Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging
APT28 has been observed conducting cyber espionage activities focusing on Central Asia and Kazakhstan. This analysis explores a heavily obfuscated malware sample, assessing its capabilities, particularly its use of VBScript and interaction with a command-and-control server. Affected: APT28, Central Asia, Kazakhstan

Keypoints :

APT28 is engaged in cyber espionage targeting Central Asia and Kazakhstan.…
Read More
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Summary: Cybersecurity researchers have identified a new Android banking malware named Crocodilus that specifically targets users in Spain and Turkey. This sophisticated malware employs advanced techniques for device takeover and credential theft, masquerading as a legitimate application. It showcases the growing complexity and danger of modern mobile threats, especially within the banking sector.…
Read More
Major Cyber Attacks Targeting Transportation & Logistics Industry
The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…
Read More

Victim: Geass Country : IT Actor: sarcoma Source: Discovered: 2025-03-29 08:04:55.417880 Published: 2025-03-29 08:04:53.055222 Description : Geass, a dental implant and CAD-CAM technology provider based in Pozzuolo del Friuli, Italy, has fallen victim to a ransomware attack by the cybercriminal group known as Sarcoma. The breach has resulted in the leak of a substantial archive, amounting to 156 GB of sensitive data, which includes important files and SQL databases.…
Read More
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory regarding multiple critical vulnerabilities in the CHOCO TEI WATCHER mini manufactured by Inaba Denki Sangyo Co., Ltd. These vulnerabilities may allow attackers to exploit the device, compromising sensitive information and operational integrity in industrial environments.…
Read More
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks
Summary: Seqrite Labs reports on a malicious campaign using SnakeKeylogger, an advanced info-stealing malware, which employs a multi-stage infection chain and stealthy execution methods to extract sensitive data from victims. The infection begins with malicious spam emails that contain disguised executable files, leading to the deployment of sophisticated payloads that evade detection.…
Read More
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on a new malware variant called RESURGE, which has sophisticated persistence and manipulation capabilities, particularly linked to a known vulnerability in Ivanti products. The report highlights detailed mitigation measures in response to RESURGE’s exploitation of the CVE-2025-0282 vulnerability.…
Read More

Summary: The video discusses the new image generation capabilities of Chachu 4, highlighting its advancements in image restyling, detailed rendering of unique images, and improved consistency in character depiction. The presenter showcases various creative prompts that demonstrate the system’s versatility and transformative features, including turning personal photos into cartoon versions.…
Read More

Summary: The video discusses the journey of individuals breaking into the Governance, Risk, and Compliance (GRC) sector within cybersecurity. It highlights the importance of transferable skills, the value of networking, and the role of mentorship in successfully transitioning to GRC. The discussion also emphasizes the collaborative nature of cybersecurity, where a mixture of technical and business skills is essential to better communicate between technical and non-technical teams.…
Read More

Victim: Transsion Holdings Country : CN Actor: hellcat Source: Discovered: 2025-03-29 04:20:04.719045 Published: 2025-03-29 02:38:20.000000 Description : Transsion Holdings, a prominent mobile device provider based in China with an impressive revenue of .6 billion, has fallen victim to a ransomware attack orchestrated by the actor known as Hellcat.…
Read More
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Summary: Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing significant operational security flaws and exposing data linked to its activities. A critical vulnerability was identified in their Data Leak Site (DLS), allowing access to sensitive configuration files and command histories. This incident highlights the increasing complexity of ransomware operations and their interconnections in the underground economy.…
Read More

Victim: theeyeclinicsurgicenter.com – The Eye Clinic Surgicenter company Country : Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/11267670f1e1f99e723fe6d0b723fc5fc71d43c31d1b44d7e898781d35d9fac6/ Discovered: 2025-03-29 01:19:48.175219 Published: 2025-03-29 01:18:38.183803 Description : The Eye Clinic Surgicenter, a healthcare facility, has recently fallen victim to a ransomware attack attributed to the Babuk2 cybercrime group. This incident highlights the increasing vulnerability of healthcare providers to cyber threats, jeopardizing sensitive patient information and operational integrity.…
Read More

Victim: icvc.co – Instituto Cardiovascular del Cesar Country : CO Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/a256e1889036f42396e405450b4b12acd44f5adc0eacb01b0b4078ed09c1c42f/ Discovered: 2025-03-29 02:46:53.148970 Published: 2025-03-29 02:45:44.492669 Description : The Instituto Cardiovascular del Cesar (icvc.co) in Colombia has become a ransomware victim, impacted by the Babuk2 cybercriminal group. This attack has posed significant threats to the sensitive data and operations of the healthcare institution, highlighting the growing challenges faced by medical facilities in securing their systems against increasingly sophisticated cyber threats.…
Read More

Victim: brune.com.br – Group MC (conglomerate) Country : BR Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/c5fc6f5c6ce071766c550bc58b3b4f4dcc2b9d1a35ef5672aa6f4e888bb12f92/ Discovered: 2025-03-29 02:49:11.993029 Published: 2025-03-29 02:48:06.355590 Description : Brune.com.br, a conglomerate under Group MC in Brazil, has recently fallen victim to a ransomware attack orchestrated by the Babuk2 group. This incident highlights the increasing threat of cyber crime faced by large corporations, as attackers seek to exploit vulnerabilities for financial gain.…
Read More

Summary: The video discusses the vulnerabilities associated with VH backups and how ransomware gangs exploit these weaknesses to compromise sensitive data, delete backups, or encrypt data. It emphasizes the importance of securing VH servers by disconnecting them from the domain and following best practices.

Keypoints:

The flaw in backups can lead to unauthorized code presence.…
Read More

Summary: The video discusses how to install the Fing agent on a Synology NAS, a Raspberry Pi, or a Docker container to monitor networks continuously and block unwanted devices. The presenter provides a step-by-step guide on using the Synology NAS for this installation.

Keypoints:

Fing agent can be installed on a NAS, Raspberry Pi, or Docker container for 24/7 network monitoring.…
Read More
CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…
Read More

Victim: Forrest City School District Country : US Actor: rhysida Source: http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/archive.php?auction/archive.php?company=175 Discovered: 2025-03-28 23:18:48.310585 Published: 2025-03-28 23:17:04.896360 Description : The Forrest City School District, located in Forrest City, Arkansas, has fallen victim to a ransomware attack attributed to the cybercriminal group Rhysida. As a prominent educational institution in the region, the district is responsible for providing quality education to its students, but the attack has likely disrupted its operations and raised concerns about data security.…
Read More

Victim: 🚀, Launch Your Own Ransomware(RAAS) Business with Our Exclusive Ransomware Panel Source Cod… Country : Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/e38184cbe95213765772ae7675f2d9b1ef5ceedf9117e7c91a0f980136d7a3ab/ Discovered: 2025-03-28 23:52:06.313928 Published: 2025-03-28 23:50:52.557037 Description : Introducing an exclusive opportunity to launch your own Ransomware as a Service (RaaS) business with our state-of-the-art ransomware panel source code, brought to you by the notorious actor Babuk2.…
Read More