Hacker News with Generative AI: Backdoors

Go Module Mirror served backdoor to devs for 3 years (arstechnica.com)
A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code petitioned for it to be taken down twice.
Security, Programming, Go, Backdoors
41 points by pitwin 15 days ago | 8 comments
Patient Monitor Contec CMS8000 Contains a Backdoor (cisa.gov)
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed.
Cybersecurity, Healthcare, Vulnerabilities, Firmware, Backdoors
59 points by doener 20 days ago | 12 comments
Backdoor found in two healthcare patient monitors, linked to IP in China (bleepingcomputer.com)
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.
Cybersecurity, Healthcare, China, Backdoors, Patient Data
14 points by N19PEDL2 21 days ago | 0 comments
Someone is slipping a hidden backdoor into Juniper routers across the globe (theregister.com)
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.
Cybersecurity, Networking, Juniper, Backdoors
18 points by LinuxBender 26 days ago | 1 comments
Windows infected with backdoored Linux VMs in new phishing attacks (bleepingcomputer.com)
A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.
Cybersecurity, Phishing, Linux, Virtual Machines, Backdoors
15 points by sandwichsphinx 108 days ago | 0 comments
The XZ Backdoor Is More Interesting Than It Should Be (techdirt.com)
Security, Software, Backdoors
31 points by ianrahman 218 days ago | 0 comments
Xz sshd backdoor collecting usernames from logs (isc.sans.edu)
Cybersecurity, Security Vulnerabilities, Linux, Backdoors
143 points by babuskov 301 days ago | 10 comments
Linux Xz Backdoor Damage Could Be Greater Than Feared (thenewstack.io)
Linux, Security, Backdoors, Cybersecurity
11 points by RickJWagner 302 days ago | 18 comments
Attackers spread backdoor via eScan antivirus software update process (avast.io)
Cybersecurity, Software Updates, Backdoors, Malware
57 points by skilled 303 days ago | 56 comments
Simplifying the Xz Backdoor (wordpress.com)
Cybersecurity, Malware, Backdoors
44 points by felipec 308 days ago | 0 comments
Discovering the xz backdoor with Andres Freund [audio] (oxide.computer)
Security, Software, Audio, Backdoors
106 points by ujeezy 315 days ago | 18 comments