Data Breaches

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

November 19, 2025

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure

Subscribe to HackenPost

Get notified of the latest updates from Hackenpost.

Data Breaches

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

November 19, 2025

Data Breaches

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

November 19, 2025

Hand-Picked Top-Read Stories

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Trending Tags

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Leave a Reply Cancel reply

Subscribe to HackenPost

Previous Post

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Next Post

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software