Cybercrime/malcode – Lifeboat News: The Blog

Sep 5
2025

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.

The flaw, tracked under CVE-2025–53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides.

Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious ‘_VIEWSTATE’ payloads that tricked the server into deserializing and executing them, leading to remote code execution (RCE).

Sep 4
2025

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

Cloudflare mitigated a record 11.5 Tbps DDoS attack in 35 seconds, highlighting rising hyper-volumetric threats.

Sep 4
2025

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.

“The two npm packages abused smart contracts to conceal malicious commands that installed downloader malware on compromised systems,” ReversingLabs researcher Lucija Valentić said in a report shared with The Hacker News.

Sep 4
2025

Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats

Iranian group used 104 hijacked accounts in embassy spear-phishing, exploiting geopolitical tensions for espionage.

Sep 3
2025

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

Silver Fox exploited a Microsoft-signed WatchDog driver in May 2025 to bypass defenses, deploy ValleyRAT, and enable fraud.

Sep 3
2025

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.

Sep 3
2025

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

FDN3 brute-force attacks peaked July 6–8, 2025, tied to Seychelles bulletproof hosts enabling ransomware entry.

Sep 2
2025

TransUnion suffers data breach impacting over 4.4 million people

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it’s Salesforce account.

Sep 2
2025

Amazon disrupts Russian APT29 hackers targeting Microsoft 365

Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data.

Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets “to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow.”

The Midnight Blizzard threat actor has been linked to Russia’s Foreign Intelligence Service (SVR) and is well-known for its clever phishing methods that recently impacted European embassies, Hewlett Packard Enterprise, and TeamViewer.

Sep 2
2025

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

ScarCruft’s Operation HanKook Phantom uses RokRAT malware in spear-phishing campaigns, targeting South Korean academics for espionage.