๐ฅ CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
CISA said the unnamed department was infected with malware called โFIRESTARTERโ that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
CVE-2026-7413: Persistent undocumented backdoor access with Yarbo
Yarbo ๋ก๋ด ํ์จ์ด v2.3.9์ ๋ฌธ์ํ๋์ง ์์ ์๊ตฌ ๋ฐฑ๋์ด๊ฐ ๋ฐ๊ฒฌ๋์ด ์๊ฒฉ์์ ์ธ์ฆ ์์ด ๋ฃจํธ ๊ถํ ์ ์ ๊ทผ์ด ๊ฐ๋ฅํฉ๋๋ค. ์ด ๋ฐฑ๋์ด๋ ์ฌ์ฉ์ ์ค์ ์ผ๋ก ๋นํ์ฑํํ ์ ์์ผ๋ฉฐ ๊ณต์ฅ ์ด๊ธฐํ๋ ํ์จ์ด ์ ๋ฐ์ดํธ ํ์๋ ๋จ์ ์์ด ์ฌ๊ฐํ ๋ณด์ ์ํ์ ์ด๋ํฉ๋๋ค. CVE-2026-7413์ CVSS 7.2์ ์ ๋์ ์ํ๋๋ก ํ๊ฐ๋๋ฉฐ, ๊ด๋ จ ์ทจ์ฝ์ ๋ค๊ณผ ๊ฒฐํฉ ์ ๋ก๋ด ์ ์ฒด ํจ๋์ ๋ํ ๋ฌด๋จ ์ ์ด์ ๋ฐ์ดํฐ ๋ ธ์ถ์ด ๊ฐ๋ฅํด์ง๋๋ค. ๊ณต๊ธ์ ์ฒด๋ ๋ฐฑ๋์ด ์ ๊ฑฐ์ ์ธ์ฆ ๋ฉ์ปค๋์ฆ ๊ฐ์ , ํ์จ์ด ์ ๋ฐ์ดํธ ์ ์์ ์ ๊ฑฐ๋ฅผ ์กฐ์นํด์ผ ํ๋ฉฐ, ์์๋ก ๋คํธ์ํฌ ์ฐจ๋จ ๋ฐ ๋ชจ๋ํฐ๋ง์ด ๊ถ๊ณ ๋ฉ๋๋ค.
CVE-2026-7413: Persistent undocumented backdoor access in Yarbo robot firmware v2.3.9 AHA! has discovered an issue affecting Yarbo robot firmware v2.3.9. This disclosure follows AHA!โs standard disclosure policy. Any questions about this disclosure should be directed to [email protected]. Affected products Yarbo robot firmware v2.3.9 (April, 2026) Executive summary A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Donuts and Beagles: Fake Claude site spreads backdoor
A fraudulent website impersonating Anthropic's Claude AI platform has been distributing a previously undocumented backdoor called Beagle through malvertising campaigns. The attack begins when victims download a fictitious tool named Claude-Pro Relay from claude-pro[.]com, delivered as a 505 MB ZIP archive. The infection chain utilizes DLL sideloading, exploiting a signed G DATA antivirus updater to load malicious code. The technique mirrors PlugX delivery methods but deploys different payloads. Beagle supports eight commands including shell execution, file transfer, and directory listing, communicating with C2 servers using AES encryption. Related samples dating to February 2026 have been identified, with some variants delivering AdaptixC2 framework. Additional domains impersonated security vendors like Trellix, CrowdStrike, and SentinelOne. The infrastructure spans Cloudflare for distribution and Alibaba Cloud for command and control.
