<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://cdn.filestackcontent.com/F3IvTYwoRXCcct4TxZfu" style="width: 957px; height: 413px;"/></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br/> hxxp://flying-gators-mac.com<br/> hxxp://clientesporinternet.com<br/> hxxp://finesseindia.com<br/> hxxp://zafood.net<br/> hxxp://fabricaequiposestetica.com<br/> hxxp://gonullersultani.net<br/> hxxp://justyourmessage.com<br/> hxxp://allsystemscorp.com<br/> hxxp://registrosanitarioinvima.com<br/> hxxp://fattjoints.com<br/> hxxp://buubinorthpointestates.com<br/> hxxp://hideshadow.com<br/> hxxp://erabisnis.net<br/> hxxp://datingquotes.net<br/> hxxp://bridalplaces.com<br/> hxxp://moi-npovye-sploett.com/qqqq/1.php<br/> hxxp://priceworldpublishing.com/aynk.html<br/> hxxp://nikweinstein.com/cl/google.php<br/> hxxp://walterjeffers.com/ctuk.html<br/> hxxp://barbecuechickenrecipes.org/ctuk.htm<br/> hxxp://umaiskhan.com/ztuj.html<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://gonullersultani.net/znzd.htm<br/> hxxp://erabisnis.net/znzd.htm<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>
FEATURED RESOURCES
Anomali Cyber Watch
Anomali Cyber Watch: Remcos RAT, BitB phishing, Linux Malware Framework, Supply Chain Intrusion and more
New Malware Campaign Delivers Remcos RAT Through Text-Only Staging and Living-Off-the-Land Execution. Browser-in-the-Browser Phishing Evolves into a High-Fidelity Credential Trap. Cloud-Aware Linux Malware Framework Poised for Future Threats. And More..
Anomali Cyber Watch
Anomali Cyber Watch: Cisco ISE Flaw, Ni8mare, N8scape, Zero-Click Prompt Injection and more
Anomali Cyber Watch: Cisco ISE Flaw Enables Arbitrary File Read via Administrative Access. Ni8mare and N8scape Vulnerabilities Expose n8n Automation Platforms to Full Compromise. Zero-Click Prompt Injection Abuse Enables Silent Data Exfiltration via AI Agents. Phishing Attacks Exploit Misconfigured Email Routing to Spoof Internal Domains. Ransomware Activity in the U.S. Continued to Rise in 2025. Android Ghost Tap Malware Drives Remote NFC Payment Fraud Campaigns. Black Cat SEO Poisoning Malware Campaign Exploits Software Search Results. MuddyWater Upgrades Espionage Arsenal with RustyWater RAT in Middle East Spear-Phishing. China-Linked ESXi VM Escape Exploit Observed in the Wild. Instagram Denies Data Breach Despite Claims of 17.5 Million Account Data Leak
Anomali Cyber Watch
Anomali Cyber Watch: OWASP Agentic AI, MongoBleed, WebRAT Malware, and more
Real-World Attacks Behind OWASP Agentic AI Top 10. MongoDB Memory Leak Vulnerability “MongoBleed” Actively Exploited. WebRAT Malware Spread via Fake GitHub Proof of Concept Exploits. Trusted Cloud Automation Weaponized for Credential Phishing. MacSync macOS Stealer Evolves to Abuse Code Signing and Swift Execution. Claimed Resecurity Breach Turns Out to Be Honeypot Trap. Cybersecurity Professionals Sentenced for Enabling Ransomware Attacks. Google Tests Nano Banana 2 Flash as Its Fastest Image AI Model. RondoDox Botnet Exploits React2Shell to Hijack 90,000+ Systems. Critical n8n Expression Injection Leads to Arbitrary Code Execution