Cybercrime/malcode – Lifeboat News: The Blog

Nov 25
2025

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Once installed, the malware is designed to launch a core module that’s responsible for loading other plugins embedded in the shellcode into memory. It also comes fitted with a variety of anti-detection and persistence techniques. The activity has not been attributed to any known threat actor or group.

“After the proof-of-concept (PoC) exploit code for the vulnerability was publicly released, attackers quickly weaponized it to distribute ShadowPad malware via WSUS servers,” AhnLab said. “This vulnerability is critical because it allows remote code execution with system-level permission, significantly increasing the potential impact.”

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Nov 25
2025

Malicious Blender model files deliver StealC infostealing malware

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader.

Blender is a powerful open-source 3D creation suite that can execute Python scripts for automation, custom user interface panels, add-ons, rendering processes, rigging tools, and pipeline integration.

If the Auto Run feature is enabled, when a user opens a character rig, a Python script can automatically load the facial controls and custom UI panels with the required buttons and sliders.

Nov 25
2025

ClickFix attack uses fake Windows Update screen to push malware

ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images.

ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system.

The attack has been widely adopted by cybercriminals across all tiers due to its high effectiveness and has continually evolved, with increasingly advanced and deceptive lures.

Nov 25
2025

Real-estate finance services giant SitusAMC breach exposes client data

SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data.

As a real-estate (commercial and residential) financing firm, SitusAMC handles back-office operations in areas like mortgage origination, servicing, and compliance for banks and investors.

The company generates around $1 billion in annual revenue from 1,500 clients, some of whom are banking giants like Citi, Morgan Stanley, and JPMorgan Chase.

Nov 25
2025

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.

The malicious packages have been added to NPM (Node Package Manager) over the weekend to steal developer and continuous integration and continuous delivery (CI/CD) secrets. The data is automatically posted on GitHub in encoded form.

At publishing time, GitHub returned 27,600 results corresponding to entries related to the recent attack.

Nov 24
2025

Japan chip plants to face cybersecurity mandate as condition for subsidies

Government turns recommendations into requirements as crippling attacks rise

Nov 23
2025

Trust, Technology, Human Factors: The Foundation Of Cyber Resilience

#cybersecurity #ai #tech #trust #resilience #humanfactors

There is a need for increased Trust in this era of swift technological progress, where AI, automation, and deepfakes are threatening the cybersecurity landscape.

Nov 22
2025

Wargaming: The surprisingly effective tool that can help us prepare for modern crises

Consider the following scenario. There’s a ransomware attack, enhanced by AI, which paralyzes NHS systems—delaying medical care across the country.

Nov 22
2025

CISA warns Oracle Identity Manager RCE flaw is being actively exploited

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025–61757 that has been exploited in attacks, potentially as a zero-day.

CVE-2025–61757 is a pre-authentication RCE vulnerability in Oracle Identity Manager, discovered and disclosed by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw.

The flaw stems from an authentication bypass in Oracle Identity Manager’s REST APIs, where a security filter can be tricked into treating protected endpoints as publicly accessible by appending parameters like?WSDL or ;.wadl to URLpaths.

Nov 21
2025

From Generative To Agentic: The New Era Of AI Autonomy In 2026

#artificialintelligence

Agentic AI is a form of artificial intelligence that does more than just generate; it will act, reason somewhat, collaborate, and execute on its own. Agentic AI transforms its role from a limited tool to that of a collaborative coworker.

This shift affects various sectors, including cybersecurity, national defense, healthcare, key infrastructure, finance, supply chains, and corporate automation. Additionally, it accelerates the integration of robotics, neuromorphic systems, sensor-driven edge computing, and artificial intelligence.

Systems with the ability to plan and pursue goals characterize Agentic AI. IIt combines APIs and tools, engages with dynamic environments, makes decisions, uses reasoning, and continues to learn and adapt.