Tag: hackers

Malware found hidden in image files, can dodge antivirus detection entirely — VirusTotal discovers undetected SVG phishing campaign

Scalable vector graphics (.svg) files are lightweight, XML-based images that render at any resolution. They’re usually harmless, but they can also contain active code, and hackers appear to be relying on them more often as a means to stealthily deliver malware.

A new report from VirusTotal shows just how far that tactic has evolved, unearthing a campaign that used weaponized SVGs to drop malware, spoof a government agency, and dodge antivirus detection entirely.

44 previously undetected phishing SVG

In its report published September 4, the Google-owned scanning platform said its Code Insight system had flagged an SVG file masquerading as a legal notification from Colombia’s judicial system.

When opened, the file rendered a realistic-looking web portal in-browser, complete with a fake progress bar and download button. That button then delivered a malicious ZIP archive containing a signed Comodo Dragon browser executable, along with a malicious .dll file that would be sideloaded if the .exe was run. This would then install more malware on the system.

The attack relied on a known but often overlooked feature that SVGs support embedded HTML and JavaScript. This means that they can be used like mini web pages — or, as in this case, full phishing kits — even when attached to an email or hosted on cloud storage. VirusTotal’s retrospective scan tied 523 SVG files to the same campaign, with 44 completely undetected by any antivirus engine at the time of submission.

Keep reading

Mystery Hacker Used AI To Automate ‘Unprecedented’ Cybercrime Rampage

A hacker allegedly exploited Anthropic, the fast-growing AI startup behind the popular Claude chatbot, to orchestrate what authorities describe as an “unprecedented” cybercrime campaign targeting nearly 20 companies, according to a report released this week.

The report, published by Anthropic and obtained by NBC News, details how the hacker manipulated Claude to pinpoint companies vulnerable to cyberattacks. Claude then generated malicious code to pilfer sensitive data and cataloged information that could be used for extortion, even drafting the threatening communications sent to the targeted firms.

NBC News reports:

The stolen data included Social Security numbers, bank details and patients’ sensitive medical information. The hacker also took files related to sensitive defense information regulated by the U.S. State Department, known as International Traffic in Arms Regulations.

It’s not clear how many of the companies paid or how much money the hacker made, but the extortion demands ranged from around $75,000 to more than $500,000, the report said.

Jacob Klein, head of threat intelligence for Anthropic, said the campaign appeared to be the work of a hacker operating outside the U.S., but did not provide any additional details about the culprit.

We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques,” Klein said.

Anthropic’s findings come as an increasing number of malicious actors are leveraging AI to craft fraud that is more persuasive, scalable, and elusive than ever. A SoSafe Cybercrime Trends report reveals that 87% of global organizations encountered an AI-driven cyberattack over the past year, with the threat gaining momentum.

AI is dramatically scaling the sophistication and personalization of cyberattacks,” said Andrew Rose, Chief Security Officer at SoSafe. “While organizations seem to be aware of the threat, our data shows businesses are not confident in their ability to detect and react to these attacks.”

Artificial intelligence is not only a tool for cybercriminals – it is also broadening the vulnerabilities within organizations. As companies rush to adopt AI-driven tools, they may inadvertently expose themselves to new risks.

Even the benevolent AI that organisations adopt for their own benefit can be abused by attackers to locate valuable information, key assets or bypass other controls,” Rose continued.

Keep reading

Victim Loses $91M in Bitcoin in Social Engineering Scam: ZachXBT

A fraudster posing as a hardware wallet support agent tricked the target into handing over wallet credentials.

What to know:

  • A victim lost 783 BTC in a social engineering scam after an attacker impersonated hardware wallet support.
  • The stolen funds were funneled through multiple deposits into Wasabi Wallet, a privacy tool used to mask transaction trails.
  • The hack came exactly one year after the $243M Genesis creditor theft, underscoring ongoing vulnerabilities in crypto security.

Blockchain sleuth ZachXBT uncovered a high-profile social engineering attack on Thursday, with the victim losing 783 BTC worth around $91.4 million.

The scam occurred on Aug. 19 and involved the attacker posing as a support agent for a hardware wallet before duping the victim into handing over wallet credentials.

The attack mirrors a string of social engineering attacks over the past year and contributes to an already woeful year in terms of hacks and scams, with crypto investors losing $3.1 billion in the first half of 2025.

Once the malicious transfer was made, the funds began their journey through a typical laundering process, with multiple deposits made into Wasabi Wallet, a privacy tool commonly used to obfuscate the trail.

The hack occurred exactly one year after the $243 million Genesis creditor theft, a landmark event that sent ripples across the industry and led to the arrest of 12 people in California in May.

Keep reading

1.7 Mln Losses Exposed After Russian Hackers Crack Ukrainian General Staff Database

The KillNet group hacked the Ukrainian general staff’s database containing information on 1.7 million killed and missing Ukrainian servicemen.

