backdoor

Security Alert: Cemu Emulator Linux Releases Compromised via GitHub Backdoor (May 2026) Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Security Alert: Cemu Emulator Linux Releases Compromised via GitHub Backdoor (May 2026)

Do Son May 13, 2026

The renowned open-source Wii U emulator, Cemu, has promulgated a security bulletin detailing a sophisticated compromise of...

The Claude AI Trap: Sophos Uncovers Undocumented Backdoor Hiding in Fake “Pro” Lure Claude AI Malware DonutLoader Backdoor

Claude AI Malware DonutLoader Backdoor

The Claude AI Trap: Sophos Uncovers Undocumented Backdoor Hiding in Fake “Pro” Lure

Do Son May 11, 2026

As the popularity of generative AI tools soars, cybercriminals are increasingly capitalizing on the hype to deploy...

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill

Do Son April 24, 2026

Cisco Talos has released a critical update on the threat actor known as UAT-4356 (also associated with...

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor

Do Son April 1, 2026

The Google Threat Intelligence Group (GTIG) has issued an urgent warning regarding a sophisticated software supply chain...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Do Son March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

Fake GitHub Repositories Unleash BoryptGrab Stealer and TunnesshClient Backdoor TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Fake GitHub Repositories Unleash BoryptGrab Stealer and TunnesshClient Backdoor

Do Son March 9, 2026

Security researchers from TrendMicro have identified a sophisticated new threat actor utilizing SEO-optimized GitHub repositories to distribute...

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit

Do Son January 23, 2026

A critical security incident has rocked the WordPress community after a “backdoor” vulnerability was discovered in the...

New Campaign Targets FortiGate Firewalls with Unauthorized Config Changes BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

New Campaign Targets FortiGate Firewalls with Unauthorized Config Changes

Do Son January 22, 2026

A fresh wave of automated cyberattacks is targeting FortiGate firewalls, exploiting unauthorized access to create backdoors and...

The Christmas Heist: How Shai-Hulud Hijacked Trust Wallet for an $8.5M Score Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

The Christmas Heist: How Shai-Hulud Hijacked Trust Wallet for an $8.5M Score

Do Son December 31, 2025

Earlier, Binance-owned non-custodial crypto wallet Trust Wallet fell victim to a hacking incident in which attackers, through...

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

lotusbail, npm Supply Chain Attack

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

Do Son December 25, 2025

A new investigation by Koi Security has exposed a highly sophisticated supply chain attack lurking in the...

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits Webrat Malware, Fake PoC Exploits

Webrat Malware, Fake PoC Exploits

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits

Do Son December 24, 2025

A cunning malware campaign initially designed to trick gamers has evolved into a dangerous trap for aspiring...

AI-Generated Decoys & XLL Stealth: Inside the New “EchoGather” Cyber Espionage Campaign AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AI-Generated Decoys & XLL Stealth: Inside the New “EchoGather” Cyber Espionage Campaign

Do Son December 23, 2025

A cyber-espionage group known for hunting Russian organizations has upgraded its arsenal, deploying malicious Excel add-ins to...

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group NANOREMOTE Google Drive C2, FINALDRAFT Link

NANOREMOTE Google Drive C2, FINALDRAFT Link

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group

Do Son December 15, 2025

Elastic Security Labs has uncovered a sophisticated new Windows backdoor that leverages the trusted infrastructure of Google...

Silent Supply Chain Attack: Malicious Go Typosquat Siphoned Data to Pastebin for Four Years Undetected Go Typosquatting, Pastebin Exfiltration

Go Typosquatting, Pastebin Exfiltration

Silent Supply Chain Attack: Malicious Go Typosquat Siphoned Data to Pastebin for Four Years Undetected

Do Son December 9, 2025

The Socket Threat Research Team has uncovered a malicious Go package that operated undetected for over four...

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks Rust Crates.io Backdoor, EVM Stealth Loader

Rust Crates.io Backdoor, EVM Stealth Loader

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks

Do Son December 3, 2025

A seemingly innocent utility for Ethereum developers has been unmasked as a sophisticated stealth loader. The Socket...

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Do Son November 21, 2025

The AhnLab Security Intelligence Center (ASEC) has uncovered an active exploitation campaign in which threat actors weaponized...

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices PolarEdge TLS Backdoor, Custom C2

PolarEdge TLS Backdoor, Custom C2

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices

Do Son October 15, 2025

Sekoia Threat Detection & Response (TDR) researchers have published an in-depth technical analysis of the PolarEdge Backdoor,...

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates

Do Son October 3, 2025

The WARMCOOKIE backdoor has resurfaced with new features, expanded infrastructure, and updated delivery mechanisms, according to a...

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access

Do Son October 1, 2025

The security of the open-source software supply chain was once again tested when JFrog’s security research team...

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days

Do Son September 26, 2025

Google Threat Intelligence Group (GTIG) and Mandiant Consulting have released new findings on BRICKSTORM, a backdoor malware...