EUVD-2022-15983

Malicious code in bioql PyPI...

Hackers Are Finding New Ways to Hide Malware in DNS Records

Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection attacks against chatbots...

CVE-2022-0989

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

CVE-2022-0989

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

CVE-2022-0989

The CVE-2022-0989 entry concerns the WordPress NS WooCommerce Watermark plugin (≤ 2.11.3). The issue is abuse of functionality allowing an unprivileged user to load images that can hide malware by routing through the vulnerable domain via the plugin’s image handling (ns_image.php). This is docume...

A week in security (August 30 – September 5)

Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...

.WAVs Hide Malware in Their Depths in Innovative Campaign

UPDATE Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data. The embedded code consists of two different payloads: A XMRig/Monero CPU cryptominer and Metasploit code...