“We can confirm, of course,” a KillNet representative told Sputnik when asked if they indeed have proof of such losses.

The hackers also shared a number of photos of deceased Ukrainian soldiers, their passports and military IDs, death certificates, and tags.

Keep reading

Vulnerabilities exposed: Israeli company reveals how users can hack ChatGPT accounts remotely

Israeli cybersecurity company Zenity revealed what it defines as the first-ever “Zero Click” vulnerability in OpenAI’s ChatGPT service, showing how one could take control of a ChatGPT account and extract sensitive information without the user clicking a link, opening a file, or performing any deliberate action.

The demonstration was conducted by Mikhail Bergori, co-founder and CTO of Zenity, during the Black Hat 2025 conference held this week in Las Vegas, in the US.

He showed how a hacker could exploit the system using only the user’s email address to gain full control over the user’s chat, including access to both past and future conversations, altering the conversation’s goals, and guiding the chat to act on behalf of the hacker.

JPost Videos

During the lecture, it was demonstrated how the attacked ChatGPT became a malicious agent operating covertly against the user. The researchers pointed out how the hacker could prompt the chatbot to suggest that the user download a certain virus, recommend incorrect business tips, or even access files stored on Google Drive as long as they were connected to the account. 

All of this could be done without the user ever realizing that something had gone wrong. The vulnerability was fully patched only after Zenity reported it to OpenAI.

Keep reading

From helpdesk to havoc: Why Clorox is suing Indian company for $380 million

In a San Francisco courtroom, the Clorox Company recently dropped a legal bombshell – a $380 million lawsuit against Indian-American information technology company Cognizant, alleging gross negligence in a 2023 cyberattack.

In the complaint dated July 22, 2025, Clorox contends a hacker simply called Cognizant’s helpdesk, lied about being an employee and was handed network credentials – no identity verification, no oversight, just a password transfer. The resulting cyberattack ended up paralyzing Clorox’s operations, costing upwards of $49 million in remediation and much more in lost business.

Offshoring ecosystem under the microscope

Cognizant, though officially headquartered in New Jersey, was founded in Chennai, India in 1994, and now employs over 250,000 people across India, providing everything from software development to helpdesk services for global corporations. Industry analysts have warned that shifting U.S. companies’ sensitive customer data offshore exposes Americans to significant privacy risks. India lacks comprehensive data privacy laws or an enforcement body like the Federal Trade Commission.

While offshoring offers cheap labor and scalability, it also creates layers of separation between U.S.-based clients and the employees handling their data. Those layers can conceal critical weaknesses.

Clorox case: A failed firewall

In Clorox’s telling, the hacker didn’t crack advanced encryption or “spear-phish” executives. He just called Cognizant on the phone and lied about who and what he was. That was enough. Cognizant agents reset the account, handed over passwords and reopened Clorox’s VPN access without a single identity check. Agents reportedly said phrases like: “Here’s the password … Welcome …”

Cognizant disputes the claim, saying its contract with Clorox, dating back to 2013, covered only helpdesk tasks, not broader cybersecurity responsibilities. Cognizant characterized Clorox’s own defenses as “inept,” calling the attack partly Clorox’s fault.

Keep reading

In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network

Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution’s ATM system, researchers reported Wednesday.

The researchers with security firm Group-IB said the “unprecedented tactic allowed the attackers to bypass perimeter defenses entirely.” The hackers combined the physical intrusion with remote access malware that used another novel technique to conceal itself, even from sophisticated forensic tools. The technique, known as a Linux bind mount, is used in IT administration but had never been seen used by threat actors. The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on.

End goal: Backdooring the ATM switching network

The Raspberry Pi was connected to the same network switch used by the bank’s ATM system, a position that effectively put it inside the bank’s internal network. The goal was to compromise the ATM switching server and use that control to manipulate the bank’s hardware security module, a tamper-resistant physical device used to store secrets such as credentials and digital signatures and run encryption and decryption functions.

The group behind the attack is tracked in the industry under the name UNC2891. The financially motivated threat group has been active since at least 2017 in targeting the infrastructures of banks. It has earned a well-deserved reputation for proficiency in its use of custom malware in attacks targeting Linux, Unix, and Oracle Solaris systems.

In 2022, Google’s Mandiant division said it had observed UNC2891 spending years inside a targeted network, during which time the intrusion went largely unnoticed. Mandiant researchers went on to identify CakeTap, a custom rootkit for Solaris systems. Among other things, CakeTap manipulated messages passing through an infected ATM switching network, most likely for use in unauthorized cash withdrawals using fraudulent bank cards. Mandiant documented two other custom pieces of malware, which the company named SlapStick and TinyShell.

Group-IB’s report on Wednesday shows that UNC2891 is still active and finding new and advanced ways to burrow into bank networks without detection.

“One of the most unusual elements of this case was the attacker’s use of physical access to install a Raspberry Pi device,” Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong wrote. “This device was connected directly to the same network switch as the ATM, effectively placing it inside the bank’s internal network. The Raspberry Pi was equipped with a 4G modem, allowing remote access over mobile data.”

