Malicious code in api-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page. Click Download Now and instead of a Windows update, you get a malicious installer—one that silently steals saved passwords, browser...

CVE-2025-6298

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim ...

CVE-2018-25117 VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

CVE-2025-48500

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support...

F5 BIG-IP Edge Client 安全漏洞

F5 BIG-IP Edge Client is a secure remote access client software from F5 USA. A security vulnerability exists in F5 BIG-IP Edge Client that stems from a lack of file integrity checking and could lead to a local attacker replacing a malicious installation package...

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload,...

Malicious code in ccsinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e18cda71c2919c802b866f37fc87002396540fd6d3ea3f22b7703111c247518 Installing package downloads and install an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2024-12196 Malicious code in artifact-lab-3-package-2387a34d (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fee5bd32875c77b424ebb9a32f5c20b4dbfa892c17655622ba445be401db32d4 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher...

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took...

BeyondTrust Privilege Management Security Vulnerability

BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management Mac versions prior to 5.7, which originates from an authenticated, unprivileged user being able to eleva...

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like...

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious...

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results and direct users looking for popular...

CVE-2021-44169

A improper initialization in Fortinet FortiClient Windows version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software

An ongoing search engine optimization SEO poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software developmen...

Purple Fox Rootkit Dropped by Malicious Telegram Installers

A malicious Telegram instant-messaging app installer scurries past a slew of antivirus AV engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. In a Monday report, Minerva Labs said that the attack evades detection by A...