GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts
Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.
Search across headline titles and summaries.
Background for this topic.
Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.
Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts
The attack exploits the polyfill.io domain, which was recently acquired by Funnull, a China-based entity
Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S
An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor
Cisco has patched a zero-day vulnerability exploited by a Chinese APT group to compromise Nexus switches
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. [...]
Vulnerability Can Allow Authentication Bypass; No Evidence of Exploitation YetJuniper Networks released an out-of-band fix for a maximum-severity vulnerability that can allow hackers to bypass authentication in three Juniper products. The CVSS 10-rated bug could allow an attacker to take full control of a compromised system.
A newly discovered RCE vulnerability, which can lead to full system compromise, has put over 14 million OpenSSH server instances are potentially at risk, according to Qualys
Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware
BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [...]
BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [...]