To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank’s monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center.

Keep reading

Did Microsoft Hand China Front Row Access to the Pentagon?

Let’s set the stage: Imagine Fort Knox, doors flung wide open, while a tour group from the Chinese Communist Party strolls through the vault with full access badges. Ridiculous? Sure. But swap out gold for data, and you’re not far off from what just happened with Microsoft, China-based engineers, and — wait for it — the U.S. military.

According to reports, we now know that Microsoft, the federal government’s longtime tech golden child, may have handed China a backstage pass to America’s most sensitive defense systems. Not through hacking or espionage — but through corporate hubris, off-the-books programming, and a terrifying lack of oversight.

A dangerous Microsoft initiative allowed China-based engineers working for Microsoft access to elements of the software powering our military’s digital infrastructure. And just to really spice things up, this may not have been properly disclosed to the Department of Defense.

In response, Senator Tom Cotton (R-AR) fired off a letter demanding answers. He wants to know what kind of access those engineers had, what vetting (if any) was done, and how a critical contractor failed to flag a program that sounds like it was cooked up in a spy novel.

This isn’t about paranoia — it’s about pattern recognition. China has been engaged in digital warfare against the West for years. From the OPM breach to targeting our infrastructure and tech companies with AI-driven cyberattacks, they’ve made it clear: they want our secrets, our systems, and ultimately, control of the digital battlefield.

And what have we done in response? We’ve outsourced vital software development to a tech company that couldn’t be bothered to mention Chinese nationals working on Defense Department tools.

Let that sink in.

Even worse, this comes amid a staggering spike in Microsoft vulnerabilities. The company’s systems have been peppered with Common Vulnerabilities and Exposures (CVEs) — some of them so severe they allow unauthorized access with a single email. One CVE error allowed attackers to exploit Outlook without user interaction. Just receiving the message triggered it. No click, no download — just a digital grenade in your inbox.

If you think a foreign adversary wouldn’t weaponize those kinds of flaws, bless your heart. But the rest of us should be alarmed that these exploits — paired with offshored engineering — could mean that China didn’t need to break into the Pentagon’s systems. They may have simply been invited in.

This crisis underscores a larger failure: our total underestimation of endpoint security. In a world where cyberattacks can be launched from an internet café or a basement across the globe, the last line of defense isn’t just software firewalls — it’s every connected device in the network. And right now, that defense is leaking like a sieve.

Keep reading

Hackers breach intelligence website used by CIA

Unidentified hackers recently compromised a major intelligence website used by the CIA and other agencies to submit details of sensitive contracts, according to the National Reconnaissance Office, the spy satellite service that runs the site.

The breach targeted proprietary intellectual property and personal information submitted on the Acquisition Research Center website in support of several innovative CIA spying programs.

In addition to the intelligence website hack, Microsoft revealed this week that Chinese state hackers compromised the Department of Energy’s National Nuclear Security Administration, a central nuclear weapons agency.

National Reconnaissance Office spokesman told The Washington Times: “We can confirm that an incident involving our unclassified Acquisition Research Center website is currently being investigated by federal law enforcement. We do not comment on ongoing investigations.”

The extent of the breach is not fully known, but people familiar with the activity said hackers likely obtained information on key technologies for CIA operations.

Other potential areas of compromise could include the Space Force, its efforts to build surveillance satellites and space weapons, and the Golden Dome missile defense program.

Data from one highly sensitive program, Digital Hammer, was compromised, said people familiar with the hacking.

Digital Hammer compiles cutting-edge technologies for human intelligence gathering, surveillance and counterintelligence operations. The program focuses on the threat of Chinese intelligence and information operations.

Keep reading

Tea App Leak Shows Why UK’s Digital ID Age Verification Laws are Dangerous

The UK’s Online “Safety” Act, legislation marketed as a safety net for children, was rolled out with all the foresight of a toddler launching a space program. Now, any site hosting “potentially harmful” content could be required to collect real-world ID, face scans, or official documents from users.

What could go wrong? Ask Tea, the women-centric dating gossip app that went viral by promising empowerment, then faceplanted into one of the most dangerous data breaches of the year. Their Firebase server, housing tens of thousands of selfies and government-issued IDs, was left wide open to anyone with a link.

This is the real-world consequence of lawmakers selling digital ID mandates as a solution to online harm: private companies getting access to sensitive personal data with all the discretion of a parade float, and then dropping it into the laps of the entire internet.

Let’s pause for a moment and appreciate the cosmic genius it takes to build an app allegedly designed to protect women, and then expose all of their private data to the world with the finesse of a first-time hacker copying a URL.

Tea, the dating app that rocketed to the top of the App Store by selling anonymity, safety, and empowerment, before face-planting into the Firebase server floor, spraying driver’s licenses and selfies like a busted confetti cannon.

Keep reading