LINUX Archives - Cybersecurity News Everyday

npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors

A new supply chain attack has been discovered wherein typosquatted Telegram bot libraries deliver SSH backdoors and facilitate data exfiltration. The attack exploits Telegram’s open ecosystem and lack of a formal vetting process for bot creation, allowing malicious npm packages to masquerade as legitimate libraries. These packages perform unauthorized SSH key injections and data breaches, posing serious risks to developer infrastructures and user privacy.…

0Trash

The Weekly Threat Round-up 14/04/2025 – 18/04/2025

April 19, 2025April 19, 2025 iocOne

This week’s cyber news highlights the enhanced capabilities of the Tycoon2FA phishing kit, Pakistani-linked SideCopy’s expanded targets in India, the use of open-source tools by UNC5174, the funding crisis for MITRE’s CVE program, and a new malware campaign from the Russian group Midnight Blizzard. These developments underscore the continuous evolution of cyber threats and their implications across various sectors.…

Cyber Security News

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

April 18, 2025 CybersecurityNews

Summary: Researchers highlight a significant rise in XorDDoS malware, which has primarily targeted U.S. systems between November 2023 and February 2025. The trojan, originally known for attacking Linux systems, has now expanded its reach to Docker servers and other internet-connected devices, with nearly 42 percent of affected devices located in the U.S.…

Cyber Security News

CVE-2024-53141: Linux Kernel Flaw Enables Privilege Escalation, PoC Releases

April 18, 2025 Cyware

Summary: A severe out-of-bounds access vulnerability in the Linux kernel, tracked as CVE-2024-53141, has been disclosed with a CVSS score of 7.8. This flaw, linked to the bitmap_ip_uadt function in the netfilter subsystem’s ipset component, enables privilege escalation and arbitrary code execution through a multi-stage exploitation process.…

Threat Research

Lazarus_Linked_Malware_Targets_Windows

April 18, 2025April 18, 2025 Securonix

This article provides an analysis of the malware sample 875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe, attributed to the Lazarus Group, a state-sponsored cyber threat actor. Using tools like ANY.RUN and Hybrid Analysis, the analysis reveals the malware’s behavior, including process injection and registry modifications, targeting primarily Windows systems and expanding to Linux and macOS environments.…

Interesting Stuff

Top 20 Linux Commands Every Pentester Should Know

April 18, 2025 Infosecwriteups

This article discusses essential Linux commands that every penetration tester should know to enhance their efficiency in navigating and exploiting systems. The commands cover various functions, including system information retrieval, network configuration, process monitoring, and privilege escalation. Affected: pentesters, cybersecurity professionals

Keypoints :

Understanding system information using the command uname -a.…

Interesting Stuff

Hacking Linux with Zombie Processes

April 18, 2025 Infosecwriteups

Zombie processes in Linux can be exploited for stealthy attacks and resource exhaustion. Understanding their lifecycle and characteristics is crucial for both offensive and defensive security practices. Defunct processes can lead to denial-of-service scenarios if not properly managed. Affected: Linux systems, security infrastructure

Keypoints :

Zombie processes are terminated processes that lack a proper cleanup by their parent process, remaining visible in the system as .…

Youtube

Raspberry Pi Network Monitoring Agent #shorts #iphone #android #wifi

April 18, 2025 admin

Summary: The video discusses how to install the Fing agent on a Raspberry Pi, demonstrating a practical project for monitoring your network using this low-cost computing device. The presenter guides viewers through the steps of logging into the Raspberry Pi, updating software, and installing necessary components to get the Fing agent up and running.…

Threat Research

UNC5221’s Latest Exploit: Weaponizing CVE-2025-22457 in Ivanti Connect Secure

April 17, 2025 Picussecurity

UNC5221 is a suspected China-nexus cyber-espionage group targeting edge network devices through zero-day exploits, particularly Ivanti’s Pulse Connect Secure/Ivanti Connect Secure (ICS) VPN appliances. A critical vulnerability (CVE-2025-22457) has been exploited since March 2025, allowing unauthorized network access and deployment of custom malware. The campaign has affected organizations globally, especially in the U.S.,…

Cyber Security News

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

April 17, 2025 CybersecurityNews

Summary: The China-linked threat actor Mustang Panda has targeted an organization in Myanmar with advanced malware, introducing tools such as a revamped backdoor called TONESHELL, a new lateral movement tool named StarProxy, and several keyloggers. This attack demonstrates the group’s continuous evolution in cyber capabilities, including methods to evade detection by security systems.…

