The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down. The name of the package closely resembles popular legitimate packages: http-proxy-agent, which has approximately 70 million weekly downloads, and https-proxy-agent with 90 million downloads respectively.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Mitsubishi Electric discloses security breach, China is main suspect
January 20, 2020
In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi ...
- Emotet Malware Dabbles in Extortion With New Spam Template
January 20, 2020
The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and ...
- Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601
January 17, 2020
Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) certificates and Public Key Infrastructure (PKI) trust. Enterprises and users are advised to patch their ...
- FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
January 17, 2020
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the ...
- New JhoneRAT Malware Targets Middle East
January 17, 2020
Researchers are warning of a new remote access trojan (RAT), dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ computers and is also able to download additional payloads. Evidence shows that the attackers behind JhoneRAT ...
- Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided
January 17, 2020
On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited targeted attacks exploiting the flaw. All ...