...