Author: SecurityOnline

Victim: Signal, Discord | Signal, Discord Price: N/A Data: User geolocation data

Keypoints :

0-click deanonymization attack capable of exposing user locations. Targets applications including Signal and Discord. Leverages caching mechanisms in Cloudflare’s infrastructure. Can infer user geolocations within a 250-mile radius without user interaction. Demonstrated on Signal by sending an attachment via CDN.…
Read More
Victim: IntelBroker | IntelBroker Price: Not disclosed Data: Email addresses, IP addresses, operational tactics Keypoints :

Cybercriminal Profile: IntelBroker is a prominent figure in the cybercrime landscape, known for high-profile data breaches and ransomware attacks. Notable Breaches: His portfolio includes breaches of major entities like AMD, Europol, and Cisco.…
Read More
Summary: The Middle East is experiencing a surge in sophisticated real estate scams that exploit digital platforms, particularly targeting expatriates and newcomers. Scammers utilize fraudulent advertisements and manipulated rental agreements to deceive victims, often resulting in significant financial losses. Group-IB’s report highlights the operational scale of these scams and emphasizes the need for enhanced fraud detection and proactive measures by organizations.…
Read More
Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts
Summary: A sophisticated phishing campaign has been uncovered, where cybercriminals use fraudulent Google Ads to target advertisers, redirecting them to fake login pages. This operation exploits the trust in Google’s ad platform to steal credentials, which are then used to hijack accounts for malicious purposes. The scheme has been observed globally, with multiple distinct groups involved in executing the attacks.…
Read More
Victim: FortiGate Users | FortiGate Price: N/A Data: VPN Credentials, Firewall Configurations

Keypoints :

Threat Actor: Belsen Group Number of Exposed Configurations: Over 15,000 Data Types Leaked: Usernames, passwords (some in plain text), device management certificates, complete firewall rule sets Vulnerability Exploited: CVE-2022-40684 Data Organization: Categorized by country with individual IP addresses Potential Risks: Unauthorized network access and exploitation of sensitive information Expert Confirmation: Kevin Beaumont verified the authenticity of the leaked data

Cybersecurity expert Kevin Beaumont has reported that over 15,000 FortiGate firewall configurations, including VPN credentials, have been publicly leaked by a group calling itself “Belsen Group.”…

Read More
Millions Stolen: North Korea Hackers Target Blockchain Industry
Summary: The United States, Japan, and the Republic of Korea have issued a warning regarding North Korea’s cyber actors targeting the global blockchain technology industry, emphasizing the threat of cryptocurrency theft. This joint statement highlights the sophisticated tactics employed by these actors and the need for enhanced collaboration to mitigate the risks.…
Read More
Summary: A new report from Arctic Wolf Labs reveals a campaign targeting Fortinet FortiGate firewalls, where threat actors exploited vulnerabilities to manipulate configurations and gain unauthorized access. The campaign, observed between November and December 2024, involved multiple phases of exploitation affecting various organizations.Threat Actor: Unknown | unknown Victim: Organizations using Fortinet FortiGate firewalls | organizations using Fortinet FortiGate firewalls

Key Point :

Threat actors exploited management interface vulnerabilities to alter configurations and extract credentials.…
Read More
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
Summary: Security researchers have uncovered a cyber espionage campaign known as the “Double-Tap Campaign,” linked to Russia’s APT28, targeting intelligence collection in Central Asia, particularly Kazakhstan. The campaign utilizes legitimate documents as spearphishing bait, showcasing a sophisticated infection chain involving advanced malware techniques.

Threat Actor: UAC-0063 | APT28 Victim: Kazakhstan | Kazakhstan

Key Point :

The campaign employs a “Double-Tap” technique, using two malicious Word documents to execute commands and deploy the HATVIBE backdoor.…
Read More
Summary: Cybersecurity researchers at Cyderes have identified a new phishing trend that combines YouTube URLs with Microsoft 365 password expiry alerts to trick users into revealing their credentials. This method exploits the trust associated with familiar domains to enhance the effectiveness of phishing attempts.

