Cybercrime/malcode – Lifeboat News: The Blog

Sep 30
2025

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

PlugX and Bookworm campaigns strike Asian telecom and ASEAN targets using DLL side-loading and modular RATs.

Sep 30
2025

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025–32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

“Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability,” CISA said. “This vulnerability could allow a local attacker to leverage sudo’s-R (—chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.”

Sep 30
2025

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

EvilAI uses signed AI apps to spread malware globally, stealing data and evading detection.

Sep 30
2025

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Microsoft uncovers August 28 phishing using LLM-generated SVG code and AI tactics to bypass security.

Sep 30
2025

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program.

Y Combinator is a startup accelerator that funds and mentors projects in their early stages, and connects founders with a network of alumni and venture capital firms.

The attacker abused GitHub’s notification system to deliver the fraudulent messages, by creating issues across multiple repositories and tagging targeted users.

Sep 28
2025

Paper information

🌍 Exciting News! 🌍

Our research team is honored to have two papers accepted at the International Astronautical Congress (IAC) 2025 in Sydney 🇦🇺. Both sessions are scheduled for October 2nd, 2025:

📄 Hybrid GEO–LEO Satellite Network for Multi-Service 5G/6G NTN Connectivity in Australia 🕙 10:15 AM | Room C4.

📄 Leveraging GEO Satellite Virtualization for Enhanced Real-Time Security in Hybrid Satellite Networks 🕜 1:30 PM | Interactive Poster B2.

Although I won’t be able to attend in person, my co-author @Muãwia Tirmizëy will be there to present on behalf of our team.

You can find more details in my LinkedIn announcement here: 👉 [ https://www.linkedin.com/feed/update/urn: li: li:

We’re looking forward to contributing to the global conversation on multi-orbit networks, 5G/6G NTN, and secure satellite connectivity. 🚀

Continue reading “Paper information” | >

Sep 27
2025

Blog

Category: cybercrime/malcode – Page 13

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

GitHub notifications abused to impersonate Y Combinator for crypto theft

Paper information

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

Researchers Expose Phishing Threats Distributing CountLoader and PureRAT

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The hidden cyber risks of deploying generative AI