Author: Admin
March 31, 2025Red LakshmananData steal / web safety The threatening actors use the MU-planning catalog on WordPress websites to hide the malicious code to maintain permanent remote access and redirect site visitors to fake sites. Mu-meline shortened for Required plugsrefers to plugins in a special directory (“WP-Content/Mu-Plugins”), which are automatically performed by WordPress without having to turn them clearly through the administrator’s dashboard. It also makes the catalog the perfect place for malware. “This approach is a tendency because the MU-Plane (the plugin of the compulsory use) is not made in the standard WordPress plugin interface, making them less noticeable…
March 31, 2025Red LakshmananIntelligence threats / malicious software Subjects in Ukraine were aimed at a phishing campaign aimed at distributing Trojan remote Rat Remecos. “File names use Russian words related to troops in Ukraine as a bait,” Cisco Talos Guilherme Venere researcher – Note In a report published last week. “Loading PowerShell is in contact with geo-aggregated servers located in Russia and Germany to download the mail file in the second stage containing Backdoor Remcos.” Activities has been associated with moderate confidence for a Russian hacking group known as HomoredonAlso tracked under Monikers Aqua Blizzard, Armageddon, Blue Otso, Bluealpha, Hive0051,…
March 30, 2025Red LakshmananVulnerability / zero day US Cybersecurity and infrastructure agencies (CISA) shed light on a new malicious software called Rebellion This was deployed within the framework of operating activities aimed at the current lack of security in IVanti Connect Secure (ICS) devices. “Management contains the possibilities of malicious Spownchimera software, including reset that survived; however, resurge contains distinctive commands that change its behavior,” agency – Note. “The file contains the possibilities of rootkit, dropper, back, bootkit, proxy and tunneler.” The vulnerability of security associated with the deployment of malware, there is Cve-2025-0282The vulnerability of a stack -based buffer…
March 29, 2025Red LakshmananIntelligence threats / mobile security Cybersecurity researchers have discovered a new malicious Android Banking software called Crocodile This is primarily intended for targeting users in Spain and Turkey. “Crocodilus goes on stage not as a simple clone, but as a full threat from the beginning, equipped with modern – Note. As of other Bank trojans Of -a sort of malicious software designed to facilitate devices’ absorption (Hundred) and eventually conduct fake operations. Analysis of the source code and reports of debugs shows that the author of malware is Turkish. Crocodilus Artifacts, analyzed by the Dutch Masquerade Mobile…
March 29, 2025Red LakshmananCybercrime / vulnerability In what is hacking hackers, hunting for threats managed to penetrate into the Internet infrastructure associated with a ransom group called Blacklock, revealing important information about their mode of operation. Transfiguration stated that it determined the safety vulnerability on the data site (DLS), which is managed by an electronic crime group that made it possible to extract configuration files, credentials, as well as teams made on the server. The downside concerns “a certain erroneous configuration on the data leak (DLS) BlackLock Ransomware, which leads to the IP -Drass Clearnet, related to their network infrastructure,…
March 28, 2025Red LakshmananOperational technology / vulnerability Cybersecurity researchers have discovered 46 new safety deficiencies in three solar -sellers, Sungrow, Growatt and SMAs, which can be used by a bad actor to confiscate devices or remote code, creating serious risks for electrical networks. The vulnerabilities were collectively named Sun: Down by forescout vedere labs. “New vulnerabilities can be used to execute arbitrary commands on devices or cloud provider, consider, gain a foothold in the supplier’s infrastructure or take control of the inverter owners’ device”, company company, company – Note In a report that shared with Hacker News. Some of the…
March 28, 2025Red LakshmananIntelligence of security / threat final point Cybersecurity researchers pay attention to a new complex malicious software called Coffeeode This is designed to download and perform secondary useful loads. According to ZSCALER OPHERLABZ, shares the similarity of behavior with another known forklifts malicious programs known as Diplomat. “The purpose of the malicious software-loading and perform useful load in the second stage, evading the detection of safety products based – Note In a technical record published this week. “Malicious software uses numerous methods to bypass safety solutions, including a specialized package that uses GPU, reinforcement of the stack…
March 28, 2025Red LakshmananSpying software / malicious software Earlier, the Android Malter Malware Service Service Service was associated with a new company that is probably aimed at Taiwan’s users under the guise of chat applications. “PJOBrat can steal SMS messages, telephone contacts, devices and apps, documents and media files from infected Android devices,” Sophos Security Pankaj Kohli Researcher Kohli – Note In the Thursday analysis. Pjobrat, First documented In 2021, there were results of use against Indian military purposes. The following malware iterations were discovered as appraisal applications and instant messages to deceive future victims. It is known that it…
March 28, 2025Red LakshmananZero day / browser security Mozilla released updates to address a critical security lack that affects its Firefox browser for Windows, just a few days after Google recorded a similar lack of Chrome, which was actively operating as a zero day. Security vulnerability, CVE-2025-2857, was described as a case of the wrong handle that could lead to the escape of the sandbox. “After the recent Chrome Sandbox shoots (Cve-2025-2783), various Firefox developers have defined a similar picture in our IPC code”, Mozilla – Note In advisory. “The disrupted child process can force the parental process to return…
March 28, 2025Red LakshmananCryptocurrency safety / developer Cybersecurity researchers have discovered several cryptocurrency packages in the NPM register that was hijacked for sensitive information about siphon, such as Variable environment from compromised systems. “Some of these packages – Note. “However (…) the latest versions of each of these packages were loaded with persistent scenarios.” The affected packages and their abducted versions are below – Map-Curve (2.1.8) BNB-Javascript-SDK-Nobroadcast (2.16.16) @Bithighlander/Bitcoin-Cash-JS-LIB (5.2.2) ESLINT-CONFIG-TRAVIX (6.3.1) @Crossway-Finance1/SDK-V2 (0.1.21) @KeepKey/Protocol (7.13.3) @Veniceswap/Uikit (0.65.34) @Veniceswap/ESLINT-CONFIG-TANE (1.6.2) Babel-Preset-Travix (1.2.1) @TRAVIX/UI-TEMES (1.1.5) @CoinMasters/Type (4.8.16) Analysis of these safety chain safety software packages showed that they were poisoned by…