Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the … [Read more...] about Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Malicious
How to detect malicious browser extensions using Elastic
When your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting. This blog post explores how the Elastic Infosec team uses osquery and the Elastic Stack to create a real-time … [Read more...] about How to detect malicious browser extensions using Elastic
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of … [Read more...] about Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module … [Read more...] about Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the … [Read more...] about GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and … [Read more...] about Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Dec 13, 2024Ravie LakshmananCyber Attack / Malware A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers … [Read more...] about 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading … [Read more...] about Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and … [Read more...] about OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Aug 23, 2024Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant … [Read more...] about New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads