Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> That explains all the shite I've seen, incl. the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> in <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> itself...</p><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.7Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#backdoor
16 posts · 10 participants · 6 posts today
:rss: Hacker News<p>Code highlighting extension for Cursor AI used for $500k theft<br><a href="https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securelist.com/open-source-pac</span><span class="invisible">kage-for-cursor-ai-turned-into-a-crypto-heist/116908/</span></a><br><a href="https://rss-mstdn.studiofreesia.com/tags/ycombinator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ycombinator</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Cryptocurrencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptocurrencies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Descriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Descriptions</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Technologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Technologies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Open_source" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Open_source</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Trojan_stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan_stealer</span></a></p>
:rss: Hacker News<p>Cursor AI extension used for $500k theft<br><a href="https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securelist.com/open-source-pac</span><span class="invisible">kage-for-cursor-ai-turned-into-a-crypto-heist/116908/</span></a><br><a href="https://rss-mstdn.studiofreesia.com/tags/ycombinator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ycombinator</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Cryptocurrencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptocurrencies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Descriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Descriptions</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Technologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Technologies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Open_source" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Open_source</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Trojan_stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan_stealer</span></a></p>
:rss: Hacker News<p>Code highlighting with Cursor AI used for $500k theft<br><a href="https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securelist.com/open-source-pac</span><span class="invisible">kage-for-cursor-ai-turned-into-a-crypto-heist/116908/</span></a><br><a href="https://rss-mstdn.studiofreesia.com/tags/ycombinator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ycombinator</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Cryptocurrencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptocurrencies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Descriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Descriptions</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Malware_Technologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware_Technologies</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Open_source" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Open_source</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Trojan_stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan_stealer</span></a></p>
OTX Bot<p>Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication</p><p>A cluster of suspicious activity, tracked as CL-STA-1020, has been targeting governmental entities in Southeast Asia since late 2024. The threat actors have developed a new Windows backdoor called HazyBeacon, which uses AWS Lambda URLs for command and control communication. This technique leverages legitimate cloud functionality to create a covert, scalable, and hard-to-detect communication channel. The attackers' primary goal appears to be covert intelligence gathering, focusing on sensitive government data related to trade disputes. They also use Google Drive and Dropbox for data exfiltration, blending with normal network traffic. The attack involves DLL sideloading, persistence through a Windows service, and various payloads for file collection and exfiltration.</p><p>Pulse ID: 68750ec13f19d97610df9787<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68750ec13f19d97610df9787" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68750</span><span class="invisible">ec13f19d97610df9787</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-14 14:05:53</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWS</span></a> <a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Dropbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dropbox</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>HazyBeacon Stealthy Cloud Powered Espionage Campaign</p><p>A new backdoor called HazyBeacon has been used by a threat group known as<br>CL-STA-1020 to target government agencies in Southeast Asia mainly to steal<br>sensitive trade and tariff related documents.</p><p>Pulse ID: 6875fd40907e0653d371c81a<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6875fd40907e0653d371c81a" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6875f</span><span class="invisible">d40907e0653d371c81a</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-07-15 07:03:28</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
Pyrzout :vm:<p>Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment <a href="https://www.securityweek.com/flaws-in-gigabyte-firmware-allow-security-bypass-backdoor-deployment/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/flaws-in-giga</span><span class="invisible">byte-firmware-allow-security-bypass-backdoor-deployment/</span></a> <a href="https://social.skynetcloud.site/tags/EndpointSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndpointSecurity</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a> <a href="https://social.skynetcloud.site/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://social.skynetcloud.site/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> <a href="https://social.skynetcloud.site/tags/Gigabyte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gigabyte</span></a></p>
Pyrzout :vm:<p>Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment <a href="https://www.securityweek.com/flaws-in-gigabyte-firmware-allow-security-bypass-backdoor-deployment/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/flaws-in-giga</span><span class="invisible">byte-firmware-allow-security-bypass-backdoor-deployment/</span></a> <a href="https://social.skynetcloud.site/tags/EndpointSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndpointSecurity</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a> <a href="https://social.skynetcloud.site/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://social.skynetcloud.site/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> <a href="https://social.skynetcloud.site/tags/Gigabyte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gigabyte</span></a></p>
