malicious
-
Blog
Dozens of malicious packages on NPM collect host and network data
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains a post-install script that…
Read More » -
Blog
ASUS DriverHub flaw let malicious sites run commands with admin rights
The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity researcher from New Zealand named Paul (aka “MrBruh“), who found that the software had poor validation of commands sent to the DriverHub background service.…
Read More » -
Blog
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named “discordpydebug,” the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even though it has no description…
Read More » -
Blog
Linux wiper malware hidden in malicious Go modules on GitHub
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. Complete disk destruction The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload –…
Read More » -
Blog
What are malicious websites? What to look for
Malicious websites are designed to harm you or your device. A malicious website might steal your data or infect your device with malware. For example, this can be through a phishing attack, a drive-by download, or browser hijacking. What’s particularly problematic is that malicious websites aren’t always easy to spot, often because they’re mimicking legitimate sites. This makes it that…
Read More » -
Blog
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket’s threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based on third-party download counters,…
Read More » -
Blog
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to the report, initial access to…
Read More » -
Blog
‘Insiders don’t need to break in’: A developer crippled company networks with malicious code and a ‘kill switch’ after being sacked – and experts warn it shows the huge danger of insider threats
Security experts have warned ITPro over the risks of insider threats from disgruntled workers after a software developer deployed a ‘kill switch’ to sabotage his former employer’s networks. 55-year-old Davis Lu was convicted in March after being found guilty of “causing intentional damage to protected computers”, according to the US Department of Justice (DOJ). Lu, who worked for power management…
Read More » -
Blog
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networks
Organizations are at risk of falling prey to a common network vulnerability that allows threat actors to evade detection and spread malware with impunity, law enforcement agencies have warned. ‘Fast flux’ is a domain-based technique used to hide communications sent by malware to its command and control (C2) infrastructure – the malicious servers that send out updates and new directions…
Read More » -
Blog
.jpg)
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. The operation was first uncovered by IAS Threat Lab, who categorized the malicious activity under the name “Vapor” and said it has been ongoing since early 2024. IAS identified 180 apps as part of the Vapor campaign,…
Read More »