Others (207)
When you connect to a public Wi-Fi network, what’s the first thing you see?
Usually, a captive portal that login or “Agree to Terms & Conditions” page you click before getting access. For most people, it’s a routine step. But what if that portal wasn’t a harmless gateway, but instead a weaponized tool used by cybercriminals to infect your device?
That’s exactly what’s happening in a sophisticated cyber campaign launched by UNC6384, a threat actor now under global watch. By exploiting captive portals, UNC6384 is distributing the notorious PlugX malware, a remote access trojan capable of data theft, persistence, and further compromise.
In today’s fast-moving digital world, software supply chains have become both a cornerstone of innovation and a prime target for attackers. A recent discovery reported by The Hacker News highlights a particularly troubling case: a malicious Go module named “golang.org/x/ssh” was found imitating the legitimate SSH library to deliver backdoor access.
In the ever-evolving world of cybersecurity, every year introduces new attack methods, more sophisticated adversaries, and more critical vulnerabilities. But among the most concerning trends emerging today are pre-authentication exploit chains—a class of attacks that can allow cybercriminals to completely bypass login mechanisms and gain unauthorized access to critical systems.
