1010.cx – Page 10 – cybersecurity / defense / intelligence

Sapphire Sleet macOS Malware Abuses curl-to-osascript Execution for Multi-Stage Payload Delivery

·

cyber security, Cyber Security News, macOS, Malware

Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built‑in macOS protections. The infection begins with a socially engineered lure fake SDK or update AppleScript files such as Zoom SDK Update.scpt or […]

The post Sapphire Sleet macOS Malware Abuses curl-to-osascript Execution for Multi-Stage Payload Delivery appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity

·

Amazon, Amazon AWS, cloud, cyber security, Cyber Security News

Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as AWS CloudTrail and Google Cloud Logging, designed to provide comprehensive audit trails, are being actively abused by threat actors to manipulate, disable, or redirect logs, effectively “blinding” security teams while […]

The post Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat

·

cybersecurity, eset, MDR, Security, Sophos, Threat Detec, Threat Intelligence

A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
The Top 10 Attack Surface Exposures in 2026

·

Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication — anything internet-facing is immediately at risk. With time-to-exploit now down to a

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

·

Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. “Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic

·

cyber security, Cyber Security News, Windows

Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding Windows-native loading techniques and, in WIN_DRV’s case, a kernel-mode driver that substantially increases stealth and […]

The post SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys

·

AI, Cyber Attack, Cyber-Attacks, cybersecurity, DeepSeek, Developers, JetBrains, Malware, OpenAI, SCAM, Security

Hackers are using 15 malicious JetBrains plugins posing as AI coding assistants to steal DeepSeek, OpenAI, and other developer API keys.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and gain unauthorized network access. Although this vulnerability was patched in June 2026, it originated from legacy code dating back to 1999, making it one of the longest-standing authentication bypass issues in […]

The post 7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers

·

cyber security, Cyber Security News, Malware

A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily targeting gamers in China and Russia. The campaign exploits Wallpaper Engine’s “application” wallpaper type essentially standalone executables that run as animated desktop backgrounds to execute arbitrary code the moment a user […]

The post Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
144 Mastra npm Packages Compromised via Hijacked Contributor Account

·

As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity. “A single npm account (ehindero) mass-published more

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