Chaos RAT is an open-source remote administration tool written in Golang that targets Windows and Linux systems, offering extensive capabilities such as file management, remote shell, and command execution. Recent analysis uncovered new variants, a critical vulnerability in its web panel enabling remote code execution, and its use in real-world attacks disguised as a Linux network troubleshooting utility. #ChaosRAT #CVE-2024-30850 #CVE-2024-31839
Tag: MACOS
A new variant of the Atomic macOS Stealer (AMOS) campaign uses typo-squatted domains mimicking Spectrum to deliver malicious payloads targeting macOS users by harvesting system passwords. The campaign is linked to Russian-speaking cybercriminals and employs multi-platform social engineering tactics with poorly implemented logic in its delivery infrastructure. #AtomicMacOSStealer #SpectrumTyposquatting #RussianCybercriminals
A malicious campaign named Phantom Enigma targets Brazilian users primarily through phishing emails distributing malicious browser extensions and Mesh Agent malware. The attackers use compromised company servers to send phishing emails and deploy sophisticated scripts to capture banking credentials, focusing on Banco do Brasil customers. #PhantomEnigma #MeshAgent #BancoDoBrasil
OtterCookie is a new stealer malware linked to the North Korean Lazarus Group, distributed via fake freelance job offers targeting professionals in tech, finance, and cryptocurrency sectors. It steals browser credentials, macOS keychains, and crypto wallets before exfiltrating data to a U.S.-based server and deploying a second-stage payload called InvisibleFerret. #OtterCookie…
Google announces it will stop trusting certificates issued by Chunghwa Telecom and Netlock due to concerning behavior patterns. This change impacts all TLS server certificates issued after July 31, 2025, and aims to improve internet trust and security. #ChunghwaTelecom #Netlock…
Google released Chrome 137 to fix three security vulnerabilities, including a high-severity zero-day actively exploited in the wild. The most critical flaw, CVE-2025-5419, involves an out-of-bounds read/write in the V8 engine, potentially leading to remote code execution. #CVE-2025-5419 #V8Engine #GoogleThreatAnalysisGroup…
Google has released urgent updates for Chrome to fix three security vulnerabilities, including one actively exploited in the wild. The critical flaw, CVE-2025-5419, allows remote code execution through heap corruption, prompting immediate user updates. #CVE-2025-5419 #V8JavaScript #ChromeUpdate…
This cybersecurity update highlights recent active threats, including APT41’s use of Google Calendar for command-and-control and the takedown of services aiding malware obfuscation. Key incidents involve nation-state cyberattacks, vulnerabilities in popular software, and innovative malware such as GhostSpy and Lumma Stealer. #APT41 #VoidBlizzard…
Google announced that Chrome will stop trusting certificates issued by Chunghwa Telecom and Netlock due to concerns over their reliability. This change aims to protect users from potential security threats associated with these CAs, effective after July 31, 2025. #ChunghwaTelecom #Netlock #Chrome139 #TLSCertificates #BrowserSecurity…
This guide emphasizes the critical role of manual penetration testing within the DevSecOps pipeline for identifying complex security flaws and chained vulnerabilities. It highlights models, tools, and real-world incidents to demonstrate why manual PT is an indispensable security gate. #EquifaxDataBreach #CapitalOneAWS #UberGitHubLeak #FacebookLogicFlaw
A new Rust-based info stealer called EDDIESTEALER is spreading via ClickFix social engineering tactics involving fake CAPTCHA pages. It collects sensitive data from infected hosts and employs sophisticated evasion techniques, showing the increasing trend of malware developed in modern programming languages. #EDDIESTEALER #RustMalware…
A global network of fake download sites used by the “Dark Partner” threat actors distributes Poseidon and Lumma infostealers to steal cryptocurrency and sensitive data. Law enforcement actions have disrupted parts of this operation, but the threat remains active across multiple platforms. #DarkPartner #PoseidonStealer
Google and Mozilla have released updates for Chrome 137 and Firefox 139, fixing a total of 21 vulnerabilities, including critical high-severity bugs. Users are urged to update their browsers promptly to mitigate potential exploitation threats. #Chrome137 #Firefox139 #MemorySafetyBugs #ZeroDayVulnerabilities…
A malicious WordPress plugin disguised as “Yoast SEO” injected a fake Java update popup to trick non-admin visitors into downloading malware from a suspicious domain. The plugin hid itself from the admin dashboard, monitored downloaded files’ execution, and notified attackers via Telegram. #WordPressPlugin #FakeJavaUpdate #HacktoolTrojan
A threat actor is actively distributing malicious NPM packages that collect and send detailed system information to a Discord webhook, targeting developers across Windows, Linux, and macOS. This campaign could facilitate future network intrusions and supply chain attacks by exposing internal infrastructure details. #NPM #CyberThreats…