Tag: EXPLOIT

Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log
Summary: A massive data breach has exposed 144GB of sensitive information from Royal Mail Group, including personally identifiable information and internal documents, linked to a previous compromise at a third-party service provider, Spectos. The breach, carried out by the threat actor “GHNA,” echoes a recent breach involving Samsung, highlighting a concerning trend in supply chain vulnerabilities exacerbated by AI technologies.…
Read More
PicoCTF 2025 Walkthrough
The article provides walkthroughs for various challenges in the PicoCTF 2025 competition, focusing on different aspects of cybersecurity such as cryptography, reverse engineering, and web exploitation. It details methods for cracking hashes, decoding encrypted messages, analyzing binaries, and exploiting web vulnerabilities to capture flags. Affected: cybersecurity sector, educational platforms

Keypoints :

The first challenge involves cracking an MD5 hash using online tools.…
Read More
Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities
Summary: Microsoft’s threat intelligence team has leveraged AI technologies to identify over 20 critical vulnerabilities in widely-used open-source bootloaders such as GRUB2, U-boot, and Barebox, particularly in UEFI Secure Boot systems. These vulnerabilities could enable threat actors to execute arbitrary code, potentially compromising device security and leading to severe malicious activities.…
Read More
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
Aqua Nautilus researchers have identified a new malware campaign that exploits Apache Tomcat servers, capable of hijacking resources for cryptocurrency mining. The attackers leverage encrypted payloads to establish backdoors, steal SSH credentials, and execute arbitrary code. Rapid exploitation was noted, taking just 30 hours to weaponize the vulnerability, indicating the urgency for organizations to secure their Tomcat instances.…
Read More
DPRK IT Workers Expanding in Scope and Scale
The Democratic People’s Republic of Korea (DPRK) IT workers have expanded their operations internationally, particularly in Europe, targeting sectors such as defense and government. These workers utilize sophisticated tactics, including deception and extortion, to infiltrate companies. Their activities pose significant risks, including data theft and espionage, emphasizing the need for increased vigilance by affected organizations.…
Read More
OperationMarya: Deep Web Konek Investigates Online Child Exploitation Networks with Thousands of Filipino Minors Involved
Summary: The Philippines has emerged as a significant hub for digital exploitation and online abuse, particularly related to child sex abuse materials. Investigations reveal complex networks operating under anonymity, exploiting minors and generating substantial profits through illicit digital content. Strengthened laws and collaborative efforts among various stakeholders are critical to combat these evolving digital crimes.…
Read More
China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
Summary: A new China-linked cyber threat actor, Earth Alux, has emerged, targeting sectors such as government, technology, and telecommunications in the APAC and LATAM regions. This group utilizes sophisticated methods and a diverse toolkit, including the VARGEIT and COBEACON backdoors, to exploit vulnerabilities and maintain long-term access to compromised systems.…
Read More
CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability
Summary: The Shadowserver Foundation reported a surge in exploitation attempts targeting a recently patched vulnerability in CrushFTP, a file transfer solution. Despite ongoing updates and mitigations from CrushFTP, vulnerability intelligence firms have created CVE identifiers, leading to confusion in the cybersecurity community. As unpatched instances remain, CrushFTP has urged users to promptly apply available patches.…
Read More
Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security
Summary: Canon Marketing Japan Inc. and Canon Inc. have released a security update addressing a critical vulnerability, CVE-2025-1268, affecting various models of Canon printers. The issue, stemming from a buffer overflow in specific printer drivers, poses significant security risks despite no confirmed exploitation cases. Canon urges users to update affected drivers to mitigate potential threats.…
Read More
Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign
Summary: A recent Intrinsec report highlights the operations of Russian-aligned intrusion sets UAC-0050 and UAC-0006, which are conducting spam campaigns motivated by financial theft and cyber espionage targeting Ukraine and its allies. Their activities include a mix of phishing, malware delivery, and psychological warfare, utilizing resilient infrastructure linked to shadowy hosting providers.…
Read More
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Summary: Microsoft utilized its AI-powered Security Copilot to uncover 20 previously unknown vulnerabilities in GRUB2, U-Boot, and Barebox bootloaders. These vulnerabilities could allow attackers to bypass security mechanisms, including UEFI Secure Boot, potentially allowing for arbitrary code execution. Security updates were released in February 2025 to address these flaws.…
Read More
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Summary: A Russian hacking group known as Water Gamayun is exploiting a Microsoft Windows vulnerability (CVE-2025-26633) to deliver the backdoors SilentPrism and DarkWisp. The group uses malicious provisioning packages and signed .msi files to execute commands and steal sensitive data. Their operations have evolved, utilizing sophisticated methods for persistence, command and control, and stealthy data exfiltration.…
Read More
A Not So Comprehensive Guide to Securing Your Salesforce Organization
This article highlights the critical security oversights in Salesforce, particularly focusing on the vulnerabilities associated with unsecured SOQL queries in Apex code and the dangers of storing sensitive credentials in cleartext. It sets the stage for further exploration of exploitation scenarios in the next installment. Affected: Salesforce Organizations, Apex Developers

Keypoints :

Salesforce security is often neglected by organization owners and security professionals.…
Read More
Hackers abuse WordPress MU-Plugins to hide malicious code
Summary: Hackers are increasingly leveraging WordPress’s mu-plugins directory to execute malicious code undetected on every page load. This method, which was first identified in February 2025, enables various harmful activities, including credential theft and redirection to malware-laden sites. Security analysts recommend that WordPress site administrators enhance their security measures to safeguard against these threats.…
Read More