Search results for obsidian | Breaking Cybersecurity News | The Hacker News

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage elaborate social engineering tactics through LinkedIn and Telegram to breach both Windows and macOS systems, approaching prospective individuals on the professional social network under the guise of a venture capital firm and then moving the conversation to a Telegram group where several purported partners are present. The Telegram group chat is engineered to lend the operation a smidgen of credibility, with the members discussing topics related to financial services and cryptocurrency liquidity solutions. The target is then instructed to use Obsidian to access what appears to be a s...

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cases hint at supply-chain spread, where one weak link reaches further than expected. Go through the whole recap. The pattern across access, execution, and control only shows up when you see it all together. ⚡ Threat of the Week Vercel Discloses Data Breach —Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident originated f...

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can’t be ignored. ⚡ Threat of the Week Improperly Patched Flaw Exploited Again in Fortinet Firewalls — Fortinet confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path," the company said. The activi...

LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware," researchers Alex Cox, Mike Kosak, and Stephanie Schneider from the LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team said . Beyond LastPass, some of the popular tools impersonated in the campaign include 1Password, Basecamp, Dropbox, Gemini, Hootsuite, Notion, Obsidian, Robinhood, Salesloft, SentinelOne, Shopify, Thunderbird, and TweetDeck, among others. All the GiHub repositories are designed to target macOS systems. The attacks involve the use of Search Engine Optimization (SEO) poisoning to push links to malicious GitHub sites on top of search results on Bing and Google, which then instruct users ...

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and Beijing Weibu Online (aka ThreatBook), the activity is designed to strategically push bogus sites to the top of search results on search engines like Microsoft Bing, specifically targeting users looking for programs like Google Chrome, Notepad++, QQ International, and iTools. "After visiting these high-ranking phishing pages, users are lured by carefully constructed download pages, attempting to download software installation packages bundled with malicious programs," CNCERT/CC and ThreatBook said. "Once installed, the program implants a backdoor Trojan without the user's k...

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...

The threat actors behind the nascent  Buhti  ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec  said  in a report shared with The Hacker News. The cybersecurity firm is tracking the cybercrime group under the name  Blacktail . Buhti was first highlighted by Palo Alto Networks Unit 42 in February 2023,  describing  it as a Golang ransomware targeting the Linux platform. Later that same month, Bitdefender revealed the use of a Windows variant that was deployed against Zoho ManageEngine products that were vulnerable to critical remote code execution flaws ( CVE-2022-47966 ). The operators have since been observed swiftly exploiting other severe bugs impacting I...

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as 'sensitive,'" the company said in a bulletin. Vercel said environment variables marked as "sensitive" are stored in an encrypted manner that prevents them from being read, and that there is currently no evidence suggesting that those values were accessed by the attacker. It described the threat actor behind the incident as "sophisticated" based on their "operational velocity and detailed understanding of Vercel's syste...

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game’s reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection. This article explains what happens to a Minecraft server during a DDoS attack and how to protect against such attacks. For an in-depth version of the article,  check out this white paper . When Creepers Breach: What Happens When an Attack Is Successful When a Minecraft server is hit with a DDoS attack, players may have problems with logging in to servers, loading worlds, navigating biomes, using tools, and chatting. They can also experience general lags, disconnections, timeouts, or server crashes. These in-game disruptions can ruin the gaming experience for players while causing financial and reputational losse...