Google Threat Intelligence Group (GTIG) observed North Korean actor UNC5342 use EtherHiding—storing and retrieving malicious JavaScript payloads from smart contracts on BNB Smart Chain and Ethereum—to deliver JADESNOW and ultimately the INVISIBLEFERRET backdoor, enabling cryptocurrency theft and data exfiltration. The campaign leverages social engineering (fake interviews, malicious repo downloads), centralized API providers for blockchain reads, and frequent on-chain updates to evade takedowns and complicate mitigation. #UNC5342 #JADESNOW #INVISIBLEFERRET
Tag: MACOS
Recorded Future’s Insikt Group identified sixteen high-impact vulnerabilities in September 2025 that should be prioritized for remediation, a slight decrease from August’s eighteen, with Cisco and TP-Link accounting for six of the sixteen issues and several vulnerabilities enabling RCE or command injection. Threat actors exploited Cisco ASA flaws (CVE-2025-20333, CVE-2025-20362) to deploy RayInitiator and LINE VIPER and abused Sitecore CVE-2025-53690 to deliver WEEPSTEEL, EARTHWORM, and SharpHound. #CVE-2025-20333 #CVE-2025-53690
A malicious npm package named https-proxy-utils was published and used to deliver the AdaptixC2 post-exploitation agent via a post-install script that deployed OS-specific payloads for Windows, macOS, and Linux. The campaign abused trusted open-source package names and supply-chain mechanisms, using DLL sideloading on Windows, LaunchAgents on macOS, and /tmp delivery on Linux to achieve persistence and remote access. #AdaptixC2 #https-proxy-utils
CrowdStrike observed active exploitation of Git vulnerability CVE-2025-48384 where attackers used malicious .gitmodules with trailing carriage returns and recursive cloning to achieve arbitrary file writes and execute malicious post-checkout hooks. The campaign leveraged social engineering to distribute malicious repositories and highlights the need for timely Git patching and detection/response controls. #CVE-2025-48384…
A Cisco Talos report unveils a malicious campaign linked to North Korea’s Famous Chollima group, targeting developers through fake job offers and trojanized open-source tools. The campaign leverages malware families BeaverTail and OtterCookie to steal cryptocurrency wallets, keystrokes, and sensitive data across multiple platforms. #FamousChollima #BeaverTail #OtterCookie #NPM #SupplyChainAttack…
Microsoft has announced that Office 2016 and Office 2019 have reached the end of support, increasing vulnerability risks for users. They urge upgrading to supported versions like Microsoft 365 Apps or Office 2024 to maintain security and compliance. #Office2016 #Office2019 #Microsoft365 #Office2024
Cisco Talos uncovered a campaign linked to the Famous Chollima cluster that delivered merged BeaverTail and OtterCookie tooling via a trojanized Node.js package (“node-nvm-ssh”) and a modified Chessfi repository, resulting in keylogging, screenshotting, credential and cryptocurrency theft. The report details new OtterCookie modules (keylogger, screenshotter, clipboard theft), C2 infrastructure, delivery vectors…
UNC5142 is a sophisticated threat actor that leverages blockchain smart contracts and compromised WordPress websites to distribute information-stealing malware such as Atomic, Lumma, Rhadamanthys, and Vidar on both Windows and macOS platforms. Their evolving multi-layered infrastructure and innovative use of blockchain technology enhance their operational resilience and evasion capabilities. #UNC5142 #EtherHiding…
A North Korean-linked threat group has adopted the EtherHiding technique to spread malware and steal cryptocurrencies, marking a notable escalation in cyberattack methods. This campaign involves sophisticated social engineering and multi-stage malware targeting various operating systems to access sensitive data and digital assets. #NorthKorea #EtherHiding…
Adobe has released security updates fixing over 35 vulnerabilities across its suite of products, including Adobe Connect, Creative Cloud, and Magento. These patches address critical issues such as cross-site scripting, open redirects, and privilege escalation, urging users to update promptly. #AdobeConnect #MagentoOpenSource…
The recent SonicWall SSL VPN account compromises highlight a widespread campaign exploiting configuration files and credentials. Organizations are urged to tighten security measures and monitor for suspicious activities. #SonicWallDataBreach #MySonicWall…
The Socket Threat Research Team warns of ongoing North Korean cyber operations exploiting open-source npm packages to target Web3 and blockchain developers. These campaigns involve sophisticated supply chain attacks, fake personas, and malicious package impersonations linked to significant cryptocurrency theft. #NorthKoreanThreatActors #npmSupplyChain…
Apple is expanding and redesigning its bug bounty program, offering higher payouts and new research categories to incentivize security researchers. The new rewards aim to combat sophisticated spyware and zero-click attacks, with total payouts potentially exceeding $5 million. #Apple #BugBounty #Spyware #ZeroClickAttacks #MemoryIntegrity
Microsoft is addressing a bug in Defender for Endpoint that incorrectly labels SQL Server 2017 and 2019 as end-of-life products. The issue was caused by a recent code change, and a fix has already been deployed to correct the misclassification. #Microsoft #DefenderforEndpoint #SQLServer #VulnerabilityManagement
Metadata consists of invisible data embedded within files that can reveal personal information such as location, device details, and editing history. Managing and removing metadata is crucial for maintaining online privacy and preventing unintentional data sharing. #ExifCleaner #ExifTool #MetadataProtection