Threat Actor: Unknown | unknown Victim: Users of Microsoft 365 | users of Microsoft 365

Key Point :

Phishing emails use urgent subject lines to prompt immediate user action.…
Read More
ZACROS Corporation Shares Update on Personal Information Leak After Ransomware Attack
Victim: ZACROS Corporation | ZACROS Corporation Price: Not disclosed Exfiltrated Data Type: Personal information

Key Points :

Ransomware attack detected on September 27, 2024. Personal data of approximately 157,203 individuals leaked. Data includes information of 143,718 business partners and related parties. Leaked employee data includes basic pension numbers and insurance details.…
Read More
Summary: A recent report by Insikt Group details the sophisticated cyber-espionage operations of the RedDelta APT group, which has been targeting political and governmental entities across multiple regions since mid-2023. Utilizing advanced techniques such as customized PlugX backdoor malware and evolving infection chains, RedDelta aligns its activities with Chinese geopolitical interests.…
Read More
GroupGreeting E-Card Platform Compromised in “zqxq” Campaign
Summary: The e-card platform GroupGreeting.com was targeted in a widespread cyberattack known as the “zqxq” campaign, affecting thousands of websites through sophisticated JavaScript injection techniques. This attack highlights the vulnerabilities of trusted platforms, especially during periods of high user activity.

Threat Actor: Cybercriminals | zqxq Victim: GroupGreeting.com…

Read More
Summary: FunkSec is a new ransomware group that has quickly gained notoriety for its audacious claims and AI-assisted innovations, targeting organizations across multiple countries. Despite its rapid rise and ideological claims, its technical capabilities reveal significant gaps and questionable authenticity in its operations.

Threat Actor: FunkSec | FunkSec Victim: Various organizations | various organizations

Key Point :

FunkSec claimed over 85 victims in its first month, more than any other ransomware group during that period.…
Read More
Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
Summary: A phishing campaign has been uncovered that impersonates CrowdStrike’s recruitment branding to distribute a cryptominer disguised as a “CRM application.” Victims are tricked into downloading malware that exploits their system resources for cryptocurrency mining.

Threat Actor: Unknown | unknown Victim: Job seekers | job seekers

Key Point :

The phishing email mimics CrowdStrike’s recruitment process to lure victims.…
Read More
New PayPal Phishing Scam Bypasses Security Measures
Summary: A new sophisticated PayPal phishing tactic has emerged, which effectively bypasses traditional phishing detection methods, as detailed by Fortinet’s CISO, Carl Windsor. This attack tricks users into linking their accounts to attackers by using seemingly legitimate emails and URLs.

Threat Actor: Unknown | unknown Victim: Individuals using PayPal | PayPal

Key Point :

The phishing email appears legitimate, with a valid sender address and genuine-looking URL.…
Read More
MirrorFace: Unmasking the Chinese Cyber Espionage Group Targeting Japan
Summary: The Japanese National Police Agency has issued a warning about ongoing cyberattacks attributed to the MirrorFace group, which has targeted critical sectors in Japan since 2019. Their sophisticated techniques and campaigns pose significant risks to national security and advanced industries.

Threat Actor: MirrorFace (Earth Kasha) | MirrorFace Victim: Japanese National Police Agency | Japanese National Police Agency

Key Point :

MirrorFace has conducted three major cyberattack campaigns targeting government, academia, media, and advanced industries.…
Read More
Summary: Advanced threat actors are exploiting a newly disclosed zero-day vulnerability in Ivanti Connect Secure (ICS) VPN appliances, allowing for unauthenticated remote code execution. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, pose significant risks to network security, with active exploitation reported since mid-December 2024.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti Connect Secure Users | Ivanti Connect Secure Users

Key Point :

Exploitation of CVE-2025-0282 allows unauthenticated remote code execution, compromising entire networks.…
Read More