PROMPTFLUX es un dropper experimental en VBScript que realiza solicitudes POST en tiempo de ejecución hacia la API de Gemini (especificando gemini-1.5-flash-latest) utilizando una credencial de API incrustada, solicita ofuscaciones de VBScript en formato solo-código, registra las respuestas del modelo en el sistema local y está diseñado para persistir scripts regenerados en la carpeta de…
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach…
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. «Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,»
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted…
Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. «The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness,» the Microsoft Defender Security Research Team said.
The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations,…
LastPass es uno de los gestores de contraseñas más populares y esto hace que los piratas informáticos pongan ahí sus miras. Buscan llegar al mayor número de víctimas y así robar información personal, contraseñas o llegar a controlar los dispositivos. En este caso, están enviando mensajes falsos de mantenimiento y la compañía ha advertido de…
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. «The actor creates a malformed archive as an anti-analysis technique,» Expel security researcher Aaron Walton said in a report shared with The Hacker News. «That…
You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to…