#backdoor — Public Fediverse posts

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

The other day I was asked to help clean a wordpress installation that had unwanted visitors. It was a fun journey looking through the backdoor code and a wrote a small piece about it here:
https://schulz.dk/2026/05/14/the-wordpress-backdoor-that-forgot-to-be-php/
WP is great for many things but so wide-spread that bad actors will try to find holes in it.
#wordpress #infosec #security #malware @blog #blogpost #php #code #backdoor #walkthrough

The other day I was asked to help clean a wordpress installation that had unwanted visitors. It was a fun journey looking through the backdoor code and a wrote a small piece about it here:
https://schulz.dk/2026/05/14/the-wordpress-backdoor-that-forgot-to-be-php/
WP is great for many things but so wide-spread that bad actors will try to find holes in it.
#wordpress #infosec #security #malware @blog #blogpost #php #code #backdoor #walkthrough

The other day I was asked to help clean a wordpress installation that had unwanted visitors. It was a fun journey looking through the backdoor code and a wrote a small piece about it here:
https://schulz.dk/2026/05/14/the-wordpress-backdoor-that-forgot-to-be-php/
WP is great for many things but so wide-spread that bad actors will try to find holes in it.
#wordpress #infosec #security #malware @blog #blogpost #php #code #backdoor #walkthrough

The other day I was asked to help clean a wordpress installation that had unwanted visitors. It was a fun journey looking through the backdoor code and a wrote a small piece about it here:
https://schulz.dk/2026/05/14/the-wordpress-backdoor-that-forgot-to-be-php/
WP is great for many things but so wide-spread that bad actors will try to find holes in it.
#wordpress #infosec #security #malware @blog #blogpost #php #code #backdoor #walkthrough

The other day I was asked to help clean a wordpress installation that had unwanted visitors. It was a fun journey looking through the backdoor code and a wrote a small piece about it here:
https://schulz.dk/2026/05/14/the-wordpress-backdoor-that-forgot-to-be-php/
WP is great for many things but so wide-spread that bad actors will try to find holes in it.
#wordpress #infosec #security #malware @blog #blogpost #php #code #backdoor #walkthrough

#Microsoft baut #Backdoor in den #Windows #Bitlocker ein?

(also mutmaßlich)

Windows 11, Windows Server 2022, 2025 sind betroffen.

Laut einen Sicherheitsforscher kann man relativ einfach mit einem #USB Stick die Verschlüsselung umgehen... WTF Windows.

Hoods Informatik hat dazu ein Kurzvideo hochgeladen:
https://youtube.com/shorts/h09NoxuYW4w

Können wir jetzt bitte endlich alle zu ner gescheiten #Linux Distro wechseln?
Oder für die, die zu viel Geld haben wenigstens zu Mac? (Auch wenn ich Mac nicht leiden kann.)

#IT #itsecurtity #sicherheitslücken

# #Microsoft baut #Backdoor in den #Windows #Bitlocker ein?
(also mutmaßlich)

Windows 11, Windows Server 2022, 2025 sind betroffen.

Laut einen Sicherheitsforscher kann man relativ einfach mit einem #USB Stick die Verschlüsselung umgehen... WTF Windows.

Hoods Informatik hat dazu ein Kurzvideo hochgeladen:
https://youtube.com/shorts/h09NoxuYW4w

**Können wir jetzt bitte endlich alle zu ner gescheiten #Linux Distro wechseln?**
Oder für die, die zu viel Geld haben wenigstens zu Mac? (Auch wenn ich Mac nicht leiden kann.)

# #Microsoft baut #Backdoor in den #Windows #Bitlocker ein?
(also mutmaßlich)

Windows 11, Windows Server 2022, 2025 sind betroffen.

Laut einen Sicherheitsforscher kann man relativ einfach mit einem #USB Stick die Verschlüsselung umgehen... WTF Windows.

