IntelThe BlueNoroff cryptocurrency hunt is still on
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure.
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
This analysis examines the VVS stealer, a Python-based malware targeting Discord users to steal sensitive information like credentials and tokens. The stealer employs Pyarmor for obfuscation, hindering analysis and detection. Key capabilities include exfiltrating Discord data, injecting malicious code into Discord processes, extracting web browser data, achieving persistence, and displaying fake error messages. The malware uses AES-128-CTR encryption and leverages Discord webhooks for data exfiltration. Advanced obfuscation techniques like Pyarmor's BCC mode and string encryption are detailed. The analysis demonstrates how legitimate tools can be misused to create stealthy malware, highlighting the need for improved defenses against credential theft and account abuse.
Critical Privilege Escalation Vulnerability in Modular DS plugin affecting 40k+ Sites exploited in the wild
A critical unauthenticated privilege escalation vulnerability has been discovered in the Modular DS WordPress plugin, affecting over 40,000 sites. The flaw allows attackers to bypass authentication and gain admin access. Exploitation attempts have been observed in the wild, with attackers creating unauthorized admin accounts. The vulnerability stems from flawed route handling and authentication mechanisms. Patchstack has issued mitigation rules and assigned CVE-2026-23550. The plugin developer has released version 2.6.0 to address the issue. Users are urged to update immediately. Additional exploit paths were later discovered, leading to the assignment of CVE-2026-23800. The vulnerability highlights the dangers of implicit trust in internal request paths when exposed to the public internet.