Author: Admin
05 April 2025Red LakshmananAttacking Malicious Programs / Chain Supplies North Korean subjects threatening behind the current Increased interview The company distributes its NPM ecosystem tentacles, publishing more malicious packages that deliver the Beavertail malicious software, as well as the new Trojan loader (rat). “These recent samples use hexadecimal lines that shy away from automated manual code detection systems, signaling variations in the threat -threatening actors – Note In the report. The packages in question, which were combined more than 5 600 times before their deletion, are given below – below – A blank-lydator Twitterappis Dev-DEBGGER-VITE Snore-Log Core -no Events-use iCloud-Cod…
05 April 2025Red LakshmananAttacking Malicious Programs / Chain Supplies Cybersecurity researchers have discovered malicious libraries in Python Package (PYPI) storage facilities designed for confidential information. Two packages, Bitcoinlibdbfix and Bitcoinlib-Dev, masquerade as fixes for Recent problems discovered in the legal Python module called Bitcoinlib, according to Reversinglabs. The third package detected According to Socket, Sursya, contained a fully automated card -oriented script scenario. The packages attracted hundreds of downloads before they were lifted, according to statistics from pepy.tech – “The malicious libraries are trying to attack a similar attack by re -recording the CLI CLI legal team, which tries to…
04 April 2025Red LakshmananVulnerability / with open source, A cascade supply chain attacks this Initially focused on Coinbase Before becoming broader to highlight users ‘TJ-Actions/Changer-Files’ that GitHub is leaked further to the theft of personal access token (Pat) related to Spotbugs. “The attackers have received initial access by using the workpiece of GitHub Spotbugs, a popular tool – Note In the update this week. “This allowed the attackers to move away between Spotbugs repositories before receiving the review.” There are data that suggest that the harmful activity began back in November 2024, although the attack on Coinbase took place until…
04 April 2025Red LakshmananIntelligence threats / malicious software Was marked with a beginner by cyberclassNf / h) A provider called Proton66 to facilitate their activities. The data received from Domaintools, which discovered the activity after discovered a fake site called CybersecureProtect (.) COM, located on Proton66, which was masked as an antivirus service. The threatening firm said that the domain revealed the refusal of the prompt safety (OPSEC), which left its malicious infrastructure, thus revealing the harmful useful loads put on the server. “This discovery led us to the rabbit – Note In a report that shared with Hacker News.…
There is a virtuous cycle in the technology that pushes the boundaries of what is being built and how it is used. New technology develops and attracts the attention of the world. People begin to experiment and identify new applications, use cases and approaches to maximize the potential of innovation. These cases use considerable value by fueled the demand for the subsequent iteration of innovation, and, in turn, the new wave of innovators creates cases of using the next generation, causing further achievements. The containers became the basis of modern, cloud development software that supports new cases of use and…
04 April 2025Red LakshmananVulnerability / cloud security The Java Apache Parquet Library revealed the maximum security of security security, which, if successfully used, can allow a remote attacker to perform an arbitrary code in sensitive instances. Apache Parquet is a free open source data file format designed to process data and search effectively, providing sophisticated data, high-performance compression and coding schemes. It was first launched in 2013. The vulnerability in question is monitored as Cve-2025-30065. It carries CVS 10.0. “The scheme scheme in the Parquet-AVRO module with Apache Parquet 1.15.0 and the previous versions allows the bad actors to perform…
Critical Important Ivanti is actively exploited to deploy malicious Trailblaze and Pretfire programs
04 April 2025Red LakshmananMalicious software / vulnerability Ivanti revealed details about the vulnerability of critical security, which affects its connection, which was actively exploited in the wild. Vulnerability tracked as Cve-2025-22457 (CVSS assessment: 9.0), concerns the case of a stack -based buffer overflowing, which can be used to perform arbitrary code in the affected systems. “The stack -based buffer overflow into Ivanti connects to security to version 22.7r2.6, Ivanti Policy Secure to version 22.7r1.4, and Ivanti Zta Gateway – Note in a warning published on Thursday. The disadvantage affects the following products and versions – Ivanti Connect Secure (versions 22.7r2.5…
04 April 2025Red LakshmananCritical infrastructure / malicious software The Emergency Response Team (CERT-UA) showed that at least three cyber-napades were recorded against the state administration bodies and critical infrastructure in the country to steal sensitive data. Company, agency – NoteIt affects the use of compromised email accounts to send phishing messages containing links that indicate legitimate services such as Dropmefiles and Google Drive. In some cases, the links are built into PDF investing. The digital missions sought to provoke a false sense of relevance, saying that the Ukrainian government planned to reduce their salaries, urging the recipient to move to…
Microsoft warns about e-mail attacks with taxation using PDFS and QR Codes for Delivery Programs
Microsoft warns about multiple phishing companies that use tax related topics to deploy malware and theft of powers. “These companies, in particular – Note In a report that shared with Hacker News. The characteristic aspect of these companies is that they lead to phishing Raccoon365The electronic crime platform, which first appeared in early December 2024. Also delivered deleted Trojans access (rats) as a rat Remcos, as well as other malware and frame after operation such as LatrodectusAhkbot, Gulatorand Brutetel C4 (BRC4). It is estimated that one of these companies, noticed by the technological giant on February 6, 2025, sent hundreds…
North Korean threats behind a contagious interview have taken more and more popular Clickfix Social engineering tactics to attract people looking for work in the field of cryptocurrencies to deliver a previously unregistered back Go, called GolangHost in Windows and Macos Systems. The new activity that is estimated throughout the campaign has been named Interview Clickfake French Cybersecurity Company SEKOIA. Increased interviewAlso monitored as deport development, Dev#Popper and the famous Chollima, is known, has been valid at least from December 2022, although it was only recorded for the first time in the late 2023. “It uses legitimate web -residues to…