When Safe Models Merge into Danger: Exploiting Latent Vulnerabilities in LLM Fusion

Model merging has emerged as a powerful technique for combining specialized capabilities from multiple fine-tuned LLMs without additional training costs. However, the security implications of this widely-adopted practice remain critically underexplored. In this work, we reveal that model merging...

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control C2 scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed...

SupremeBot and Mario cross the finish line together

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...

Typosquatting: Legit Abquery Package Duped with Malicious Aabquerys

By Deeba Ahmed Aabquerys use the typosquatting technique to encourage downloading malicious components, as it has been cleverly named to make it sound like the legitimate NPM module Abquery. This is a post from HackRead.com Read the original post: Typosquatting: Legit Abquery Package Duped with...

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected. Uptycs’ Siddharth Sharma has released research showing threat acto...

New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack

Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat APT behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools...

CVE-2020-10266

UR+ Universal Robots+ is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots e.g. in the UR10, no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universa...

BadRabbit: a closer look at the new version of Petya/NotPetya

Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...

Android Gets Security Makeover With Google Play Protect

Mobile operating system Android received a big security makeover Wednesday with the introduction of Google Play Protect. At Google I/O, Google’s annual developer conference, the company teased a major update to its security platform that consists of a mix of new features, a rebranding of existing...

Spear Phishing Campaigns Use Fake Mandiant APT1 Report as Lure

People looking to download and read the Mandiant report on Chinese government attacks on U.S. infrastructure should look carefully at the name of the file before opening it. Researchers say that there are at least two different spear-phishing attacks going on right now that are using rigged copie...

TDSS Rootkit and DNSchanger: An Unholy Alliance

The TDSS rootkit has proven to be more pliable and adaptable than a campaigning politician, and attackers have used it in various forms for the last three or four years for all sorts of different attacks. It shows up in drive-by downloads, targeted attacks and just about everything in between, an...