Tag

Backdoor

4 briefs RSS

Komari Agent Abused as SYSTEM-Level Backdoor

Threat actors are abusing the Komari monitoring agent, a project hosted on GitHub, as a SYSTEM-level backdoor following initial access through compromised VPN credentials and lateral movement via Impacket.

Defender +2 komari backdoor nssm github rat reverse shell

2r 4t 2i 4d ago

critical threat

UAT-4356 FIRESTARTER Backdoor Targeting Cisco Firepower Devices

2 rules 2 TTPs 2 CVEs 2 IOCs

UAT-4356 is actively targeting Cisco Firepower devices running FXOS, exploiting CVE-2025-20333 and CVE-2025-20362 to deploy the FIRESTARTER backdoor which allows remote access and control by injecting malicious shellcode into the LINA process.

Firepower eXtensible Operating System +2 UAT-4356 firestarter cisco backdoor network espionage

2r 2t 2c 2i 1w ago

high advisory

Malicious Chrome Extensions Stealing Data and Opening Backdoors

2 rules 6 TTPs

A coordinated campaign uses 108 malicious Chrome extensions to steal user data, inject ads, and establish backdoors on over 20,000 systems via a shared command-and-control infrastructure.

chrome-extension credential-theft backdoor ad-injection exfiltration

2r 6t 2w ago

high advisory

BPFDoor Lock File Access

2 rules 2 TTPs

BPFDoor, an evasive Linux backdoor, is detected via the unusual access of process ID and lock files in the /var/run/ directory, indicating potential malicious activity.

bpfdoor linux backdoor ebpf

2r 2t Apr 1, 2026