Latest Backdoor news

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.
- Bill Toulas
- June 25, 2024
- 03:25 PM
- 2
Warmcookie Windows backdoor pushed via fake job offers

A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.
- Bill Toulas
- June 11, 2024
- 11:17 AM
- 0
JAVS courtroom recording software backdoored in supply chain attack

Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems.
- Sergiu Gatlan
- May 23, 2024
- 05:17 PM
- 0
New Latrodectus malware attacks use Microsoft, Cloudflare themes

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
- Lawrence Abrams
- April 30, 2024
- 06:08 PM
- 0
New Wpeeper Android malware hides behind hacked WordPress sites

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
- Bill Toulas
- April 30, 2024
- 12:41 PM
- 0
Hackers hijack antivirus updates to drop GuptiMiner malware

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
- Bill Toulas
- April 23, 2024
- 10:56 AM
- 0
Palo Alto Networks zero-day exploited since March to backdoor firewalls

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
- Lawrence Abrams
- April 13, 2024
- 08:35 AM
- 0
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks

Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.
- Sergiu Gatlan
- April 08, 2024
- 06:17 PM
- 1
Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
- Bill Toulas
- April 06, 2024
- 10:16 AM
- 0
New XZ backdoor scanner detects implant in any Linux binary

Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.
- Bill Toulas
- April 02, 2024
- 10:33 AM
- 0
Red Hat warns of backdoor in XZ tools used by most Linux distros

Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
- Sergiu Gatlan
- March 29, 2024
- 01:50 PM
- 2
Chinese Earth Krahang hackers breach 70 orgs in 23 countries

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.
- Bill Toulas
- March 18, 2024
- 04:49 PM
- 0
Stealthy GTPDOOR Linux malware targets mobile operator networks

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.
- Bill Toulas
- March 03, 2024
- 10:16 AM
- 2
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
- Bill Toulas
- February 12, 2024
- 11:20 AM
- 0
New RustDoor macOS malware impersonates Visual Studio update

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
- Bill Toulas
- February 09, 2024
- 10:53 AM
- 1
More Android apps riddled with malware spotted on Google Play

An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.
- Bill Toulas
- February 01, 2024
- 01:19 PM
- 1
Blackwood hackers hijack WPS Office update to install malware

A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
- Bill Toulas
- January 25, 2024
- 03:30 PM
- 0
Microsoft: Iranian hackers target researchers with new MediaPl malware

Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware.
- Sergiu Gatlan
- January 17, 2024
- 03:39 PM
- 0
Russian military hackers target Ukraine with new MASEPIE malware

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
- Bill Toulas
- December 28, 2023
- 12:43 PM
- 0
Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
- Sergiu Gatlan
- December 21, 2023
- 03:28 PM
- 0