ποΈ AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new artificial intelligence AIpowered penetration testing tool linked to a Chinabased company has attracted nearly 11,000 downloads on the Python Package Index PyPI repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Chinesespeaking users are the target of a search engine optimization SEO poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π AI-Forged Military IDs Used in North Korean Phishing Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Genians observed the Kimsuky group impersonate a defense institution in a spearphishing attack, leveraging ChatGPT to create fake military ID cards.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Forged Military IDs Used in North Korean Phishing Attack
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards
π CISA at Risk After OIG Accuses it of Wasting Federal Funds π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA at Risk After OIG Accuses it of Wasting Federal Funds
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program
π Phishing Campaigns Drop RMM Tools for Remote Access π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are using multiple lures to trick users into installing RMM tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Campaigns Drop RMM Tools for Remote Access
Threat actors are using multiple lures to trick users into installing RMM tools
π¦
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary CRIL identified an active Maranho Stealer campaign that is being distributed through social engineering websites hosted on cloud platforms. Current intelligence indicates that the malware has been active since May 2025 and is actively being developed. Available intelligence shows the malware has been active since May 2025 and is undergoing ongoing development. The threat actors primarily target gaming users by distributing gamingrelated links, cheats, and pirated software downloads. e.g., hxxpsderelictsgame.inDerelictSetup.zip. The ZIP archives include an Inno Setup installer, which launches a Node.jscompiled binary responsible for exfiltrating credentials. Key takeaways Maranho Stealer is actively spreading through social engineering websites that distribut...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer
Cyble Research & Intelligence Labs detected MaranhΓ£o Stealer, a Node.jsβbased credential stealer leveraging reflective DLL injection.
π SEO Poisoning Targets Chinese Users with Fake Software Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SEO Poisoning Targets Chinese Users with Fake Software Sites
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos
π¦Ώ Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Unlock 500 channels and secure your browsing with Getflix Smart DNS VPN lifetime access a 66 savings.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS & VPN lifetime accessβa 66% savings.
π HybridPetya Mimics NotPetya, Adds UEFI Compromise π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HybridPetya ransomware mimics PetyaNotPetya, with an added UEFI bootkit and Secure Boot bypass.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HybridPetya Mimics NotPetya, Adds UEFI Compromise
HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass
ποΈ Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Chinaaligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailandbased IP addresses and drops the Yokai backdoor," IBM XForce researchers Golo Mhr and Joshua Chung said in an analysis published last week. The tech giant's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function NpmModule.updatePackage that downloads a package tarball, modifies package.json, injects a local script bundle.js, repacks the archive, and republishes it, enabling.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A team of academics from ETH Zrich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 DDR5 memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix CVE20256202, CVSS score 7.1, is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Villager, a tool developed by a Chinabased red team project known as Cyberspike, is being used to automate attacks under the guise of penetration testing.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July
βVillagerβ is a China-developed tool that can dynamically adapt attacks to breach the domains and devices of victims
π’ NinjaOne expands availability on CrowdStrike Marketplace π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
CrowdStrike Falcon customers now have simplified access to NinjaOnes automated endpoint management capabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
NinjaOne expands availability on CrowdStrike Marketplace
CrowdStrike Falcon customers now have simplified access to NinjaOneβs automated endpoint management capabilities
π’ Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Is this really the end for Scattered Lapsus Hunters?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them?
Is this really the end for Scattered Lapsus$ Hunters?
ποΈ Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE202543300 CVSS score 8.8, an outofbounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80 of companies have already experienced unintended AI agent actions, from unauthorized system.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π UK: Tax Refund-Themed Phishing Slows in 2025 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Reports of email phishing attempts impersonating the UKs HM Revenue Customs plummeted in the first half of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK: Tax Refund-Themed Phishing Slows in 2025
Reports of email phishing attempts impersonating the UKβs HM Revenue & Customs plummeted in the first half of 2025
π JLR Extends Production Halt After Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Jaguar Land Rover JLR has confirmed that its pause in production will last until at least Wednesday, September 24.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed that its pause in production will last until at least Wednesday, September 24
π API Threats Surge to 40,000 Incidents in 1H 2025 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Thales claims there were over 40,000 API incidents in the first half of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
API Threats Surge to 40,000 Incidents in 1H 2025
Thales claims there were over 40,000 API incidents in the first half of 2025
π FinWise Bank Warns of Insider Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An insider data breach at FinWise may have impacted 689,000 customers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FinWise Bank Warns of Insider Data Breach
An insider data breach at FinWise may have impacted 689,000 customers