Advertisement

China-Linked APT Targets Southeast Asia Critical Systems with New Backdoor
A China-linked APT group has compromised ten organizations, including state-owned entities in Southeast Asia, deploying a new backdoor. Defenders must prioritize C2

ShapedPlugin Supply Chain Attack: WordPress Pro Plugins Backdoored
Attackers compromised ShapedPlugin's distribution pipeline to inject backdoors into Pro WordPress plugins. Learn how to detect and remediate this supply chain threat.
Outdated REDCap Servers Targeted by China-linked UNC6508
A majority of internet-accessible REDCap servers remain unpatched, making them prime targets for initial access and backdoor deployment by China-linked UNC6508.

SHub Reaper Stealer Backdoors macOS via Spoofed Apps
SHub Reaper stealer targets macOS, using fake Google, Microsoft, Apple, WeChat, and Miro installers for Apple script-based execution and backdooring.
SHub macOS Infostealer Spoofs Apple Security Updates, Installs Backdoor
A new SHub macOS infostealer variant employs fake Apple security update prompts via AppleScript to install a backdoor, threatening user data and system integrity.

Silver Fox APT: Tax-Themed Phishing Delivers ABCDoor to India, Russia
China-backed Silver Fox APT targets organizations in India and Russia with over 1,600 tax-themed phishing messages to deploy ABCDoor backdoor and ValleyRAT.
WordPress Quick Page/Post Redirect Backdoor: Arbitrary Code Injection
A dormant backdoor in the Quick Page/Post Redirect WordPress plugin allowed arbitrary code injection for five years on over 70,000 sites. Learn mitigation.
UNC6692 Targets Microsoft Teams to Deploy Snow Malware
UNC6692 is leveraging Microsoft Teams and social engineering to deliver the modular Snow malware suite, facilitating long-term persistence and data theft.
Firestarter Backdoor Infects Cisco Firewall at US Federal Agency
Analysis of the Firestarter backdoor on Cisco firewalls, detailing its remote access capabilities, post-patch persistence, and mitigation strategies.
APT41 Deploys Stealth Backdoor for Cloud Credential Harvesting
China-linked APT41 is targeting AWS, Azure, and Google Cloud with a new zero-detection backdoor designed to harvest credentials and maintain persistence.

Red Menshen APT Deploys Upgraded BPFdoor Backdoor Against Telcos
Chinese APT Red Menshen utilizes an upgraded BPFdoor backdoor to target global telecommunication companies, bypassing traditional defenses. Active threat hunting is
Fake Next.js Job Interview Tests Backdoor Developers
Microsoft Defender discovered a campaign where malicious Next.js job interview tests backdoor developers' devices, posing a supply chain risk.