Published on: 2025-04-19 23:44:40
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware. Though this isn't the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an
Keywords: clickfix interlock malicious ransomware sekoia
Find related items on AmazonPublished on: 2025-04-22 17:00:21
Damn Vulnerable Model Context Protocol (DVMCP) A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes. Overview The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors. This project is intended for security researchers, developers, and
Keywords: challenges malicious mcp project tool
Find related items on AmazonPublished on: 2025-04-24 03:43:00
In context: Prompt injection is an inherent flaw in large language models, allowing attackers to hijack AI behavior by embedding malicious commands in the input text. Most defenses rely on internal guardrails, but attackers regularly find ways around them – making existing solutions temporary at best. Now, Google thinks it may have found a permanent fix. Since chatbots went mainstream in 2022, a security flaw known as prompt injection has plagued artificial intelligence developers. The problem
Keywords: camel language malicious models untrusted
Find related items on AmazonPublished on: 2025-05-12 03:17:13
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these bot
Keywords: actors domain flux malicious records
Find related items on AmazonPublished on: 2025-05-15 11:46:50
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. The popular static analysis tool SpotBugs was breached in November 2024, leading to the compromise of Reviewdog, which subsequently led to the infection of tj-actions/changed-files. The multi-step supply chain attack eventually exposed secrets in 218 repositories, while the late
Keywords: actions attack attacker chain malicious
Find related items on AmazonPublished on: 2025-05-21 23:06:04
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code. "The fact that we've seen so many infections inside mu-plugins suggests that attackers are actively targeting this directory as a persis
Keywords: code malicious mu page plugins
Find related items on AmazonPublished on: 2025-05-22 05:20:38
The cr.yp.to blog 2014.02.05: Entropy Attacks! The conventional wisdom says that hash outputs can't be controlled; the conventional wisdom is simply wrong. The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good. But what if z comes f
Keywords: entropy malicious random randomness source
Find related items on AmazonPublished on: 2025-05-25 19:22:41
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute
Keywords: downloads malicious npm packages version
Find related items on AmazonPublished on: 2025-05-26 19:43:38
WhataWin/Getty Images On March 10, X experienced multiple outages, with tens of thousands of users reporting the social site was down for them. Later that day, after multiple failures, X came back online. What caused this? While the pro-Palestinian hacking collective known as Dark Storm Team claimed responsibility on Telegram for a distributed denial of service (DDoS) attack against X, we can't be sure they're responsible. Also: Microsoft's new AI agents aim to help security pros combat the l
Keywords: attack attacks ddos malicious traffic
Find related items on AmazonPublished on: 2025-05-28 10:53:47
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, none of it warranted a detailed writeup. Then March rolled around, and two very interesting packages were published on npm: ethers-provider2 and ethers-providerz. These were simple downlo
Keywords: ethers malicious npm package provider2
Find related items on AmazonPublished on: 2025-06-04 02:16:09
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns. This type of “cascading fraud” has been gaining traction recently, as Malwarebytes uncovered in January a similar operation where fake Google Ads hosted on Google Site
Keywords: ads campaign google malicious semrush
Find related items on AmazonPublished on: 2025-06-14 09:19:29
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as "highly targeted" in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth apps Source: Proofpoint These apps request access to less sensitive permiss
Keywords: apps malicious microsoft oauth proofpoint
Find related items on AmazonPublished on: 2025-06-12 06:00:00
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. The campaign started in December 2024 and continues today, targeting employees at hospitality organizations such as hotels, travel agencies, and other businesses that use Booking.com for reservations. The threat actors' goal is to hijack employee accounts on the Booking.com platform and
Keywords: booking clickfix com malicious microsoft
Find related items on AmazonPublished on: 2025-06-20 18:51:00
In a nutshell: A new cyber threat tactic has emerged, leveraging social engineering to trick users into infecting their own systems with malware. Recently highlighted by Malwarebytes, this method disguises malicious tools as CAPTCHA requests. In reality, these files – often media or HTML-based – are designed to steal personal information or function as remote access trojans. The attack typically begins when visitors to a website are prompted to verify they are not robots, a common practice that
Keywords: command malicious malware verification websites
Find related items on AmazonPublished on: 2025-06-21 17:42:19
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages i
Keywords: code malicious malware package packages
Find related items on AmazonPublished on: 2025-06-29 12:11:16
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular "python-utils," which has over 712 million downloads, and "utils," which counts over 23.5 million installs. Researchers from the developer cybersecurity platform Socket discovered the malicious package and reported that
Keywords: ethereum malicious package stolen utils
Find related items on AmazonPublished on: 2025-06-30 01:19:53
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. Shape-shifting Chrome extensions The attack begins with the submission of the malicious polymorphic extension
Keywords: chrome extension extensions malicious squarex
Find related items on AmazonPublished on: 2025-07-04 11:17:18
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely. The activity was discovered by Proofpoint in October 2024, which states that the attacks are linked to a threat actor named 'UNK_CraftyCamel.' While the cam
Keywords: archive file malicious pdf proofpoint
Find related items on AmazonPublished on: 2025-07-05 21:06:50
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom. The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game. All of this alleged project functionality was fake, and cybercrimin
Keywords: code kaspersky malicious repositories research
Find related items on AmazonPublished on: 2025-07-13 23:10:49
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been disabled. The publisher, Mattia Astorino (aka equinusocio), has multiple extensions on the VSCode marketplace, totaling over 13 mil
Keywords: code extensions malicious microsoft theme
Find related items on AmazonPublished on: 2025-07-14 11:59:36
A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. Deezer is a music streaming service available in 180 countries that offers access to over 90 million tracks, playlists, and podcasts. It is offered via an ad-supported free tier or paid subscriptions that support higher audio quality and offline listening. Security firm Socket discovered the
Keywords: automslc deezer malicious package service
Find related items on AmazonPublished on: 2025-07-12 03:04:40
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, that detects and alerts on suspicious code in pull requests (PRs). According to Apiiro's security researcher Matan Gilad
Keywords: apiiro code detection malicious prevent
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.