New versions of Chaos RAT target Windows and Linux systems – Source: securityaffairs.com https://ciso2ciso.com/new-versions-of-chaos-rat-target-windows-and-linux-systems-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CyberCrime #Cybercrime #ChaosRAT #hacking #Malware

How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme

A malicious campaign exploits user trust through deceptive websites, including spoofed Gitcodes and fake Docusign verification pages. Victims are tricked into running malicious PowerShell scripts on their Windows machines, leading to the installation of NetSupport RAT. The multi-stage attack uses clipboard poisoning and fake CAPTCHAs to deliver the malware. The campaign involves multiple domains, uses ROT13 encoding, and creates persistent infections. Similar techniques were observed in other spoofed content, including Okta and popular media apps. The attack capitalizes on user familiarity with common online interactions, emphasizing the need for vigilance and skepticism in online activities.

Pulse ID: 684209ff0c889eabbed70e8b
Pulse Link: https://otx.alienvault.com/pulse/684209ff0c889eabbed70e8b
Pulse Author: AlienVault
Created: 2025-06-05 21:19:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Supply chain attack hits RubyGems to steal Telegram API data – Source: www.csoonline.com https://ciso2ciso.com/supply-chain-attack-hits-rubygems-to-steal-telegram-api-data-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CSOonline #CSOOnline #Security #Malware #APIs

Using an SSH credential brute-force attack, Go-based PumaBot is exploiting IoT devices everywhere
https://www.linux-magazine.com/Online/News/Go-Based-Botnet-Attacking-IoT-Devices?utm_source=mlm
#malware #PumaBot #IoT #security #SSH #systemd #firewall

ViperSoftX Malware Enhances Modularity, Stealth, and Persistence Techniques https://gbhackers.com/vipersoftx-malware-enhances-modularity/ #CyberSecurityNews #cybersecurity #Malware

Nearly 94 Billion Stolen Cookies Found on Dark Web https://hackread.com/nearly-94-billion-stolen-cookies-on-dark-web/ #Cybersecurity #Infostealer #CyberCrime #Security #DarkWeb #Cookies #DarkNet #darkweb #Malware #NordVPN #Privacy #Redline

ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware https://hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/ #CyberAttack #Bookingcom #CyberCrime #Security #ClickFix #Malware #Fraud #Scam

It's 9pm, I'm talking tomorrow at BSides Kristiansand. Guess what I'm doing tonight?

#bsides-kristiansand #speaker #hack #security #AI #malware

WordPress Admins Cautioned About Fake Cache Plugin Stealing Admin Credentials https://gbhackers.com/wordpress-admins-cautioned-about-fake-cache-plugin/ #CyberSecurityNews #cybersecurity #Wordpress #Malware

PHISHING DETECTED

Suspicious URL: uni-swaps.net
Host: 66.33.60.35 (AMAZON-02, US)
Analysis at: https://urlscan.io/result/01974151-05b4-727a-935c-e9ed962586ba/

PHISHING DETECTED

Suspicious URL: support@powsun.com
Analysis at: https://urlscan.io/result/0197414d-75a1-719f-bc65-036099807463/

PHISHING DETECTED

Suspicious URL: gbnahea@asiaholidays.nz
Host: 49.50.249.4 (ACCELERO-AP Accelero Limited, NZ)
Analysis at: https://urlscan.io/result/01974146-ed70-744e-93b1-e7493b5b8d2b/

FormBook Malware Delivered through Malicious Excel Files

Researchers has identified a phishing campaign leveraging a legacy Microsoft
Office vulnerability CVE-2017-0199 to distribute FormBook an infostealer
malware.

Pulse ID: 6841d7edb944ae3c43b7875e
Pulse Link: https://otx.alienvault.com/pulse/6841d7edb944ae3c43b7875e
Pulse Author: cryptocti
Created: 2025-06-05 17:46:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

If Cloudflare didn’t automatically catch a credential stuffing or brute-force attack until someone manually enabled "Under Attack Mode," that tells us a few important things — and it means the current setup can be tuned for faster, smarter protection.
This article breaks down wh...

Read more here https://bitskingdom.com/.../cloudflare-defense-brute.../

Be Careful With Fake Zoom Client Downloads

A deceptive email containing a fake Zoom meeting invitation has been identified. Clicking the 'join' button leads to a website prompting users to install a purported Zoom client update. The downloaded executable, 'Session.ClientSetup.exe', is actually malware that installs an MSI package. This package deploys ScreenConnect, a remote access tool, allowing attackers to gain unauthorized access to the victim's computer. The malware establishes persistence by installing itself as a service and connects to a command and control server at tqtw21aa.anondns.net on port 8041. Users are advised to exercise caution when receiving unexpected Zoom invitations or update prompts.

Pulse ID: 6841b92a2822d337bdf7bf39
Pulse Link: https://otx.alienvault.com/pulse/6841b92a2822d337bdf7bf39
Pulse Author: AlienVault
Created: 2025-06-05 15:35:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Newly identified wiper malware 'PathWiper' targets critical infrastructure in Ukraine

A destructive attack on Ukrainian critical infrastructure using a new wiper malware called 'PathWiper' has been observed. The attack, attributed to a Russia-nexus APT group, utilized a legitimate endpoint administration framework to deploy the wiper across connected endpoints. PathWiper overwrites file system artifacts with random data, targeting physical drives, volumes, and network shared drives. Its capabilities are similar to HermeticWiper, previously used against Ukrainian entities. The malware's sophisticated approach to identifying and corrupting connected drives and volumes distinguishes it from earlier wipers. This attack underscores the ongoing threat to Ukrainian infrastructure despite the prolonged conflict with Russia.

Pulse ID: 6841b92b694f10dda07d9db8
Pulse Link: https://otx.alienvault.com/pulse/6841b92b694f10dda07d9db8
Pulse Author: AlienVault
Created: 2025-06-05 15:35:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Operation Phantom Enigma

A malicious campaign targeting primarily Brazilian residents has been discovered, with attacks detected since early 2025. The attackers employed phishing emails, some sent from compromised company servers, to distribute malware. Two attack chains were identified: one using a malicious browser extension for Google Chrome, Microsoft Edge, and Brave, and another utilizing Mesh Agent or PDQ Connect Agent. The campaign aimed to steal authentication data from victims' bank accounts, particularly targeting Banco do Brasil customers. Over 700 downloads of the malicious extension were recorded, affecting users in Brazil, Colombia, Czech Republic, Mexico, Russia, Vietnam, and other countries. The attackers used sophisticated techniques, including virtualization checks, UAC bypass, and file deletion to evade detection.

Pulse ID: 6841cb98e410c49919c635cf
Pulse Link: https://otx.alienvault.com/pulse/6841cb98e410c49919c635cf
Pulse Author: AlienVault
Created: 2025-06-05 16:53:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

The Rise of 'Vibe Hacking' Is the Next AI Nightmare
https://www.wired.com/story/youre-not-ready-for-ai-hacker-agents/
#ycombinator #security #hackers #artificial_intelligence #hacking #cybersecurity #vulnerabilities #malware #you_re_not_ready

#unknown....but very interesting #malware #loader:

https://app.any.run/tasks/db4b4990-c941-4ba2-9d8c-2490e40ea3be

@da_667 @jane_0sint you're gonna wanna look at this...