Tag: EMAIL

The US Treasury’s OCC disclosed an undetected major email breach for over a year
Summary: The US Treasury’s Office of the Comptroller of the Currency (OCC) experienced a significant email breach lasting over a year, involving unauthorized access to sensitive financial information through a compromised administrative account. The breach was confirmed on February 12, 2025, and has triggered a thorough review and analysis of impacted accounts.…
Read More
Neptune RAT: Advanced Malware Targets Windows with Destructive Capabilities
Summary: CYFIRMA researchers have identified a new version of the Neptune RAT, a highly sophisticated Remote Access Trojan targeting Windows systems. This malware uses advanced evasion tactics, spreads through various platforms, and includes multiple destructive modules capable of extensive damage. Its user-friendly builder interface allows even inexperienced attackers to deploy its malicious payloads easily.…
Read More
Summary: A Google Threat Intelligence Group report reveals a sophisticated phishing campaign attributed to UNC5837, a suspected Russia-nexus actor, targeting European government and military organizations through innovative use of Remote Desktop Protocol (RDP). The attackers employed signed .rdp files and leveraged lesser-known RDP features to redirect victim resources and capture sensitive data, bypassing traditional security warnings.…
Read More
Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks
The Seqrite Labs APT team has identified significant advancements in tactics utilized by the Pakistan-linked SideCopy APT group, which are now targeting a broader range of sectors, including railways, oil & gas, and external affairs in addition to previous targets in India. The group has shifted from HTA files to MSI packages for deployment, demonstrating a sophisticated evolution in their operational methodologies, including the use of multiple remote access trojans (RATs) and credential phishing techniques.…
Read More
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
Summary: A new wave of cyberattacks has been reported in Ukraine, focusing on military and governmental entities, utilizing advanced information-stealing malware like GIFTEDCROOK. The attacks involve phishing emails with malicious Excel attachments that, once activated, deploy harmful scripts and exfiltrate sensitive data. This is part of a broader trend of espionage efforts linked to various threat groups targeting both Ukrainian and European institutions.…
Read More
CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability (CVE-2025-31161) affecting CrushFTP, a widely utilized FTP server software. This Authentication Bypass Vulnerability enables attackers to bypass authentication processes, take over administrative accounts, and potentially compromise sensitive data. Users are urged to update to secure versions to mitigate this serious risk.…
Read More
Python & MITRE ATT&CK: Part 2/15
The discussion focuses on the Resource Development phase of a phishing attack, highlighting the suspicious characteristics of a newly created domain intended for malicious purposes. Key indicators include a short domain lifespan, use of a free email address, questionable registration details, and DNS configuration anomalies. Affected: phishing attacks, cybercrime, domain registration.…
Read More
Summary: A cybercriminal group known as the Smishing Triad is intensifying smishing activities targeting consumers in the US and UK with fraudulent texts related to toll payment services. This campaign involves the use of deceptive messages that impersonate legitimate toll agencies, demanding payments for fictitious unpaid tolls and soliciting sensitive personal information.…
Read More
Windows Remote Desktop Protocol: Remote to Rogue
A phishing campaign targeting European government and military organizations was observed in October 2024, attributed to a suspected Russian espionage group UNC5837. The attack utilized signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections, enabling adversaries to redirect victim resources and capture sensitive data without executing commands directly on victim machines.…
Read More
Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims
Summary: Ukrainian government agencies and military organizations are being targeted by hackers impersonating drone manufacturers and state agencies through phishing attacks. The attackers aim to implant information-stealing malware and have been traced as UAC-0226, utilizing hacked email accounts to deploy malicious documents. Recent reports indicate the use of both new spyware and malware designed to capture sensitive browser data, with a focus on key institutions near the eastern border of Ukraine.…
Read More
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Summary: A member of the Scattered Spider cybercrime group, Noah Michael Urban, has pleaded guilty to multiple charges related to cryptocurrency theft and identity fraud, risking up to 60 years in prison. The group is notorious for using SIM swapping tactics to bypass security measures and has been linked to significant financial losses, affecting various corporations.…
Read More

Victim: TIME Group Country : CN Actor: akira Source: Discovered: 2025-04-07 16:13:01.524755 Published: 2025-04-07 00:00:00.000000 Description : The TIME Group, a company based in China that specializes in developing and installing Building Management Systems (BMS) and ERP solutions tailored for Italian small and medium-sized enterprises (SMEs) in production and business process management, recently fell victim to a ransomware attack by the actor known as Akira.…
Read More
⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Surge and More
Summary: The cybersecurity landscape is plagued by persistent threats stemming from unpatched systems, oversights, and social engineering tactics that facilitate breaches. This report highlights significant vulnerabilities and recent breaches linked to well-known organizations and emerging threat actors. The trends illustrate a critical need for companies to prioritize security measures against increasingly sophisticated attacks.…
Read More
NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications
The latest Neptune RAT variant poses a significant threat, utilizing PowerShell commands to deliver and execute malicious payloads via an obfuscated script. It features advanced techniques for persistence and anti-analysis, enabling it to steal credentials, perform live monitoring, and execute ransomware capabilities. The report discusses its distribution methods across platforms like GitHub and highlights the dangers it poses to users.…
Read More