Author: Cyble

Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks 
Threat actors exploited four vulnerabilities in Ivanti Cloud Service Appliances (CSA) to conduct attacks on multiple organizations in September. The FBI and CISA have issued an advisory urging users to upgrade their systems and implement threat hunting techniques. The vulnerabilities, suspected to be linked to sophisticated nation-state actors, were used to gain access, execute code, and implant web shells.…
Read More
Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others
Key vulnerabilities in major platforms such as SAP, Microsoft, and Fortinet have been identified, necessitating immediate attention due to active exploitation by threat actors. The vulnerabilities include privilege escalation, unauthorized access, and critical flaws in widely used applications. Affected: SAP, Microsoft, Fortinet

Keypoints :

Cyble Research and Intelligence Labs (CRIL) analyzed vulnerabilities disclosed between January 8 and 14, 2025.…
Read More
HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
HexaLocker V2 is a newly updated ransomware variant that incorporates advanced functionalities such as a persistence mechanism, a data exfiltration process using Skuld Stealer, and enhanced encryption methods. The ransomware targets Windows systems, employing a double extortion tactic by stealing and encrypting files. Affected: HexaLocker, Skuld Stealer

Keypoints :

HexaLocker was first discovered in mid-2024, with version 2 introducing significant updates.…
Read More

Summary :

Cyble’s latest Sensor Intelligence report reveals a surge in malware, phishing, and IoT vulnerabilities, highlighting critical threats and vulnerabilities that organizations must address. #CyberThreats #MalwareSurge #IoTVulnerabilities

Keypoints :

Cyble has identified multiple instances of exploitation attempts, malware intrusions, financial fraud, and brute-force attacks. The report covers various vulnerabilities including high-profile malware variants and CVE attempts.…
Read More

Summary :

The Romanian National Cyber Security Directorate has issued a critical advisory for the energy sector to scan for LYNX ransomware following a significant attack on the Electrica Group. Proactive measures are essential to mitigate risks and protect sensitive data. #LYNXRansomware #CyberSecurity #EnergySector

Keypoints :

The Romanian National Cyber Security Directorate (DNSC) has issued an advisory for the energy sector.…
Read More
Summary: A recent cyberattack campaign targeting the manufacturing sector has been identified, utilizing a malicious LNK file disguised as a PDF. The attackers leverage various Living-off-the-Land Binaries and sophisticated evasion techniques to deploy the Lumma stealer and Amadey bot, aiming to exfiltrate sensitive information. #ManufacturingSecurity #MaliciousLNK #CyberThreats Keypoints: Cyble Research and Intelligence Labs (CRIL) discovered a malicious campaign targeting the manufacturing industry.…
Read More
Summary: The Ursnif malware campaign targets business professionals in the U.S. using a sophisticated multi-stage infection method. It begins with a malicious LNK file disguised as a PDF, which executes a series of payloads leading to the deployment of Ursnif, a banking trojan. This campaign highlights the advanced techniques employed by cybercriminals to evade detection and steal sensitive information.…
Read More

Summary:

The German CERT has issued a critical warning regarding the exploitation of two vulnerabilities in Palo Alto Networks’ PAN-OS, urging immediate patching to prevent unauthorized access and command execution. These vulnerabilities, CVE-2024-0012 and CVE-2024-9474, pose significant risks to organizations worldwide. The urgency for remediation is heightened as active attacks are already underway.…
Read More
Short Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog due to a critical vulnerability (CVE-2024-47575) with a CVSS score of 9.8. This vulnerability allows remote, unauthenticated attackers to execute arbitrary commands or code, posing significant risks to organizations.…

Read More
Short Summary

Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated multi-stage malware attack targeting job seekers and digital marketing professionals, particularly those involved with Meta Ads. The attack uses a malicious LNK file to deploy Quasar RAT, employing various evasion techniques to avoid detection and maintain persistence on compromised systems.…

Read More
Short Summary:

The “ErrorFather” campaign, identified by Cyble Research and Intelligence Labs, utilizes an undetected Cerberus Android Banking Trojan payload. This sophisticated malware employs a multi-stage infection chain, including session-based droppers and encrypted payloads, making detection challenging. The campaign has ramped up since September 2024, showcasing advanced techniques like keylogging, overlay attacks, and a Domain Generation Algorithm (DGA) for resilient command and control operations.…

Read More
Short Summary

Cyble Research and Intelligence Labs (CRIL) has discovered a new loader builder named “MisterioLNK,” which is open-source and available on GitHub. This tool allows threat actors to create obfuscated files that evade detection by traditional security systems. MisterioLNK supports multiple scripting formats and obfuscation techniques, making it a significant challenge for cybersecurity defenses.…

Read More
Short Summary:

The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques to execute malware that evades detection and steals sensitive information from compromised systems.

Key Points: Patchwork APT group continues targeting Chinese and Bhutanese entities.…
Read More