Tuesday , July 14 2026
Seedworm

Seedworm hackers found inside US bank, airline, tech networks

An Iran-related hacking group (Seedworm) has infiltrated multiple US organizations since early February, heightening fears of potential larger cyber operations linked to rising geopolitical tensions in the Middle East.

New backdoors used by Seedworm

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

Researchers from Symantec and Carbon Black have connected the activity to Seedworm (also known as MuddyWater), an Iranian group linked to the Ministry of Intelligence and Security, known for targeting government and critical infrastructure.

According to researchers, suspicious activity linked to Seedworm has been identified on the networks of:

A US bank
A US airport
Non-profit organizations, and
The Israeli operations of a US software company that supplies the defense and aerospace industries.

The activity started in early February 2026 and is still ongoing, with the group using new malware.

  • The Dindoor backdoor, named thus due to its use of Deno, a runtime environment for JavaScript and TypeScript, for executing commands on infected machines
  • A Python-based backdoor called Fakeset.

According to the researchers, Dindoor was digitally signed with a certificate issued to an individual named “Amy Cherne”. Fakeset was also signed, using using certificates attributed to both “Amy Cherne” and “Donald Gay,” the latter of which has previously been associated with the Stagecomp and Darkcomp malware used by the Seedworm APT.

The attackers appear to be spying; they aim to steal data from the software company and upload it to a Wasabi cloud storage bucket using the Rclone tool.

“While it’s not known if the operations of Seedworm are disrupted by the current conflict, already having a presence on US and Israeli networks prior to the current hostilities beginning means the threat group is in a potentially dangerous position to launch attacks,” the researchers noted.

It is unknown what tricks or exploits the APT used to gain initial access to these organizations’ networks.

Exposed VPS reveals Seedworm tooling

In related news, independent threat-intel research collective Ctrl-Alt-Intel recently claimed to have accessed infrastructure used by Seedworm / Muddy Water, which allowed them to harvest “C2 tooling, scripts, logs, victim data, and other operational artefacts from a VPS hosted in the Netherlands.”

Israeli healthcare and government organizations, EgyptAir, Jordan’s government, UAE businesses, US organizations, and Jewish/Israeli-linked NGOs.

The exposed infrastructure reveals details about a MuddyWater operation, from initial reconnaissance to data theft. The key takeaway is the scale of the operation rather than the complexity of individual tools. It involves numerous targeted organizations, several custom C2 frameworks, exploitation of various CVEs including new SQL injection vulnerabilities, password spraying, Ethereum-based C2 resolution, and multiple exfiltration methods including cloud storage and EC2 instances, the group stated.

“MuddyWater continues to demonstrate a willingness to rapidly adopt public exploit code, modify it for operational use, and deploy it at scale – all while developing custom tooling in parallel.”

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …