Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3). Google addressed the flaw later that month after Kaspersky reported in-the-wild

The Hacker News
Open in Source
#vulnerability#google#backdoor#zero_day#chrome#The Hacker News
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.

Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and…

The 2024 Red Hat Product Security Risk Report: CVEs, XZ Backdoor, SSCAs, AI…oh my!

Grab a large sweet tea or a cup of coffee and read the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. The numbers game: up, up, and...wait, what?First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the pa

Backdoored Malware Reels in Newbie Cybercriminals

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

We found that cybercriminals are preparing for the impending holiday season with a redirect campaign leading to AsyncRAT.

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

New Botnet Plants Persistent Backdoors in ASUS Routers

Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.