Hoods Informatik hat dazu ein Kurzvideo hochgeladen:
https://youtube.com/shorts/h09NoxuYW4w

**Können wir jetzt bitte endlich alle zu ner gescheiten #Linux Distro wechseln?**
Oder für die, die zu viel Geld haben wenigstens zu Mac? (Auch wenn ich Mac nicht leiden kann.)

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a048d03417ba877dc0a4e1d
Pulse Link: https://otx.alienvault.com/pulse/6a048d03417ba877dc0a4e1d
Pulse Author: CyberHunter_NL
Created: 2026-05-13 14:38:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a048d03417ba877dc0a4e1d
Pulse Link: https://otx.alienvault.com/pulse/6a048d03417ba877dc0a4e1d
Pulse Author: CyberHunter_NL
Created: 2026-05-13 14:38:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a048d03417ba877dc0a4e1d
Pulse Link: https://otx.alienvault.com/pulse/6a048d03417ba877dc0a4e1d
Pulse Author: CyberHunter_NL
Created: 2026-05-13 14:38:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a048d03417ba877dc0a4e1d
Pulse Link: https://otx.alienvault.com/pulse/6a048d03417ba877dc0a4e1d
Pulse Author: CyberHunter_NL
Created: 2026-05-13 14:38:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a048d03417ba877dc0a4e1d
Pulse Link: https://otx.alienvault.com/pulse/6a048d03417ba877dc0a4e1d
Pulse Author: CyberHunter_NL
Created: 2026-05-13 14:38:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #CyberHunter_NL

USA #Neuland

Und ich dachte immer, Neuland wäre bei uns! Die Posse um das Verbot "ausländischer" Netzwerktechnik in den USA geht weiter. Zum Bann gegen ausländische Router etc. gehörte auch, dass Geräte im Bestand schon 2027 keine Updates mehr vom jeweiligen Hersteller bekommen dürften. Die Befürchtung dahinter ist, dass Hersteller mit jedem Update eine neue Hintertür ausliefern könnten. Wie kommen die USA nur auf diesen Gedanken? ;-) Das Risiko besteht, natürlich. Aber Updates sind normalerweise notwendig zur Behebung von Sicherheitslücken. Beim zweiten Nachdenken erschien der FCC das Risiko durch bekannte Sicherheitslücken, die mangels Updates offen bleiben, dann doch

https://www.pc-fluesterer.info/wordpress/2026/05/13/usa-neuland/

#Hintergrund #cybercrime #hersteller #hintertr #router #UnplugTrump #usa #backdoor #spionage

USA #Neuland

Und ich dachte immer, Neuland wäre bei uns! Die Posse um das Verbot "ausländischer" Netzwerktechnik in den USA geht weiter. Zum Bann gegen ausländische Router etc. gehörte auch, dass Geräte im Bestand schon 2027 keine Updates mehr vom jeweiligen Hersteller bekommen dürften. Die Befürchtung dahinter ist, dass Hersteller mit jedem Update eine neue Hintertür ausliefern könnten. Wie kommen die USA nur auf diesen Gedanken? ;-) Das Risiko besteht, natürlich. Aber Updates sind normalerweise notwendig zur Behebung von Sicherheitslücken. Beim zweiten Nachdenken erschien der FCC das Risiko durch bekannte Sicherheitslücken, die mangels Updates offen bleiben, dann doch

https://www.pc-fluesterer.info/wordpress/2026/05/13/usa-neuland/

#Hintergrund #cybercrime #hersteller #hintertr #router #UnplugTrump #usa #backdoor #spionage

USA #Neuland

Und ich dachte immer, Neuland wäre bei uns! Die Posse um das Verbot "ausländischer" Netzwerktechnik in den USA geht weiter. Zum Bann gegen ausländische Router etc. gehörte auch, dass Geräte im Bestand schon 2027 keine Updates mehr vom jeweiligen Hersteller bekommen dürften. Die Befürchtung dahinter ist, dass Hersteller mit jedem Update eine neue Hintertür ausliefern könnten. Wie kommen die USA nur auf diesen Gedanken? ;-) Das Risiko besteht, natürlich. Aber Updates sind normalerweise notwendig zur Behebung von Sicherheitslücken. Beim zweiten Nachdenken erschien der FCC das Risiko durch bekannte Sicherheitslücken, die mangels Updates offen bleiben, dann doch

https://www.pc-fluesterer.info/wordpress/2026/05/13/usa-neuland/

#Hintergrund #cybercrime #hersteller #hintertr #router #UnplugTrump #usa #backdoor #spionage

