A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be […]
SonicWall advises organizations to patch SMA 100 appliances and look for IoCs associated with Overstep malware attacks.
The post SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack appeared first on SecurityWeek.
Zscaler ThreatLabz, in collaboration with TibCERT, has uncovered two linked attack campaigns dubbed Operation GhostChat and Operation PhantomPrayers, attributed with high confidence to a China-nexus advanced persistent threat (APT) group. These operati…
Lumma Stealer, a notorious information-stealing malware-as-a-service (MaaS) platform, has swiftly reemerged after a coordinated global law enforcement operation in May 2025. The U.S. Department of Justice, alongside international partners, seized appro…
Akamai’s analysis of the Coyote malware revealed that it abuses Microsoft’s UIA accessibility framework to obtain data.
The post Coyote Banking Trojan First to Abuse Microsoft UIA appeared first on SecurityWeek.
A sophisticated new variant of the macOS.ZuRu malware, originally identified in 2021, has resurfaced, employing a trojanized version of the Termius SSH client to deploy a modified Khepri command-and-control (C2) beacon. This iteration, detected in late…
It will be interesting to watch what will come of this private lawsuit:
Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software.
These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes.
This reminds me of Meta’s lawauit against Pegasus over its hack-for-hire software (which I wrote about …
The Lumma Stealer is back after Microsoft and law enforcement took action to significantly disrupt the malware’s infrastructure.
The post Lumma Stealer Malware Returns After Takedown Attempt appeared first on SecurityWeek.
Akamai security researchers have uncovered a novel variant of the Coyote banking trojan that marks the inaugural documented instance of malicious actors exploiting Microsoft’s UI Automation (UIA) framework in real-world attacks. Initially detaile…
Coyote Trojan becomes first malware to abuse Microsoft’s UI Automation in real attacks, targeting banks and crypto platforms with stealthy tactics.