Cyber Security News

MITRE Hackers’ Backdoor Has Targeted Windows for Years

April 17, 2025 CybersecurityNews

Summary: A recent analysis by cybersecurity firm Nviso highlights the emergence of Windows variants of the BrickStorm backdoor used by the Chinese APT group UNC5221 in a breach of MITRE. The hackers exploited zero-day vulnerabilities in a VPN and have been targeting European organizations since 2022.…

Threat Research

Global_Rise_of_Akira_Ransomware

April 17, 2025April 17, 2025 Securonix

The Akira ransomware group has been operational since March 2023, employing a “double extortion” strategy that involves data exfiltration before encryption and threats of public exposure if ransoms are not paid. Their attacks have predominantly targeted sectors like Education, Finance, Manufacturing, and Healthcare across North America, Europe, and Australia, leading to significant financial gains exceeding million.…

0Trash

Microsoft Patch Tuesday: March 2025 – SANS Internet Storm Center

April 17, 2025April 17, 2025 iocOne

This patch Tuesday includes 51 vulnerabilities, six of which are critical and include patches for exploited “0-Day” vulnerabilities. Notable is CVE-2025-24064, a critical vulnerability in Windows DNS that could enable remote code execution through a specially crafted DNS update message. Additional vulnerabilities affect NTFS, FAT, Remote Desktop Services, Microsoft Office, and the Windows subsystem for Linux, highlighting ongoing exposure and security challenges.…

Interesting Stuff

Sophisticated Vulnerabilities in Modern Cyberattacks

April 16, 2025April 16, 2025 iocOne

The rise in advanced cyber threats is attributed to sophisticated vulnerabilities that attackers exploit, including zero-day exploits and supply chain compromises. This trend highlights the need for organizations to enhance their defenses and embrace continuous threat exposure management (CTEM) to stay ahead of attackers. Affected: organizations, critical infrastructure, software supply chains, cloud services, end-users

Keypoints :

2023 saw a rise in zero-day exploits, with 97 reported in the wild compared to 62 in 2022.…

Cyber Security News

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

April 16, 2025 CybersecurityNews

Summary: Cybersecurity researchers have discovered a new controller component related to the BPFDoor backdoor, which has been involved in cyber attacks against various sectors in multiple countries. This backdoor enables lateral movement within compromised networks, potentially allowing further access to sensitive data. The analysis ties these activities to the threat group known as Earth Bluecrow and highlights the unique capabilities of BPFDoor’s design for stealthy operations.…

Threat Research

Interlock ransomware evolving under the radar

April 16, 2025 SekoiaIO

The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…

Cyber Security News

BRICKSTORM Backdoor Targets European Industries

April 16, 2025 CybersecurityNews

Summary: NVISO reports on BRICKSTORM, a stealthy backdoor linked to the Chinese threat group UNC5221, which has evolved to target Windows systems after prior Linux-based attacks. This espionage tool employs sophisticated techniques for persistence and command-and-control communication while remaining undetected for extended periods. The report highlights the urgent need for enhanced security measures in at-risk sectors, especially given BRICKSTORM’s advanced evasion tactics.…

Youtube

Finding Web App Vulnerabilities with AI

April 16, 2025 Youtube

Summary: The video discusses the integration of AI into Burp Suite, a web application security testing tool, and highlights its advantages in finding web application vulnerabilities more efficiently. The presenter, John Hammond, demonstrates how to set up Burp Suite Professional, leverage AI-powered features, and perform vulnerability scanning using the provided “Jin and Juice Shop,” an intentionally vulnerable web application for testing.…

Threat Research

UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell

April 16, 2025 Sysdig

This article discusses the latest developments of the Chinese state-sponsored threat actor UNC5174, known for its advanced cyber warfare techniques. The actor has transitioned from using the SUPERSHELL tool to the open source VShell, which has been integrated into their SNOWLIGHT malware campaign. This evolution highlights their persistent espionage activities targeting organizations in Western countries and critical infrastructure sectors, using stealthy methods including fileless malware and sophisticated command-and-control tactics.…

Cyber Security News

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

April 16, 2025 CybersecurityNews

Summary: A new campaign attributed to the China-linked threat actor UNC5174 employs a variant of the SNOWLIGHT malware and the VShell tool to breach Linux and macOS systems. These tools utilize open-source resources for obfuscation and cost-effectiveness, making attribution challenging. The campaign has been linked to attacks exploiting security flaws in Ivanti appliances, affecting multiple sectors worldwide.…

Tag: LINUX