Lateral Movement
New RoadK1ll WebSocket implant used to pivot on breached networks
A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. The malware is a Node.js implant that communicates over a custom WebSocket protocol to sustain ongoing attacker access and enable further operations. RoadK1ll was discovered by managed detection and response (MDR) provider Blackpoint […]
Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation
A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure. Over a period of 40 days, researchers at Pillar Security recorded more than 35,000 attack sessions on their honeypots, which led to discovering a large-scale cybercrime operation that monetizes and exploits access to exposed or poorly authenticated AI endpoints. […]