New ‘Mistic’ RAT Opens Door to Several Ransomware Families 2026-06-24 at 14:42 By Ionut Arghire Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek. This article is an excerpt from […]
New ‘Mistic’ RAT Opens Door to Several Ransomware Families Read More »
Cybercriminals mask malicious communications through Microsoft Teams relays 2026-06-16 at 17:22 By Sinisa Markovic The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023.
Cybercriminals mask malicious communications through Microsoft Teams relays Read More »
A hardware neural network backdoor that hides in plain sight 2026-06-15 at 08:00 By Mirko Zorz Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips
A hardware neural network backdoor that hides in plain sight Read More »
This AI model backdoor attack stays hidden until you customize the model 2026-06-02 at 09:09 By Anamarija Pogorelec Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of
This AI model backdoor attack stays hidden until you customize the model Read More »
Webworm APT targets European government organizations with new backdoors 2026-05-20 at 17:48 By Anamarija Pogorelec ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations
Webworm APT targets European government organizations with new backdoors Read More »
The AI backdoor your security stack is not built to see 2026-05-18 at 09:42 By Sinisa Markovic Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from
The AI backdoor your security stack is not built to see Read More »
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 2026-05-12 at 20:12 By Zeljka Zorz Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) Read More »
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption 2026-05-01 at 15:18 By Ionut Arghire The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage. The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption Read More »
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor 2026-04-24 at 14:35 By Ionut Arghire The malware provides remote access and control of infected devices and maintains post-patching persistence. The post US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor Read More »
New Cisco firewall malware can only be killed by pulling the plug 2026-04-24 at 13:17 By Zeljka Zorz Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco
New Cisco firewall malware can only be killed by pulling the plug Read More »
GopherWhisper APT group hides command and control traffic in Slack and Discord 2026-04-23 at 12:17 By Anamarija Pogorelec Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook
GopherWhisper APT group hides command and control traffic in Slack and Discord Read More »
100 Chrome Extensions Steal User Data, Create Backdoor 2026-04-15 at 16:34 By Ionut Arghire Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure. The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
100 Chrome Extensions Steal User Data, Create Backdoor Read More »
North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,
North Korean hackers linked to Axios npm supply chain compromise Read More »
Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure 2026-03-26 at 15:52 By Ionut Arghire The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure Read More »
Iran-linked APT targets US critical sectors with new backdoors 2026-03-06 at 15:56 By Zeljka Zorz An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by
Iran-linked APT targets US critical sectors with new backdoors Read More »
‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks 2026-02-06 at 11:08 By Ionut Arghire Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users. The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek. This article is an excerpt
‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks Read More »
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 2026-01-16 at 17:05 By Zeljka Zorz Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) Read More »
Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard
Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors 2025-12-02 at 16:35 By Ionut Arghire The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors Read More »