backdoor

Cisco email security appliances rooted and backdoored via still unpatched zero-day

December 17, 2025

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November …

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

December 2, 2025

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running …

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

September 26, 2025

A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and …

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

August 29, 2025

A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in …

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) – updated!

August 26, 2025

Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been …

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

August 12, 2025

The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian …

WinRAR zero-day exploited by RomCom hackers in targeted attacks

August 11, 2025

ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components …

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

July 16, 2025

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, …

Stealthy backdoor found hiding in SOHO devices running Linux

June 23, 2025

SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader …

Cozy Bear targets EU diplomats with wine-tasting invites (again)

April 16, 2025

APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. …

Beware fake AutoCAD, SketchUp sites dropping malware

April 3, 2025

Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer …

RansomHub affiliate leverages multi-function Betruger backdoor

March 20, 2025

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The …