The Socel Director @admin

49 posts35 participants5 posts today

**Pyrzout** @jos1264@social.skynetcloud.site · 2h

Pyrzout @jos1264@social.skynetcloud.site

Microsoft Warns of Node.js Abuse for Malware Delivery – Source: www.securityweek.com https://ciso2ciso.com/microsoft-warns-of-node-js-abuse-for-malware-delivery-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #securityweek #Malware #Nodejs

CISO2CISO.COM & CYBER SECURITY GROUP · 2hMicrosoft Warns of Node.js Abuse for Malware Delivery – Source: www.securityweek.comSource: www.securityweek.com - Author: Eduard Kovacs Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware

**OTX Bot** @techbot@social.raytec.co · 4h

OTX Bot @techbot@social.raytec.co

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, threat actors have been leveraging Node.js to deliver malware and payloads for information theft and data exfiltration. A recent malvertising campaign uses cryptocurrency trading themes to lure users into downloading malicious installers. The attack chain includes initial access, persistence, defense evasion, data collection, and payload delivery. The malware gathers system information, sets up scheduled tasks, and uses PowerShell for various malicious activities. Another emerging technique involves inline JavaScript execution through Node.js. Recommendations include educating users, monitoring Node.js execution, enforcing PowerShell logging, and implementing endpoint protection.

Pulse ID: 67fec5ac1e94a608250d9aa2
Pulse Link: https://otx.alienvault.com/pulse/67fec5ac1e94a608250d9aa2
Pulse Author: AlienVault
Created: 2025-04-15 20:46:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

#CyberSecurity #Endpoint #InfoSec

**Chema Alonso** @chemaalonso@ioc.exchange · 4h

Chema Alonso @chemaalonso@ioc.exchange

El lado del mal - Exploiting Package Hallucination at Scale contra Vibe Coders con LLMs https://www.elladodelmal.com/2025/04/exploiting-package-hallucination-at.html #VibeCoding #LLMs #Hacking #LLM #PackageHallucination #Malware #AI #IA #Exploiting #ChatGPT #Llama #DeepSeek #InteligenciaArtificial #ArtificialIntelligence

**Jake in the desert** @jake4480@c.im · 19h

19h

Jake in the desert @jake4480@c.im

As 'AI' coding 'assistants' invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain

#coding #AI #AIBullshit

**beardedtechguy@infosec:~$** @beardedtechguy@infosec.exchange · 1d

beardedtechguy@infosec:~$ @beardedtechguy@infosec.exchange

ResolverRAT is distributed through phishing emails claiming to be legal or copyright violations tailored to languages that match the target's country.

New ResolverRAT malware targets pharma and healthcare orgs worldwide https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/

#Infosec #Cybersecurity #Malware

**Schneier on Security RSS** @Schneier_rss@burn.capital · 1d

Schneier on Security RSS @Schneier_rss@burn.capital

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names&... https://www.schneier.com/blog/archives/2025/04/slopsquatting.html

Schneier on Security · 1dSlopsquatting - Schneier on SecurityAs AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.

#Uncategorized #malware #LLM

**Quad9DNS** @quad9dns@mastodon.social · 1d *

1d *

Quad9DNS @quad9dns@mastodon.social

We’re seeing an increasing volume of blocked queries to the SocGholish-related domain - blackshelter[.]org in the last several days.

Graph depicting increased volume of blocked DNS queries to the SocGholish domain blackshelter[.]org in past several days.

#DNS #SocGholish #ransomware

**Alec Muffett** @alecmuffett@mastodon.social · 1d

Alec Muffett @alecmuffett@mastodon.social

The Pall Mall Pact and why it matters | Malwarebytes | …I don’t entirely agree that this is a good thing
https://alecmuffett.com/article/113190
#HackingTools #PallMallPact #PallMallProcess #malware

image text: Speaking as an author of "hacking tools" which have inspired the "hacking tools" of today — tools used by the kinds of people who *found* companies like Malwarebytes — I find perspectives such as this to be problematic, hypocritical, and lacking in du

Dropsafe · 1dThe Pall Mall Pact and why it matters | Malwarebytes | …I don’t entirely agree that this is a good thing

More from

alecm

**Europe Says** @europesays@pubeurope.com · 1d

Europe Says @europesays@pubeurope.com

https://www.europesays.com/1997221/ NATO allies boost cyber defense coordination, focus on improving critical infrastructure resilience #CriticalInfrastructure #CriticalInfrastructureResilience #CyberDefense #CyberThreat #Cybersecurity #Europa #europe #InfrastructureResilience #MaliciousCyber #malware #nato #OTAN #ThreatIntelligence

**Andrew Brandt** @threatresearch@infosec.exchange · 1d

Andrew Brandt @threatresearch@infosec.exchange

Last week I posted a thread about a #spam campaign delivering a #ConnectWise client as its payload. As of this morning, the threat actors have changed the payload (https://www.virustotal.com/gui/file/30e1d059262b851a2b432ec856aeba5bb639ba764aa85643703163d62000a2f4) and it appears to try to connect to the address "relay.noscreener[.]info" which resolves to 104.194.145.66.

Embedded in the installer .msi file is a file called system.config, which contains this domain name and a base64-encoded string.

The fake Social Security website is still being hosted on a compromised site that belongs to a temp agency based on the east coast of the US.

