Check Point Research demonstrated that cloud-based static analysis with ChatGPT (using exported IDA data) combined with occasional MCP-assisted runtime checks can drastically accelerate reverse engineering of heavily obfuscated XLoader 8.0, enabling rapid recovery of keys, decrypted functions, strings, and C2 domains. The workflow reduced many manual steps (triage, deobfuscation, scripting, validation) from days to hours while still requiring targeted human adjustments for scattered key derivation and sample-specific quirks. #XLoader #RC4 #ChatGPT
Tag: MACOS
Google has rolled out Chrome 142 with patches for 20 vulnerabilities, some of which could be exploited for remote code execution. Google paid a total of $130,000 in bug bounties for the critical security fixes. #V8JavaScript #ChromeSecurity…
Datadog observed a rise in supply-chain and developer-tooling attacks in Q3 2025, including widespread npm account compromises via phishing and a self-replicating npm worm (Shai-Hulud) that exfiltrated GitHub tokens and propagated across packages. The report also highlights malicious VS Code extensions, AI-assisted malware (e.g., LameHug) using external LLM APIs, and persistent risks from long-lived cloud credentials and fraudulent deepfake job profiles. #Shai-Hulud #S1ngularity
![Cybersecurity News | Daily Recap [31 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [31 Oct 2025]")
Daily Recap, A ransomware attack impacted Conduent and 10.5 million people, highlighting extortion and data-exfiltration risks, while law enforcement and threat groups drive attribution updates across Conti, AdaptixC2, and exploits sales networks. The week also covered China-linked APT intrusions, Bronze Butler, Ribbon breaches, and diverse vulnerability advisories affecting VMware, XWiki, Docker, Jenkins, and iMessage, with ongoing ICS disruptions in Canada and rising NFC relay malware across Europe.
#Conduent #Conti #AdaptixC2 #BronzeButler #Ribbon #XWiki #VMware #Docker #Jenkins #iMessage #ICS #BadCandy #Meduza #EclipseOpenVSX
A series of coordinated supply chain attacks (s1ngularity, Qix compromise, and Shai-Hulud) abused GitHub Actions and long-lived tokens to publish malicious npm packages and exfiltrate secrets, exposing thousands of repositories and leaking over 2,000 unique secrets. The incidents highlight phishing, unrotated credentials, and CI/CD workflow weaknesses as root causes and prompted mitigations like token rotation, GitHub hardening, and tools such as GuardDog and Supply-Chain Firewall. #s1ngularity #Shai-Hulud
ThreatLocker’s new DAC for macOS helps organizations identify and fix configuration vulnerabilities before they are exploited. This tool enhances security visibility for Mac devices, making compliance easier across multiple security frameworks. #ThreatLocker #DACforMacOS…
Kaspersky’s GReAT team revealed new tactics used by BlueNoroff, a subdivision of North Korea’s Lazarus Group, including campaigns GhostCall and GhostHire that leverage AI for advanced malware deployment. These operations target organizations involved in cryptocurrency, blockchain, and tech sectors across multiple continents, highlighting the increasing sophistication of cyber threats. #BlueNoroff #GhostCall…
Silent Push analysts discovered threat actors abusing the open-source AdaptixC2 post-exploitation framework to deliver malicious payloads, including via the CountLoader loader, and observed a surge in its use within global ransomware campaigns. The report highlights a likely developer/maintainer using the handle “RalfHacker” with Russian-language channels and ties to the Russian criminal…
Ten malicious npm packages mimicking legitimate projects have been found to download a powerful infostealer capable of stealing sensitive data across multiple operating systems. Despite being reported, these packages remain available, highlighting the ongoing threat posed by typosquatting and sophisticated obfuscation techniques. #npmpackages #typosquatting
Daily Recap, Russian-linked actors used living-off-the-land techniques to breach Ukrainian organizations, while BlueNoroff leveraged AI-enhanced espionage on macOS to social-engineer victims. Major vulnerabilities and breaches, from Tomcat flaws to DELMIA alarms, underscore rapid attack surface expansion across industries. #RussianBreaches #BlueNoroffAI #TomcatFlaws #DELMIAWarning #ConduentBreach #DentsuMerkle #RavinAcademy #UKAfghanLeak
Security researchers uncovered a campaign involving typosquatted npm packages that execute malicious payloads on installation to steal credentials. This campaign used obfuscated multi-platform binaries, social engineering techniques, and IP fingerprinting to compromise systems before exfiltrating sensitive data. #npmTyposquatting #CredentialStealer…
Socket Threat Research Team discovered 10 malicious typosquatted npm packages that use a multi-stage, cross-platform credential stealer distributed via npm postinstall hooks and a 24MB PyInstaller binary. The campaign uses four layers of JavaScript obfuscation, a fake CAPTCHA social-engineering step, IP fingerprinting, and exfiltration to C2 server 195[.]133[.]79[.]43. #data_extracter #195.133.79.43
Privileged access is the primary pathway attackers use to achieve high-impact compromises, and protecting both human and non-human privileged identities across on-premises and cloud environments is essential. Mandiant recommends a defense-in-depth PAM strategy—tiering, least privilege, PAWs, MFA, secrets management, detection (high-fidelity session telemetry and anomaly analytics), and practiced response including coordinated credential rotation—to reduce dwell time and blast radius. #Mandiant #GoogleSecOps
North Korean APT group BlueNoroff has launched sophisticated cyber-espionage and financial theft campaigns using social engineering, AI, and multi-platform malware. Their operations now include AI-enhanced visuals, macOS targeting, and complex infection chains to evade detection and steal valuable data. #BlueNoroff #GhostCall #GhostHire #DownTroy #SilentSiphon…
Threat actors linked to North Korea are conducting sophisticated cyber campaigns targeting Web3, blockchain, and tech sectors using deception and malware. These campaigns, GhostCall and GhostHire, employ fake meetings, phishing sites, and malware payloads to compromise macOS, Windows, and Linux systems. #LazarusGroup #GhostCall #GhostHire #SnatchCrypto #BlueNoroff…