Tag: BACKDOOR

Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
Summary: A targeted malware campaign by the Russian state-aligned group Gamaredon is exploiting Windows shortcut files to disseminate the Remcos backdoor, primarily targeting users in Ukraine. By masquerading as sensitive military documents, this operation takes advantage of the ongoing geopolitical strife, using sophisticated techniques for stealth and access retention.…
Read More
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More
CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…
Read More
The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…
Read More
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
Summary: This week’s cybersecurity news roundup highlights significant developments, including advancements in quantum computing, a phishing incident involving a prominent expert, and a high-profile hack of NYU’s website. The roundup also covers emerging ransomware threats and updates on security measures from Google, along with notable data breaches affecting users.…
Read More
Chinese FamousSparrow hackers deploy upgraded malware in attacks
Summary: A China-linked cyberespionage group named ‘FamousSparrow’ is actively using a new modular version of its backdoor ‘SparrowDoor’ to target a US-based trade organization and other entities, including a Mexican research institute and a Honduran government institution. ESET researchers have observed significant advancements in the malware’s capabilities, such as parallel command execution and a new plugin-based architecture.…
Read More
Mozilla warns Windows users of critical Firefox sandbox escape flaw
Summary: Mozilla has released Firefox 136.0.4 to address a critical security vulnerability, tracked as CVE-2025-2857, that allows attackers to escape the browser’s sandbox on Windows systems. The flaw was reported by Mozilla developer Andrew McCreight and affects both standard and extended support releases of Firefox. Mozilla noted that this vulnerability bears similarities to a recently patched Chrome zero-day exploit.…
Read More
More Solar System Vulnerabilities Expose Power Grids to Hacking 
Summary: Researchers at Forescout have identified over 90 vulnerabilities within solar power products from leading vendors like Sungrow, Growatt, and SMA, highlighting serious risks to electrical grids. Newly discovered vulnerabilities could allow attackers to hijack inverters and execute arbitrary code, potentially disrupting power supply and compromising user data.…
Read More
T-Mobile Coughed Up Million in SIM Swap Lawsuit
Summary: Greenberg Glusker secured a million arbitration award against T-Mobile following a SIM swap attack that led to significant cryptocurrency theft. The attack exploited T-Mobile’s security failures, allowing an attacker to gain control of customer accounts. This case highlights the ongoing vulnerabilities in telecommunications security and the urgent need for better protections against SIM swapping.…
Read More
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…
Read More
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Summary: A Chinese hacker group, FamousSparrow, has launched cyber attacks targeting a U.S. trade group and a Mexican research institute, deploying advanced versions of their backdoor tools, SparrowDoor and a new variant of ShadowPad. This marks the first observed use of ShadowPad by this group, which has a history of attacks involving hotel and government sectors.…
Read More
Chinese ‘FamousSparrow’ hackers back from the dead and targeting North America, researchers say
Summary: A Chinese hacking group known as FamousSparrow, previously considered dormant, has resurfaced to target organizations in the U.S., Mexico, and Honduras. Researchers from ESET discovered upgrades to their backdoor tool, SparrowDoor, indicating ongoing cyber-espionage activities since 2022. The group is linked to a series of attacks on various sectors, including government and research institutes, using sophisticated malware and tools, showcasing a notable evolution in their tactics.…
Read More
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
Summary: The Russian-speaking hacking group RedCurl has been identified for the first time as launching a ransomware campaign using a new strain named QWCrypt. Historically known for corporate espionage attacks, RedCurl’s latest activities include sophisticated social engineering tactics to deploy malware and encrypt virtual machines, severely disrupting their targets.…
Read More
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
Summary: Security researchers from Trend Micro have identified a zero-day vulnerability (CVE-2025-26633) that was exploited by the EncryptHub ransomware gang. This exploit targets the Microsoft Management Console (MMC) framework, allowing attackers to execute malicious code and exfiltrate data. The report indicates that the attack technique involves manipulating .msc…
Read More
New npm attack poisons local packages with backdoors
Summary: Researchers at Reversing Labs have discovered two malicious npm packages that insert a reverse shell backdoor into legitimate packages, allowing persistent access even after the malicious packages are removed. The packages, ‘ethers-provider2’ and ‘ethers-providerz’, use sophisticated techniques to conceal their malicious activities, replacing legitimate files with compromised versions.…
Read More

Summary: The video discusses significant cybersecurity threats from vulnerabilities in software and hardware, particularly focusing on a long-known Microsoft bug that is being exploited by multiple hacker organizations. Steve Gibson addresses critical issues such as the risk presented by remote takeovers of Apache Tomcat servers, the dangers of using the Signal app for sensitive communications by government officials, and the impending threat of post-quantum cryptography to current security systems.…
Read More