Tag: FIREWALL

The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…
Read More
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
Unit 42 researchers have uncovered a widespread campaign distributing fraudulent cryptocurrency investment platforms through websites and mobile applications. The operation employs deceptive practices, impersonating well-known brands to lure victims, particularly in East Africa and Asia. By leveraging multi-level affiliate programs and unrealistic promises of high returns, the campaign closely resembles Ponzi schemes.…
Read More
Enhanced XCSSET Malware Targets MacOS Users with Advanced Obfuscation
Summary: Microsoft Threat Intelligence has identified a new variant of XCSSET malware targeting macOS developers, featuring advanced obfuscation, updated persistence techniques, and new infection strategies. The malware exploits the collaborative nature of Xcode projects, employing a four-stage infection chain that makes it difficult to detect. Although currently observed in limited attacks, its capabilities pose a significant threat to developers and users of macOS systems.…
Read More
Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
The Securonix Threat Research team has uncovered a sophisticated malware campaign known as OBSCURE#BAT, which employs social engineering tactics and deceptive downloads to install a user-mode rootkit (r77 rootkit) that evades detection and maintains persistence on compromised systems. Attackers use fake captchas and legitimate-looking software downloads to trick users into executing obfuscated batch scripts that initiate a multi-stage infection process.…
Read More
This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…
Read More
Apache OFBiz Vulnerability Could Lead to Remote Code Execution
Summary: A significant vulnerability has been identified in the Apache OFBiz eCommerce plugin, allowing for potential arbitrary code execution on affected servers. The issue affects specific versions of Apache OFBiz, necessitating an immediate upgrade to version 18.12.18 or later to mitigate the risk. Organizations are encouraged to implement additional security measures to enhance their overall protection against such vulnerabilities.…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
🚨Cyber Attack Chronicles🚨
The SolarWinds hack, a significant supply chain attack discovered in December 2020, compromised numerous Fortune 500 companies and government agencies, resulting in extensive cybersecurity repercussions. Attackers embedded malicious code into SolarWinds’ Orion software updates, infiltrating thousands of networks and highlighting the vulnerabilities in vendor trust. Affected: Fortune 500 companies, US Government agencies, SolarWinds

Keypoints :

The hack was discovered in December 2020, but the infiltration began as early as March 2020.…
Read More
From Foothold to Takeover: Mastering Pivoting Moves
This article provides an overview of pivoting and lateral movement techniques in cybersecurity, focusing particularly on the tool Ligolo-ng. Ligolo-ng is highlighted for its efficiency, user-friendliness, security features, and cross-platform compatibility, making it a valuable asset for penetration testers. The article explains how to set up Ligolo-ng and its advantages compared to other tunneling tools.…
Read More
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Sandworm, a threat actor linked to Russia’s GRU, has been conducting cyber espionage against Ukrainian Windows users by exploiting pirated software to distribute malware, notably the BACKORDER loader and Dark Crystal RAT. This activity has been ongoing since late 2023, coinciding with the Russian invasion of Ukraine, and highlights the vulnerabilities created by the country’s high rates of software piracy.…
Read More
Summary: Cisco has issued a security advisory regarding a critical vulnerability (CVE-2025-20206) in the Cisco Secure Client for Windows that could allow local authenticated attackers to execute arbitrary code with SYSTEM privileges. The advisory highlights the need for immediate software updates to version 5.1.8.105 or later to mitigate potential exploitation, as there are no available workarounds.…
Read More
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
A recent security investigation revealed a malicious JavaScript injection affecting a WordPress website, leading to unwanted redirects, reputational damage, and exposure to potential further malicious activities for users. The infection, embedded in a theme file, utilized a two-stage redirection process to hijack website traffic. Affected: WordPress websites, online users

Keypoints :

Malicious JavaScript was injected into a WordPress theme, causing redirects to unauthorized third-party domains.…
Read More
How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist
Summary: Last week, North Korea’s Lazarus hacking group executed a sophisticated .4 billion heist on ByBit’s Ethereum cold wallet through a combination of social engineering, stolen AWS session tokens, and a manipulated JavaScript file. Forensics from Mandiant revealed that the attackers compromised a developer’s workstation using a malicious Docker project, allowing them extensive access to the system.…
Read More
Make your own Pentest Lab, — Part 1 (The Creation)
The article describes a pentesting project conducted at the Rochester Institute of Technology, involving the creation of a penetration testing lab. The project is structured into three phases: setting up a vulnerable environment, implementing monitoring tools, and conducting attacks while documenting the findings. Aimed at beginners to intermediate ethical hackers, it highlights specific vulnerabilities, tools used for exploiting them, and mitigation strategies.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More