Tag: COLLECTION

Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog
Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…
Read More
TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE
This article provides a detailed walkthrough of exploiting a Remote Code Execution vulnerability found in Fuel CMS 1.4.1 (CVE-2018–16763) through TryHackMe’s Ignite room. It covers the steps from enumeration to post-exploitation, emphasizing the importance of input validation and system patching for defense. Affected: Fuel CMS, web applications

Keypoints :

Exploit Remote Code Execution vulnerability in Fuel CMS 1.4.1.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
Summary: The Tenable Exposure Management Academy introduces a new series focusing on the shift from traditional vulnerability management to risk-based exposure management. This approach aims to provide comprehensive visibility and actionable insights into an organization’s exposure risks, enabling better prioritization of security efforts. The evolving landscape of cybersecurity highlights the need for cohesive strategies that address the complexities of modern threats and vulnerabilities.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More

Victim: Belarus E-commerce & Energy Data Country : BY Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/82b3572f2dadeca89f06a17fd17a8f05f10e23aff09bfc7071d7b6d29e6238e5/ Discovered: 2025-03-15 10:23:47.937201 Published: 2025-03-15 10:22:41.152730 Description :Belarus has seen significant growth in its e-commerce sector, driven by increased internet penetration and smartphone usage. The total e-commerce market in Belarus is projected to continue expanding, with a focus on both B2C and B2B transactions.…
Read More

Victim: GARANIMALS.COM Country : US Actor: clop Source: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion//companys-part4/garan-manufacturing Discovered: 2025-03-14 09:43:53.910956 Published: 2025-03-14 09:42:43.851768 Description :Garanimals.com is a well-known children’s clothing brand based in the US. The brand promotes mix-and-match clothing to encourage kids to dress themselves. Offers a vast collection from newborn apparel to toddler and school-age clothing.…
Read More
Patching is Not Enough: Why You Must Search for Hidden Intrusions
Organizations often fail to investigate after patching zero-day vulnerabilities, leading to undetected compromises. A proactive approach involving compromise assessments is critical to uncover potential breaches. Affected: VMware ESXi, cybersecurity sector

Keypoints :

Patching alone does not confirm if systems have been breached. Recent zero-day vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) have been exploited.…
Read More
Off the Beaten Path: Recent Unusual Malware
This article discusses three unique malware samples discovered recently: a C++/CLI IIS backdoor, a bootkit that installs a GRUB 2 bootloader, and a post-exploitation framework known as ProjectGeass. Each sample demonstrates unconventional techniques and complexities, highlighting the evolving threat landscape. Affected: IIS, Windows, system environments

Keypoints :

Three unique malware samples discovered exhibiting novel characteristics.…
Read More
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Summary: This week’s cybersecurity news roundup highlights significant stories including a cryptocurrency heist linked to a LastPass hack, mandatory reporting of cyberattacks in Switzerland, and vulnerabilities discovered in various systems. The roundup also discusses the rise of phishing threats and the arrest of a cryptocurrency exchange co-founder.…
Read More
February 2025 Security Issues in Korean & Global Financial Sector
This report highlights recent cyber threats targeting the financial sector, specifically focusing on malware and phishing incidents, credit card information leaks, database breaches, and ransomware attacks. Notable cases include the sale of Indian credit card details on forums, a significant database leak from Union**** bank, and ransomware infections affecting fintech companies.…
Read More
Android Banking Trojan – OctoV2, masquerading as Deepseek AI
This article discusses the emergence of Deepseek, an AI-based application, and the subsequent rise in malware targeting its users through deceptive phishing tactics. It highlights how malicious actors create counterfeit websites and applications that mimic Deepseek, deceiving users into downloading malware. Affected: mobile users, cybersecurity sector

Keypoints :

Deepseek is an advanced AI developed in China, with its first chatbot application due for release in January 2025.…
Read More

Victim: Intelligence Bureau of the Joint Staff Department of the Central Military Commission China Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/39b1b6646b2110e79ac532e169720824c3d842d02ce0c61e95658835ac24d084/ Discovered: 2025-03-14 07:56:32.049126 Published: 2025-03-14 07:55:27.110559 Description :Intelligence Bureau operates under the Joint Staff Department of China’s Central Military Commission. Responsible for gathering and analyzing military intelligence.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More