Administrator Rights
-
Researchers: Stealit malware uses Node.js single-executable feature to spread
Fortinet researchers said the Stealit malware campaign is abusing Node.js’ experimental Single Executable Application feature and, in some variants, Electron, to distribute stealers and a RAT via counterfeit installers on file‑sharing sites.
-
XWorm backdoor resurfaces with ransomware module and dozens of plugins
Researchers at Trellix told BleepingComputer that new XWorm variants 6.0, 6.4 and 6.5 are circulating in phishing campaigns, include more than 35 plugins and a ransomware module that encrypts user files and drops ransom instructions.
-
TA558 Deploys AI-Generated Scripts to Deliver Venom RAT, Targeting Hotels in Latin America
Kaspersky links TA558’s latest activity to the RevengeHotels cluster, where attackers use AI-generated scripts to deliver Venom RAT to hotels in Latin America through phishing emails, with goals including stealing guest credit card data and expanding their reach via AI-assisted phishing.
-
NIST Revamps Security Controls to Tighten Software Updates and Patch Management
NIST has revised its Security and Privacy Control Catalog to strengthen software update and patch management, introducing changes aimed at better incident response, root-cause analysis, and cyber resiliency to reduce the window of exposure in software supply chains.
-
Five Blind Eagle activity clusters identified, with Colombia as primary focus, researchers say
Security researchers have identified five distinct activity clusters tied to the Blind Eagle threat actor, with Colombia as the primary target, as Recorded Future’s Insikt Group tracks campaigns from May 2024 to July 2025.
-
NIST proposes AI security overlays built on SP 800-53, invites public feedback
NIST published a concept paper proposing a framework of AI security overlays built on SP 800-53 and opened a public call for input, detailing use cases like generative, predictive, and agentic AI while inviting feedback through COSAIS channels.
-
TAG-140 Group Targets Indian Government with New DRAT V2 Malware
The TAG-140 hacking group has been identified as a serious threat to Indian governmental organizations, employing a sophisticated new version of a remote access trojan called DRAT V2. This group has augmented its operations by spoofing official portals and evolving its malware capabilities, raising alarms about national security.
-
NIST Introduces New Metric for Identifying Likely Exploited Vulnerabilities in Cybersecurity
NIST has introduced a new metric, Likely Exploited Vulnerabilities (LEV), to help organizations identify which software vulnerabilities are most likely to have been exploited in cyberattacks, calling for collaboration from the cybersecurity community to validate this methodology.
-
Google Enhances Chrome Security by Blocking Admin-Level Launches
Google’s new feature for Chrome will block the browser from launching with administrative rights, enhancing security similar to measures already implemented in Microsoft Edge. This change aims to reduce the risk of malware executing with elevated permissions and compromising user systems.