USA #Neuland

Und ich dachte immer, Neuland wäre bei uns! Die Posse um das Verbot "ausländischer" Netzwerktechnik in den USA geht weiter. Zum Bann gegen ausländische Router etc. gehörte auch, dass Geräte im Bestand schon 2027 keine Updates mehr vom jeweiligen Hersteller bekommen dürften. Die Befürchtung dahinter ist, dass Hersteller mit jedem Update eine neue Hintertür ausliefern könnten. Wie kommen die USA nur auf diesen Gedanken? ;-) Das Risiko besteht, natürlich. Aber Updates sind normalerweise notwendig zur Behebung von Sicherheitslücken. Beim zweiten Nachdenken erschien der FCC das Risiko durch bekannte Sicherheitslücken, die mangels Updates offen bleiben, dann doch

https://www.pc-fluesterer.info/wordpress/2026/05/13/usa-neuland/

#Hintergrund #cybercrime #hersteller #hintertr #router #UnplugTrump #usa #backdoor #spionage

RE: https://indieweb.social/@permafriday/116561082682363965

THIS IS A LABOR ISSUE

now that Google doesn't have to pretend #android is not the #backdoor #surveillance system Snowden warned us about, it has a problem:

app developers.

the app store was always a honeypot for free #labor. without #apps there is no android. so Google has to rein in app devs, if they don't want their #spyware broken.

but if you give up your encryption keys, the app isn't yours. this isn’t about #privacy.

Google wants app devs to be employees without labor rights.

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

Pulse ID: 6a02da5139868596248b6e77
Pulse Link: https://otx.alienvault.com/pulse/6a02da5139868596248b6e77
Pulse Author: Tr1sa111
Created: 2026-05-12 07:44:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Python #bot #Tr1sa111

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

Pulse ID: 6a02ae06bc4da27b818aa732
Pulse Link: https://otx.alienvault.com/pulse/6a02ae06bc4da27b818aa732
Pulse Author: Tr1sa111
Created: 2026-05-12 04:35:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Trojan #Vulnerability #bot #Tr1sa111

DAEMON Tools compromesso: supply chain attack dal sito ufficiale con backdoor QUIC RAT e 100+ paesi colpiti

https://insicurezzadigitale.com/daemon-tools-compromesso-supply-chain-attack-dal-sito-ufficiale-con-backdoor-quic-rat-e-100-paesi-colpiti/

Malicious PyPI Package Embeds Multi-Layer Encrypted Backdoor to Steal Users’ Cryptocurrency Information — HelixGuard

Pulse ID: 6a01c0fff6a09f21f8fe5e4f
Pulse Link: https://otx.alienvault.com/pulse/6a01c0fff6a09f21f8fe5e4f
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:43:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #bot #cryptocurrency #CyberHunter_NL

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Donuts and Beagles: Fake Claude site spreads backdoor

Pulse ID: 6a01601a5577d48cf5f71e57
Pulse Link: https://otx.alienvault.com/pulse/6a01601a5577d48cf5f71e57
Pulse Author: Tr1sa111
Created: 2026-05-11 04:50:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

Silver Fox lancia ABCDoor: spear phishing con loader Rust personalizzato contro India e Russia, nuova backdoor Python in campo

https://insicurezzadigitale.com/silver-fox-lancia-abcdoor-spear-phishing-con-loader-rust-personalizzato-contro-india-e-russia-nuova-backdoor-python-in-campo/

🔥 CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March

https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor

#cisco #firestarter #backdoor #CVE202520333 #CVE202520362