backdoor

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks 2026-02-06 at 11:08 By Ionut Arghire Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users. The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek. This article is an excerpt […]

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks Read More »

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 2026-01-16 at 17:05 By Zeljka Zorz Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors 2025-12-02 at 16:35 By Ionut Arghire The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors Read More »

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

MuddyWater cyber campaign adds new backdoors in latest wave of attacks 2025-12-02 at 15:15 By Sinisa Markovic ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign

MuddyWater cyber campaign adds new backdoors in latest wave of attacks Read More »

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks 2025-09-26 at 14:19 By Zeljka Zorz A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) 2025-08-26 at 16:35 By Zeljka Zorz Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) Read More »

Microsoft Dissects PipeMagic Modular Backdoor

Microsoft Dissects PipeMagic Modular Backdoor 2025-08-19 at 17:07 By Ionut Arghire PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility. The post Microsoft Dissects PipeMagic Modular Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Dissects PipeMagic Modular Backdoor Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

WinRAR zero day exploited by RomCom hackers in targeted attacks

WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable

WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment

Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment 2025-07-14 at 14:54 By Ionut Arghire Vulnerabilities in Gigabyte firmware implementations could allow attackers to disable Secure Boot and execute code during the early boot phase. The post Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment appeared first on SecurityWeek. This article is an excerpt

Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment Read More »

Stealthy backdoor found hiding in SOHO devices running Linux

Stealthy backdoor found hiding in SOHO devices running Linux 2025-06-23 at 11:02 By Mirko Zorz SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to

Stealthy backdoor found hiding in SOHO devices running Linux Read More »

Encryption Backdoors: The Security Practitioners’ View

Encryption Backdoors: The Security Practitioners’ View 2025-06-19 at 14:08 By Kevin Townsend After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high. The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Encryption Backdoors: The Security Practitioners’ View Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Backdoored Open Source Malware Repositories Target Novice Cybercriminals

Backdoored Open Source Malware Repositories Target Novice Cybercriminals 2025-06-05 at 16:32 By Ionut Arghire A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters. The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Backdoored Open Source Malware Repositories Target Novice Cybercriminals Read More »

MITRE Hackers’ Backdoor Has Targeted Windows for Years

MITRE Hackers’ Backdoor Has Targeted Windows for Years 2025-04-17 at 12:02 By Ionut Arghire Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek. This article is an excerpt

MITRE Hackers’ Backdoor Has Targeted Windows for Years Read More »

Cozy Bear targets EU diplomats with wine-tasting invites (again)

Cozy Bear targets EU diplomats with wine-tasting invites (again) 2025-04-16 at 17:40 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume

Cozy Bear targets EU diplomats with wine-tasting invites (again) Read More »

Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild

Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild 2025-04-16 at 14:55 By Ionut Arghire In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally. The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek. This article is an

Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild Read More »

Scroll to Top