Pulse ID: 69fcc63f1dce161fc2f8380c
Pulse Link: https://otx.alienvault.com/pulse/69fcc63f1dce161fc2f8380c
Pulse Author: AlienVault
Created: 2026-05-07 17:05:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CrowdStrike #CyberSecurity #Encryption #InfoSec #Malvertising #OTX #OpenThreatExchange #PlugX #SentinelOne #SideLoading #Trellix #ZIP #bot #AlienVault
MuddyWater usa il ransomware Chaos come falsa bandiera: lโIran maschera lo spionaggio di Stato da cybercrime
Il gruppo APT iraniano MuddyWater ha condotto un'operazione di cyberspionaggio mascherandola da attacco ransomware Chaos. Rapid7 rivela come Microsoft Teams sia stato usato per rubare credenziali e bypassare l'MFA, con il vero obiettivo di esfiltrazione dati e persistenza a lungo termine: non l'estorsione finanziaria.
Un nuovo malware Linux punta dove fa piรน male
#quasarlinux รจ il nuovo nome da tenere d'occhio nel panorama #malware I ricercatori lo descrivono come un impianto modulare per sistemi #linux capace di combinare #backdoor #rootkit e furto di credenziali. Il bersaglio non รจ un utente generico:sono ambienti DevOps, repository, server di build e macchine che spesso hanno accesso a segreti molto piรน preziosi di un singolo account
#UnoLinux #gnulinux #gnulinuxitalia #linuxitalia
https://www.tomshw.it/hardware/malware-linux-sviluppatori-quasar
๐จ NEWS: Allarme Daemon Tools: Un Attacco alla Supply Chain Ha Compromesso il Popolare Software per Dischi Virtuali
Ecco i punti chiave in breve:
๐ก Un grave attacco informatico mirato alla supply chain ha colpito Daemon Tools, il noto software per emulare unitร CD e DVD virtuali, compromettendone gli aggiornamenti per oltre un...
#malware #sicurezza #supplyChain #attaccoInformatico #backdoor
DAEMON Tools installers were trojanized in a supply-chain attack, delivering a backdoor to thousands of systems worldwide since April 8 ๐
The malware affected versions 12.5.0.2421โ12.5.0.2434, targeting high-value organizations and enabling remote code execution via compromised binaries ๐ก๏ธ
#TechNews #Daemon #DAEMONTools #Malware #Security #Microsoft #Windows #Backdoor #Attack #Threat #CyberSecurity #Software #InfoSec #Hacking #Safety #Digital #Computing #Protection
๐จ NEWS: La Minaccia Gemella: Supply Chain e Dati degli Studenti nel Mirino dei Cybercriminali
Ecco i punti chiave in breve:
๐ก Il panorama della cybersecurity globale vive un momento di tensione senza precedenti. Due distinti attacchi informatici, resi noti nelle ultime ore, delineano una strategia aggress...
#sicurezzaInformatica #supplyChain #attaccoInformatico #backdoor #datiStudenti
Popular DAEMON Tools software compromised
Since April 8, 2026, installers of DAEMON Tools software have been compromised with malicious payloads distributed through the legitimate website. Versions 12.5.0.2421 to 12.5.0.2434 contain trojaned binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) signed with legitimate developer certificates. The attack has affected thousands of systems across over 100 countries, though advanced payloads were selectively deployed to approximately a dozen machines in government, scientific, manufacturing, and retail organizations. Initial infection establishes backdoor communications to typosquatted domains, followed by deployment of an information collector for system profiling. Targeted systems receive additional implants including a minimalistic backdoor and QUIC RAT. Chinese-language strings found in malicious components suggest a Chinese-speaking threat actor. The attack remains active at time of publication, demonstrating sophisticated supply chain compromise techniques comparable to the 2023 3CX ...
Pulse ID: 69f9fd6e0328f7a1be1faa20
Pulse Link: https://otx.alienvault.com/pulse/69f9fd6e0328f7a1be1faa20
Pulse Author: AlienVault
Created: 2026-05-05 14:23:42
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Chinese #CyberSecurity #Government #InfoSec #Mac #Manufacturing #Nim #OTX #OpenThreatExchange #RAT #SupplyChain #Trojan #bot #AlienVault
jbz
sayzard
OTX Bot
(in)sicurezza digitale
Jesus Castagnetto ๐ต๐ช
Grub 
Meteora Web
knoppix