Previous thread:

https://infosec.exchange/@threatresearch/114315246724920453

A virustotal graph showing the relationship between the new sample, its C2 domain, and the IP address where that domain is hosted.

The system.config contents include the C2 domain and a base64-encoded value labeled "k=" -- a key, perhaps?

#malware #phishing #malspam

**Xavier Ashe** @Xavier@infosec.exchange · 1d *

1d *

Xavier Ashe @Xavier@infosec.exchange

#VXUnderground has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?
https://vx-underground.org/Best%20Of
#redteam #malware #malware_research #vulnerability

Vx UndergroundVx UndergroundThe largest collection of malware source code, samples, and papers on the internet.

**Colin Purrington** @colinpurrington@flipping.rocks · 1d

Colin Purrington @colinpurrington@flipping.rocks

Would anyone be willing to give me some Wordpress advice? A guy *claiming* to be from Bluehost just called and said my hosted site has malware, then offered me $360/yr protection plan. Refused to say anything about where malware was located or how to fix. Jerk. Bluehost is too expensive already and I'm toying with just pulling the plug on my site altogether (it's not very popular), or maybe porting it over to the $4/month (?) version at wordpress.com. I'd be grateful for any tips on removing malware, finding cheaper host, and whether terminating a blog makes sense. #wordpress #malware #hosting #blog

**Hackread.com** @Hackread@mstdn.social · 1d

Hackread.com @Hackread@mstdn.social

Spyware added during manufacturing: Cheap Android phones come preloaded with malware stealing crypto via fake #WhatsApp and other apps.

Read: https://hackread.com/pre-installed-malware-cheap-android-phones-crypto-fake-whatsapp/

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 2dPre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsAppFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

#CyberSecurity #Android #Crypto

**rexi** @rexi@mastodon.social · 2d

rexi @rexi@mastodon.social

https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/

create a malicious software package under a hallucinated package name and then upload the bad package…when an #AIcodeassistant re-hallucinates the co-opted name, the process of installing dependencies and executing the code will run the #malware…

…a form of typosquatting, where variations or misspellings of common terms are used to dupe people. Seth Michael Larson, #Python Software Foundation, has dubbed it #slopsquatting – "slop" being a common pejorative for AI output

The Register · 4dLLMs can't stop making up software dependencies and sabotaging everythingBy Thomas Claburn

**@990000@mstdn.social** @990000@mstdn.social · 3d *

3d *

@990000@mstdn.social @990000@mstdn.social

Haha nice

#LLM #CyberPunk #Malware

https://bsky.app/profile/thomasfuchs.at/post/3lmnqvt35bk2z

Update: source → https://wandering.shop/@janellecshane/114327654973832756

Thomas @thomasfuchs.at:
Some true cyberpunk shit

Janelle Shane @janelleshane.com:
1. LLM-generated code tries to run code from online software packages. Which is normal but
2. The packages don't exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.

**Tâi Siáu-káu 台痟狗ㄊㄇㄉ台灣國** @TimMaddog@mstdn.social · 4d

Tâi Siáu-káu 台痟狗ㄊㄇㄉ台灣國 @TimMaddog@mstdn.social

List of apps affected by #BadBazaar and #Moonshine #malware begins on p. 20 of this document.
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

Replied in thread

**Tâi Siáu-káu 台痟狗ㄊㄇㄉ台灣國** @TimMaddog@mstdn.social · 4d

Tâi Siáu-káu 台痟狗ㄊㄇㄉ台灣國 @TimMaddog@mstdn.social

@remixtures
List of apps affected by #BadBazaar and #Moonshine #malware begins on p. 20 of this document.
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

**Tarnkappe.info** @tarnkappeinfo@social.tchncs.de · 5d

Tarnkappe.info @tarnkappeinfo@social.tchncs.de

Im Visier von Europol: Operation Endgame führt zu weiteren Verhaftungen
#ITSicherheit #Malware #Botnetze #Cybercrime #DropperMalware #europol #OperationEndgame #RansomwareInfrastruktur https://sc.tarnkappe.info/6f90b6

TARNKAPPE.INFO · 5dIm Visier von Europol: Operation Endgame führt zu weiteren VerhaftungenEuropol nimmt Cyberkriminelle ins Visier - weitere Festnahmen und Durchsuchungen im Rahmen der "Operation Endgame".

**Bill** @Sempf@infosec.exchange · 5d

Bill @Sempf@infosec.exchange

Well...shit. So much for captcha.

https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/

SentinelOneAkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At ScaleAkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

#genai #malware

**heise online** @heiseonline@social.heise.de · 5d

heise online @heiseonline@social.heise.de

Gericht nennt Details zu Angriffen auf 1223 WhatsApp-User mit Pegasus-Spyware

Ein Gerichtsdokument verrät Standorte der Opfer, für die Angriffe genutzte Server und die Herkunft der Angriffe mit der Pegasus-Spyware auf eine WhatsApp-Lücke.

https://www.heise.de/news/Gericht-nennt-Details-zu-Angriffen-auf-1223-WhatsApp-User-mit-Pegasus-Spyware-10348270.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · 5dGericht nennt Details zu Angriffen auf 1223 WhatsApp-User mit Pegasus-SpywareBy Frank Schräer

#Cybersecurity #Hacking #Malware

Recent searches

Search options

Administered by:

Server stats:

#malware