Karl Voit :emacs: :orgmode:<p>"Mehr als 100.000 <a href="https://graz.social/tags/Exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exchange</span></a>-Server sollen in den USA betroffen gewesen sein, in Deutschland mehrere Zehntausend. Das Bundesamt für Sicherheit in der Informationstechnik (<a href="https://graz.social/tags/BSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSI</span></a>) ging davon aus, dass alle Exchange-Systeme, die nicht abgesichert waren, mit einer <a href="https://graz.social/tags/Hintert%C3%BCr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hintertür</span></a> infiziert wurden. Weltweit sollen nach Schätzung des britischen Außenministeriums und des National Cyber <a href="https://graz.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> Centers mehr als eine Viertelmillion Server kompromittiert worden sein."</p><p><a href="https://www.heise.de/news/5-Jahre-nach-grossem-Microsoft-Exchange-Einbruch-Chinese-verhaftet-10479651.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/5-Jahre-nach-gro</span><span class="invisible">ssem-Microsoft-Exchange-Einbruch-Chinese-verhaftet-10479651.html</span></a></p><p>Business as usual bei <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a>. </p><p><a href="https://graz.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://graz.social/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://graz.social/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> <a href="https://graz.social/tags/M365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>M365</span></a> <a href="https://graz.social/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://graz.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheit</span></a></p>
Linux Is Best<p>State-sponsored exploits are often far more complex than typical vulnerabilities, and they're not always immediately obvious. Rather than being blatant or easily detectable, they're often crafted more like poison. At first glance, a piece of code in a random library may seem perfectly benign, serving a valid and useful function, as do many other independent libraries and functions scattered throughout the system. But when combined with other seemingly harmless pieces, these isolated bits of code can create something far more concerning. It's subtle and easily overlooked — yet, together, they could have a devastating effect.</p><p>This kind of stealthy, integrated attack is difficult to uncover because each individual part of the code appears legitimate on its own. Only when the system as a whole is carefully scrutinized in a holistic way can these potential threats be detected — if they're detected at all.</p><p><a href="https://mastodon.au/tags/Stack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stack</span></a> <a href="https://mastodon.au/tags/DigitalSovereignty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSovereignty</span></a> <a href="https://mastodon.au/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Europe</span></a> <a href="https://mastodon.au/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.au/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.au/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://mastodon.au/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.au/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://mastodon.au/tags/StateSponsored" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StateSponsored</span></a> <a href="https://mastodon.au/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a></p>
TugaTech 🖥️<p>Gravity Forms: Popular plugin de WordPress foi comprometido com malware<br>🔗 <a href="https://tugatech.com.pt/t69244-gravity-forms-popular-plugin-de-wordpress-foi-comprometido-com-malware" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tugatech.com.pt/t69244-gravity</span><span class="invisible">-forms-popular-plugin-de-wordpress-foi-comprometido-com-malware</span></a></p><p><a href="https://masto.pt/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> <a href="https://masto.pt/tags/ataque" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ataque</span></a> <a href="https://masto.pt/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://masto.pt/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://masto.pt/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://masto.pt/tags/seguran%C3%A7a" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>segurança</span></a> <a href="https://masto.pt/tags/servidor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>servidor</span></a> </p>
OTX Bot<p>Atomic macOS Stealer includes a backdoor for persistent access</p><p>Atomic macOS Stealer (AMOS) has received a major update, now including an embedded backdoor for persistent access to victims' Macs. This upgrade allows attackers to maintain control, run remote tasks, and potentially gain full system compromise. The Russia-affiliated AMOS threat group has expanded its capabilities, mimicking North Korean attack strategies. The malware is distributed through fake software websites and spear-phishing campaigns. It uses a trojanized DMG file to bypass Gatekeeper, installs persistence via LaunchDaemon, and communicates with command-and-control servers. The backdoor functionality significantly increases the risk to victims, turning one-time breaches into long-term compromises. AMOS campaigns have already affected over 120 countries, with the potential to access thousands of Mac devices worldwide.</p><p>Pulse ID: 687008ea5fb6ba9739b411f1<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/687008ea5fb6ba9739b411f1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68700</span><span class="invisible">8ea5fb6ba9739b411f1</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-10 18:39:38</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/AMOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMOS</span></a> <a href="https://social.raytec.co/tags/Atomic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Atomic</span></a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MacOS</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Analysis of APT-C-55 (Kimsuky) Organization's HappyDoor Backdoor Attack Based on VMP Strong Shell</p><p>The APT-C-55 (Kimsuky) group, a North Korean threat actor, has launched a new attack campaign targeting South Korea. They used a disguised Bandizip installation package to deliver malicious code and a VMP-protected HappyDoor trojan for espionage activities. The attack involves remote script loading, multi-stage malware deployment, and information theft. The malware collects sensitive data, including user information, system details, and files from specific directories. It also implements keylogging, screen capture, and mobile device monitoring functionalities. The attack methodology and infrastructure align with Kimsuky's historical patterns, including the use of similar scripts, backdoor families, and domain naming conventions.</p><p>Pulse ID: 6870094726b379cd976c869b<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6870094726b379cd976c869b" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68700</span><span class="invisible">94726b379cd976c869b</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-10 18:41:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/InformationTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InformationTheft</span></a> <a href="https://social.raytec.co/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kimsuky</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SouthKorea</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App</p><p>A new variant of macOS.ZuRu malware has been discovered, targeting users through a trojanized version of the Termius app. This backdoor, initially noted in 2021, now uses a modified Khepri C2 framework for post-infection operations. The malware is delivered via a .dmg disk image containing a hacked version of Termius.app. It adds two executables to the embedded Termius Helper.app and uses a new method to trojanize legitimate applications. The malware installs persistence via a LaunchDaemon and includes an md5 updater mechanism. The payload obtained from the C2 is a modified Khepri beacon with capabilities for file transfer, system reconnaissance, and command execution. The threat actor continues to target developers and IT professionals, adapting their techniques to evade detection.