4.2M hosts, including VPNs and routers, face risks from unencrypted tunneling protocols like GRE6 enabling DDoS.
Category: cybercrime/malcode – Page 7
“Code executed in this early boot phase can persist on the system, potentially loading malicious kernel extensions that survive both reboots and OS reinstallation,” the CERT Coordination Center (CERT/CC) said. “Additionally, it may evade detection by OS-based and endpoint detection and response (EDR) security measures.”
Malicious actors could further expand the scope of exploitation by bringing their own copy of the vulnerable “reloader.efi” binary to any UEFI system with the Microsoft third-party UEFI certificate enrolled. However, elevated privileges are required to deploy the vulnerable and malicious files to the EFI system partition: local administrator on Windows and root on Linux.
The Slovakian cybersecurity firm said it responsibly disclosed the findings to the CERT/CC in June 2024, following which Howyar Technologies and their partners addressed the issue in the concerned products. On January 14, 2025, Microsoft revoked the old, vulnerable binaries as part of its Patch Tuesday update.
Threat actors embed malware like VIP Keylogger in images via phishing emails and Base64 encoding, leveraging. NET loaders and GenAI-written scripts to.
Malvertising targets Google Ads users, redirecting to phishing sites that steal credentials, budgets, and 2FA codes.
“By compromising developer accounts, attackers not only exfiltrate intellectual property but also gain access to cryptocurrency wallets, enabling direct financial theft,” the company said. “The targeted theft of private and secret keys could lead to millions in stolen digital assets, furthering the Lazarus Group’s financial goals.”
The malware architecture adopts a modular design and is flexible, and capable of working across Windows, macOS, and Linux operating systems. It also serves to highlight the ever-evolving and adaptable nature of nation-state cyber threats.
“For North Korea, hacking is a revenue generating lifeline,” Sherstobitoff said. “The Lazarus Group has consistently funneled stolen cryptocurrency to fuel the regime’s ambitions, amassing staggering sums. With Web3 and cryptocurrency industries booming, Operation 99 zeroes in on these high-growth sectors.”
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
The vulnerability in question is CVE-2024–44243 (CVSS score: 5.5), a medium-severity bug that was addressed by Apple as part of macOS Sequoia 15.2 released last month. The iPhone maker described it as a “configuration issue” that could permit a malicious app to modify protected parts of the file system.
“Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, bypass Transparency, Consent and Control (TCC), and expand the attack surface for additional techniques and exploits,” Jonathan Bar Or of the Microsoft Threat Intelligence team said.
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data.
Researchers at webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code.
From AI-driven defense to evolving ransomware tactics, here’s what cybersecurity industry leaders and experts are preparing for this year.
The rapid evolution of artificial intelligence is transforming cybersecurity, offering unprecedented opportunities to defend against increasingly complex and automated threats. AI is no longer a support tool—it’s emerging as a central pillar of modern security strategies. From detecting anomalies and automating threat responses to augmenting security teams, AI is enabling defenders to act faster, scale their operations, and outpace attackers. However, as the technology advances, significant challenges remain, from adversarial AI to the cultural inertia of legacy systems.
Tomer Weingarten, CEO of SentinelOne, and Richard Stiennon, research analyst with IT-Harvest and author of Security Yearbook 2024, both highlight the potential—and limitations—of AI in cybersecurity. “It’s very early days for AI in security,” says Stiennon. “I have found 84 startups with various AI agents or which hope to deploy guardrails to protect companies from mishandling of data by users of AI. It’s way too early to say that any of them are having an impact on the ecosystem. That said, the future is clear. AI will be part of every cyber defense position.”
Weingarten echoes this sentiment, noting that AI’s role is rapidly expanding but far from mature. “AI is no longer just about supporting cybersecurity—it’s fundamentally changing how we secure systems, anticipate threats, and automate responses,” he explains.