Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems.

HackRead
Open in Source
#windows#nodejs#js#git#backdoor
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a

Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3). Google addressed the flaw later that month after Kaspersky reported in-the-wild

Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.

Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and…

The 2024 Red Hat Product Security Risk Report: CVEs, XZ Backdoor, SSCAs, AI…oh my!

Grab a large sweet tea or a cup of coffee and read the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. The numbers game: up, up, and...wait, what?First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the pa

Backdoored Malware Reels in Newbie Cybercriminals

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

We found that cybercriminals are preparing for the impending holiday season with a redirect campaign leading to AsyncRAT.