</p><p>Pulse ID: 686ffe0e4f96bdedcb713829<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/686ffe0e4f96bdedcb713829" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/686ff</span><span class="invisible">e0e4f96bdedcb713829</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-10 17:53:18</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MacOS</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/ZuRu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZuRu</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developers</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.heise.de/@iX_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>iX_Magazin</span></a></span> <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> ist <em>inhärent unfixbar unsicher</em>...</p><p>Siehe <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> - <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a>!</p>
Bob Carver<p>New Apple macOS Backdoor Warning As Hackers Threaten 100 Million Users<br><a href="https://www.forbes.com/sites/daveywinder/2025/07/08/new-apple-macos-backdoor-warning-as-hackers-threaten-100-million-users/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forbes.com/sites/daveywinder/2</span><span class="invisible">025/07/08/new-apple-macos-backdoor-warning-as-hackers-threaten-100-million-users/</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macOS</span></a> <a href="https://infosec.exchange/tags/AtomicmacOSStealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AtomicmacOSStealer</span></a> <a href="https://infosec.exchange/tags/AMOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMOS</span></a> <a href="https://infosec.exchange/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a></p>
TugaTech 🖥️<p>Novo malware Atomic para Mac instala um backdoor e dá controlo total aos atacantes<br>🔗 <a href="https://tugatech.com.pt/t69056-novo-malware-atomic-para-mac-instala-um-backdoor-e-da-controlo-total-aos-atacantes" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tugatech.com.pt/t69056-novo-ma</span><span class="invisible">lware-atomic-para-mac-instala-um-backdoor-e-da-controlo-total-aos-atacantes</span></a></p><p><a href="https://masto.pt/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://masto.pt/tags/criptomoedas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>criptomoedas</span></a> <a href="https://masto.pt/tags/detetado" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detetado</span></a> <a href="https://masto.pt/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internet</span></a> <a href="https://masto.pt/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://masto.pt/tags/mundo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mundo</span></a> <a href="https://masto.pt/tags/root" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>root</span></a> <a href="https://masto.pt/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://masto.pt/tags/telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telegram</span></a> </p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Atomic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Atomic</span></a> <a href="https://mastodon.thenewoil.org/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macOS</span></a> <a href="https://mastodon.thenewoil.org/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a> adds <a href="https://mastodon.thenewoil.org/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> for persistent attacks</p><p><a href="https://www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p>
Joseph Lim :mastodon:<p><a href="https://mastodon.social/tags/Vietnam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vietnam</span></a> had better not become a <a href="https://mastodon.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> into <a href="https://mastodon.social/tags/Asean" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asean</span></a> <a href="https://mastodon.social/tags/FTA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FTA</span></a> for <a href="https://mastodon.social/tags/poorquality" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>poorquality</span></a> <a href="https://mastodon.social/tags/USmeat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USmeat</span></a> tt even locals won't eat!🛑🤔</p><p>How a clause in te US-Vietnam <a href="https://mastodon.social/tags/trade" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trade</span></a> deal could upend <a href="https://mastodon.social/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asia</span></a>’s <a href="https://mastodon.social/tags/supplychains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychains</span></a><br>"Vietnam has agreed to slash its <a href="https://mastodon.social/tags/tariffs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tariffs</span></a> on <a href="https://mastodon.social/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> goods to zero, as well as address non-tariff barriers incl'g intellectual property violations. It'll also provide <a href="https://mastodon.social/tags/preferential" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>preferential</span></a> <a href="https://mastodon.social/tags/market" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>market</span></a> access for US <a href="https://mastodon.social/tags/agricultural" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agricultural</span></a> products (such as poultry, <a href="https://mastodon.social/tags/pork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pork</span></a> & beef) & unspecified <a href="https://mastodon.social/tags/industrial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>industrial</span></a> goods"<br><a href="https://www.scmp.com/economy/china-economy/article/3316920/why-1-clause-us-vietnam-trade-deal-sparking-concern-across-asia" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">scmp.com/economy/china-economy</span><span class="invisible">/article/3316920/why-1-clause-us-vietnam-trade-deal-sparking-concern-across-asia</span></a></p>
Quinn Blueheart 🔞✍️🔥<p>Check out Nick's New Toy<br><a href="https://medium.com/keeping-it-kinky/jills-first-time-butt-slut-db5a719b090d?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Medium" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/keeping-it-kinky/ji</span><span class="invisible">lls-first-time-butt-slut-db5a719b090d?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Medium</span></a><br><a href="https://smutlandia.com/tags/ShortStory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShortStory</span></a> <a href="https://smutlandia.com/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://smutlandia.com/tags/Erotica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Erotica</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload