Tag: COLLECTION

SnakeKeylogger: A Multistage Info Stealer Malware Campaign
The SnakeKeylogger campaign illustrates a sophisticated credential-stealing threat targeting both individuals and businesses. Utilizing multi-stage infection techniques, it cleverly evades detection while harvesting sensitive data from various platforms. Attackers employ malicious spam emails containing disguised executable files to initiate the infection. Affected: Individuals, Businesses, Email Clients, Web Browsers, FTP Clients.…
Read More
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Summary: Google has released urgent fixes for a high-severity vulnerability in Chrome for Windows, known as CVE-2025-2783, which has been actively exploited to target organizations in Russia. The flaw involves an incorrect handle in Mojo, allowing attackers to bypass browser protections through phishing emails. This marks the first actively exploited Chrome zero-day of the year, with attacks linked to a sophisticated APT campaign called Operation ForumTroll.…
Read More
YouTube Creators Under Siege Again: Clickflix Technique Fuels Malware Attacks
This report reveals a sophisticated malware campaign targeting YouTube creators through spearphishing, utilizing the Clickflix technique to deceive victims into executing malicious scripts. Attackers leverage brand impersonation and exploit interest in professional collaborations to spread malware via meticulously crafted phishing emails. Once activated, the malware steals sensitive data or allows remote access.…
Read More
The Curious Case of PlayBoy Locker
Cybereason’s Threat Analysis report discusses the emerging PlayBoy Locker Ransomware-as-a-Service (RaaS), detailing how it enables less-skilled cybercriminals to conduct ransomware attacks through a comprehensive toolkit. The platform provides affiliates with customized ransomware capabilities, regular updates, and customer support, thus representing a growing threat. Affected: Ransomware, Cybersecurity, Dark Web, Affiliates

Keypoints :

PlayBoy Locker RaaS is designed for less-skilled attackers with a complete toolkit for launching ransomware attacks.…
Read More

Victim: www.mododoc.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/c53f4cfa-ae86-47cf-910f-8a186bc60fee/ Discovered: 2025-03-25 14:58:47.609793 Published: 2025-03-25 10:35:02.000000 Description : Mododoc.com, a U.S.-based online retailer established in 1993 in Pasadena, CA, specializes in contemporary, easy-to-wear clothing for both men and women, focusing on casual and comfortable apparel crafted from high-quality, sustainable materials.…
Read More
Browser-in-the-Browser attacks target CS2 players’ Steam accounts
Summary: A phishing campaign targeting Counter-Strike 2 players has emerged, utilizing Browser-in-the-Browser (BitB) attacks to create a fake Steam login interface. Attackers impersonate a well-known e-sports team to lend credibility to their scams, which aim to steal users’ Steam account credentials. The campaign promotes malicious sites that offer enticing in-game items in exchange for login information, potentially resulting in stolen accounts being sold on the grey market.…
Read More
Active Lumma Stealer Campaign Impacting U.S. SLTTs
The Lumma Stealer malware has been observed targeting U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through fake CAPTCHA verification pages that trick users into executing malicious PowerShell scripts. This malware, available as a Malware-as-a-Service, specializes in stealing sensitive data. Cyber threat actors utilize a variety of deceptive tactics and defense evasion techniques to deliver the malware and avoid detection.…
Read More
RaaS Evolved: LockBit 3.0 vs LockBit 4.0
LockBit is a prominent ransomware strain operating since 2019, known for its aggressive tactics and Ransomware-as-a-Service model. The evolution of LockBit has seen the transition from version 3.0 to 4.0, introducing enhanced evasion techniques and impacting various organizations worldwide. Affected: organizations, cybersecurity sector

Keypoints :

LockBit ransomware has been operational since 2019, targeting diverse industries.…
Read More

Hacked Website Report Overview Attacker: chinafans

Target: http://taxclub.irs.kw.gov.ng/0x.txt Source: zone-h.org/mirror/id/41340525 Victim Country: Nigeria Sector: Government (specifically, tax administration services) Description: The website of Nigeria’s tax administration was compromised, exposing sensitive information related to tax collection and administration, potentially impacting public trust and operations.

Target: http://staffintranet.irs.kw.gov.ng/0x.txt…

Read More
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
The article discusses the evolution of the Lazarus group, indicating that it has now transformed into a collection of subgroups rather than a single entity. It emphasizes the importance of understanding these subgroups, their tactics, and their individual characteristics for effective cyber defense strategies. Affected: Japan, cryptocurrency sector, defense industry, aviation industry

Keypoints :

The term “Lazarus” has evolved from a singular APT group to multiple subgroups.…
Read More
China Chopper & INMemory: Weaver Ant’s Arsenal of Advanced Web Shells
Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.…
Read More
Chinese hackers spent four years inside Asian telco’s networks
Summary: A major Asian telecommunications company suffered a four-year-long breach by Chinese government-affiliated hackers known as “Weaver Ant.” The attackers compromised home routers from Zyxel to infiltrate the telco, utilizing various advanced tools and backdoors to maintain persistent access and extract sensitive information. Sygnia, the incident response firm, highlights the sophistication and stealthiness of the threat actors in their campaign targeting critical infrastructure.…
Read More
Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer
A newly identified malware named “문서열람 인증 앱” (Document Viewing Authentication App), linked to a North Korean-backed APT group, has been detected. This malicious application poses as a legitimate document viewing tool but is designed to perform keylogging and information theft through various malicious functions. Users in South Korea are the primary targets, and the malware has connections to a phishing page that impersonates CoinSwap.…
Read More
The Art of Wi-Fi Hacking & Protection with Aircrack-ng
This article provides a comprehensive guide on hacking and securing Wi-Fi networks using Aircrack-ng, detailing practical attack techniques and encryption vulnerabilities, as well as prevention strategies. The focus is on educating users about Wi-Fi security to help them protect their networks from potential attacks. Affected: Wi-Fi networks, cybersecurity sector

Keypoints :

Wi-Fi security is critical for protecting against cyber threats.…
Read More
Summary: ADGUARD’s recent report reveals that advertising companies are using deceptive applications and browser extensions to steal private information from users, impacting over 11 million individuals. These malicious programs masquerade as legitimate ad-blocking or optimization tools, collecting sensitive data while misleading users about their privacy practices.…
Read More
Rapid7 MDR Supports AWS GuardDuty’s New Attack Sequence Alerts
AWS GuardDuty has introduced two new alerts—”Potential Credential Compromise” and “Potential S3 Data Compromise”—to enhance threat detection by correlating multiple signals over time, which aids in detecting sophisticated attacks. These improvements allow for rapid response to potential threats, supported by Rapid7’s Managed Threat Complete and InsightCloudSec services.…
Read More
Trump order on information sharing appears to have implications for DOGE and beyond
Summary: President Trump’s new executive order aims to enhance information-sharing across federal and state governments, lifting barriers to data exchange while aiming to eliminate bureaucratic inefficiencies. Critics, including civil libertarians, warn that this could facilitate abuses of civil liberties and lead to extensive surveillance of individuals.…
Read More