Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.

A newly disclosed hardware-based attack, dubbed Battering RAM, enables attackers to bypass memory encryption protections in Intel SGX and AMD SEV-SNP technologies. It leverages a low-cost DDR4 interposer to manipulate memory access.

Multiple critical vulnerabilities were discovered in Chaos Mesh, an open-source chaos engineering platform for Kubernetes. These flaws, collectively named "Chaotic Deputy," allow unauthenticated in-cluster attackers to execute arbitrary commands.

A large-scale mobile ad fraud operation dubbed SlopAds exploited 224 Android apps, amassing over 38 million downloads across 228 countries. The campaign generated up to 2.3 billion ad bid requests daily by leveraging hidden WebViews and steganography

A new AI-powered penetration testing tool named Villager has garnered nearly 11,000 downloads on PyPI. Villager’s AI-driven architecture enables large-scale, parallelized exploitation.

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.

A newly discovered Android banking trojan named RatOn demonstrates a significant leap in mobile malware sophistication. RatOn combines overlay attacks, NFC relay tactics, and an Automated Transfer System (ATS).

A set of 45 previously unreported domains linked to the China-affiliated threat actors Salt Typhoon and UNC4841 has been uncovered, revealing a longstanding cyber espionage campaign dating back to May 2020.

TAG-150 has been working on CastleRAT since March, with the threat actor leveraging a multi-tiered infrastructure comprising Tier 1 victim-facing C2 servers, as well as Tier 2 and Tier 3 servers that are mostly VPSes, and Tier 4 backup servers.