Tag: BACKUP

npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
A new supply chain attack has been discovered wherein typosquatted Telegram bot libraries deliver SSH backdoors and facilitate data exfiltration. The attack exploits Telegram’s open ecosystem and lack of a formal vetting process for bot creation, allowing malicious npm packages to masquerade as legitimate libraries. These packages perform unauthorized SSH key injections and data breaches, posing serious risks to developer infrastructures and user privacy.…
Read More
I Didn’t Plan to Find a P1… But My Script Had Other Plans
This article recounts the author’s journey into ethical hacking after discovering a YouTube video about misconfigured S3 buckets. Inspired to create a tool for efficiently identifying such misconfigurations, the author successfully located sensitive information, leading to a substantial bug bounty reward. Affected: S3 buckets, sensitive data, cybersecurity community

Keypoints :

The author was inspired by a YouTube video on finding misconfigured S3 buckets.…
Read More
Microsoft Patch Tuesday: March 2025 – SANS Internet Storm Center
This patch Tuesday includes 51 vulnerabilities, six of which are critical and include patches for exploited “0-Day” vulnerabilities. Notable is CVE-2025-24064, a critical vulnerability in Windows DNS that could enable remote code execution through a specially crafted DNS update message. Additional vulnerabilities affect NTFS, FAT, Remote Desktop Services, Microsoft Office, and the Windows subsystem for Linux, highlighting ongoing exposure and security challenges.…
Read More
Microsoft Patch Tuesday: March 2025 – SANS Internet Storm Center
Multiple vulnerabilities have been identified affecting various Apple components, including WebKit and system applications, which can lead to unauthorized access to sensitive user data, process crashes, and exploitation of user permissions. The vulnerabilities range from crashing applications due to malicious content to unauthorized data access without user consent.…
Read More
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Summary: Cybersecurity researchers have identified four vulnerabilities in the Windows task scheduling service that allow local attackers to gain privilege escalation and erase critical audit logs. These vulnerabilities relate to the “schtasks.exe” binary, which can be exploited through methods like Batch Logon authentication. This can lead to unauthorized access and data theft while enabling attackers to cover their tracks effectively.…
Read More
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure
This report discusses the ongoing threat posed by the Russian-nexus Gamaredon group, specifically their use of the Pterodo malware family, particularly through PteroLNK VBScript files. The report highlights the malware’s techniques, victimology, and the infrastructure used by Gamaredon, including Dead Drop Resolvers (DDRs). The findings indicate active operations targeting Ukrainian entities, predominantly government and military sectors, providing insights into their malware deployment strategies.…
Read More
Interlock ransomware evolving under the radar
The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…
Read More

Summary: The video discusses urgent concerns arising from the impending expiration of MITER’s contract to manage the Common Vulnerabilities and Exposures (CVE) database, which is crucial for cybersecurity. This contract is set to end on April 16, leading to fears that the lapse could severely impact national vulnerability databases, incident responses, and cybersecurity efforts globally.…
Read More
Kidney Dialysis Services Provider DaVita Hit by Ransomware
Summary: DaVita, a major kidney dialysis services provider, has confirmed a ransomware attack that has disrupted some of its operations. The company activated its response protocols and is collaborating with cybersecurity experts to assess the incident. The full impact of the attack is still being evaluated, and specifics about the ransom or data status remain undisclosed.…
Read More
What They Didn’t Secure: SaaS Security Lessons from the World’s Biggest Breaches
This guide outlines a strategic security approach for Software-as-a-Service (SaaS) applications, focusing on five key pillars: Identity and Access Management (IAM), Data Protection, Secure Development, Network Security Controls, and Incident Response & Monitoring. It emphasizes the need for adopting Zero Trust principles and aligns each security pillar with established industry standards.…
Read More
BlackTech Unmasked
The article examines the sophisticated cyber espionage group known as BlackTech, believed to be state-sponsored by the People’s Republic of China. Since at least 2010, they have targeted critical sectors across East Asia and the US, employing advanced tactics, techniques, and procedures (TTPs) to infiltrate networks and steal valuable information.…
Read More
From Exploit to Ransomware: Detecting CVE-2025-29824
A recent report has highlighted the exploitation of a critical zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), which facilitates local privilege escalation. The threat actor group Storm-2460 has weaponized this vulnerability using the PipeMagic malware, affecting various organizations, including those in the IT, real estate, financial, and retail sectors across multiple regions.…
Read More
Shuckworm Targets Foreign Military Mission Based in Ukraine
Shuckworm, a Russia-linked espionage group, continues to target Ukraine, focusing on military missions of Western countries. Utilizing an updated GammaSteel tool, the group has shifted from VBS scripts to PowerShell-based methods and employs various ransom exfiltration techniques, including leveraging legitimate web services. The campaign demonstrates increased sophistication in data exfiltration methods and obfuscation strategies.…
Read More
The CyberDiplomat’s Daily Report
This report outlines various global cybersecurity incidents, including sophisticated spyware targeting Tibetan and Taiwanese communities, scrutiny over Bangladesh’s Cyber Security Act, a DDoS attack on Indonesia’s Tempo.co, and breaches in Australia’s superannuation sector. Other highlights include malware threats in various regions and ongoing efforts to enhance cybersecurity across nations.…
Read More
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
The NetSPI red team identified a vulnerability in Oxidized Web v0.14, where an attacker could exploit a data validation issue in the /migration page to overwrite arbitrary files, gaining remote code execution. This vulnerability has been fixed in version 0.15. Affected: Oxidized Web, routers, switches, server security

Keypoints :

NetSPI found a vulnerability in the Oxidized Web application during a security engagement.…
Read More
Summary: Cybercriminals have exploited SourceForge, a well-known platform for hosting open-source software, to distribute sophisticated malware disguised as legitimate Microsoft Office enhancements. A recent Kaspersky Labs report detailed a deceptive campaign involving a Combo of a ClipBanker Trojan and a cryptocurrency miner, targeting users through a cloned project that lured them into executing malicious files.…
Read More
Attackers distributing a miner and the ClipBanker Trojan via SourceForge
This article highlights a unique malware distribution scheme exploiting SourceForge, where a project named ‘officepackage’ appears legitimate but instead leads to malicious downloads. The attack targets Russian-speaking users mainly, distributing malware disguised as Microsoft Office add-ins. Affected: SourceForge, Russian users, cryptocurrency users

Keypoints :

Malware distributed through a faux project on SourceForge.…
Read More
Signed Sideloaded Compromised
This article outlines a sophisticated multi-stage cyber attack characterized by the use of vishing, remote access tools, and legitimate software exploitation to gain unauthorized access and maintain persistence. The attack involved delivering malicious payloads through Microsoft Teams, using Quick Assist for remote access, and deploying malware including TeamViewer and a JavaScript-based command and control backdoor.…
Read More