Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT'

TAG-150 is running a multifaceted and relatively successful malware-as-a-service operation, without advertising itself on the Dark Web.

DARKReading
Open in Source
#web
Nexar dashcam video database hacked

A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’ cars,...

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell," Recorded Future Insikt Group

Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user (www-data) or accessible through a command injection vector, an attacker can overwrite or replace them with malicious payloads. Upon execution with sudo, these scripts run with elevated privileges, allowing the attacker to gain full root access remotely.

GHSA-hfrj-3w3g-jv32: TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.

GHSA-ph2w-cx28-vhrq: TkEasyGUI Affected by Uncontrolled Search Path Element Issue

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.

Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook

APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.

Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms

A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and…

US Congressman’s Brother Lands No-Bid Contract to Train DHS Snipers

DHS says retired Marine sniper Dan LaLota’s firm is uniquely qualified to meet the government’s needs. LaLota tells WIRED his brother, GOP congressman Nick LaLota, played no role in the contract.

Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is