malicious
-
Blog
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to the report, initial access to…
Read More » -
Blog
‘Insiders don’t need to break in’: A developer crippled company networks with malicious code and a ‘kill switch’ after being sacked – and experts warn it shows the huge danger of insider threats
Security experts have warned ITPro over the risks of insider threats from disgruntled workers after a software developer deployed a ‘kill switch’ to sabotage his former employer’s networks. 55-year-old Davis Lu was convicted in March after being found guilty of “causing intentional damage to protected computers”, according to the US Department of Justice (DOJ). Lu, who worked for power management…
Read More » -
Blog
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networks
Organizations are at risk of falling prey to a common network vulnerability that allows threat actors to evade detection and spread malware with impunity, law enforcement agencies have warned. ‘Fast flux’ is a domain-based technique used to hide communications sent by malware to its command and control (C2) infrastructure – the malicious servers that send out updates and new directions…
Read More » -
Blog
.jpg)
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. The operation was first uncovered by IAS Threat Lab, who categorized the malicious activity under the name “Vapor” and said it has been ongoing since early 2024. IAS identified 180 apps as part of the Vapor campaign,…
Read More » -
Blog
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth…
Read More » -
Blog
Cobalt Strike abusers have been dealt a hammer blow: An “aggressive” takedown campaign by Fortra and Microsoft shuttered over 200 malicious domains – and it’s cut the misuse of the tool by 80%
Malicious use of penetration testing tool Cobalt Strike and other legitimate tools has been significantly curtailed after an “aggressive campaign” by its developer Fortra and Microsoft. Fortra teamed up with Microsoft’s Digital Crimes Unit (DCU) and the Health Information Sharing and Analysis Center (Health-ISAC) to mitigate the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software in…
Read More » -
Blog
Malware-free attacks surged in 2024 as attackers drop malicious software for legitimate tools
Cyber attacks leveraging trusted services to conduct malicious activities are becoming the norm, according to new research, as malware takes a backseat among hackers. CrowdStrike’s 2025 global threat report found a shift towards malware-free attack techniques was one of the defining trends shaping the threat landscape in the past five years. The report stated that 79% of CrowdStrike’s threat detections…
Read More » -
Blog
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, that detects and alerts on…
Read More » -
Blog
Flaws in a popular dev library could let hackers run malicious code in your MongoDB database
A researcher has uncovered two related vulnerabilities in a popular developer library used to connect applications and MongoDB that could allow hackers to sneak into your database. Mongoose is an object data modeling (ODM) library for MongDB that connects it to the Node.js runtime environment, essentially simplifying interactions between applications and MongoDB databases The flaws were discovered by Dat Phung,…
Read More » -
Blog
X now blocks Signal contact links, flags them as malicious
Social media platform X (formerly Twitter) is now blocking links to “Signal.me,” a URL used by the Signal encrypted messaging to share your account info with another person. According to BleepingComputer’s tests and other users’ reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. “This request looks…
Read More »