HUNT Archives - Cybersecurity News Everyday

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity

This article explores the infrastructure patterns of two state-linked cyber threat groups based in Russia and China, focusing on Gamaredon and RedFoxtrot. It highlights their use of fast flux DNS techniques for operational stealth and the reuse of TLS certificates among others. Furthermore, it discusses the implications of these patterns for cybersecurity defenses.…

Threat Research

Exploitation of CLFS zero-day leads to ransomware activity

April 9, 2025 admin

Microsoft has identified a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, that has been exploited by the PipeMagic malware, targeting sectors in the U.S., Venezuela, Spain, and Saudi Arabia. The company released security updates to mitigate this issue.…

Cyber Attack

CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign

April 7, 2025 LeakNews

Summary: A new phishing campaign named PoisonSeed is targeting CRM and bulk email providers to steal cryptocurrency from users by tricking them into using compromised seed phrases. The campaign has reportedly led to significant financial losses for Coinbase users, and the phishing emails were sent via a compromised SendGrid account.…

Cyber Security News

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

April 7, 2025 CybersecurityNews

Summary: A malicious campaign named PoisonSeed is exploiting compromised credentials from CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases, ultimately aiming to drain victims’ digital wallets. The attack involves phishing tactics aimed at high-value targets, including both individuals and enterprises linked to the cryptocurrency sector.…

Cyber Security News

PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks

April 7, 2025 CybersecurityNews

Summary: Silent Push Threat Analysts have identified a sophisticated cyber campaign named “PoisonSeed” targeting enterprise organizations and cryptocurrency holders through phishing and compromised email services. The campaign employs a unique tactic of “crypto seed phrase” phishing attacks to deceive victims into compromising their cryptocurrency wallets. PoisonSeed showcases the complexity of modern cyber threats, with connections to other known groups while maintaining distinct operational characteristics.…

Interesting Stuff

Offensive Development Practitioner Course Preview

April 6, 2025April 6, 2025 Infosecwriteups

This article provides a first-hand account of the White Knight Labs’ Offensive Development Practitioner Certification course focused on malware development. The author shares personal experiences with burnout in the cybersecurity field before deciding to enroll in this course. The review highlights the quality of content, lab deployment, and the importance of OPSEC in training.…

Cyber Security News

PoisonSeed phishing campaign behind emails with wallet seed phrases

April 5, 2025 BleepingComputer

Summary: The ‘PoisonSeed’ phishing campaign compromises corporate email marketing accounts to distribute fraudulent emails containing crypto seed phrases, aimed at draining users’ cryptocurrency wallets. Targeting platforms like Coinbase and Ledger through compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho, the campaign uses professional phishing tactics to bait recipients into providing their credentials.…

Threat Research

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs

April 4, 2025April 4, 2025 Securonix

OUTLAW is a persistent, auto-propagating coinminer that utilizes simple techniques such as SSH brute-forcing and modification of commodity miners for infection and persistence. By deploying a honeypot, researchers gained insights into how OUTLAW operates, revealing the malware’s ability to maintain control and expand its botnet with basic tactics.…

Threat Research

Threat actors leverage tax season to deploy tax-themed phishing campaigns

April 4, 2025 admin

As the tax season approaches in the U.S., Microsoft has noted an increase in phishing campaigns using tax-related themes to steal sensitive information and deploy malware. These campaigns exploit various techniques, including URL shorteners, QR codes, and legitimate file-hosting services to evade detection. The reported threats include credential theft linked to platforms like RaccoonO365 and various malware types such as Remcos and Latrodectus.…

Cyber Security News

Hackers Exploit Cloudflare for Advanced Phishing Attacks

April 4, 2025 Cyware

Summary: A sophisticated phishing campaign, attributed to a Russian-speaking threat actor, exploits Cloudflare services and Telegram for malicious activities. The attacks use branded Cloudflare phishing pages and employ advanced techniques to evade detection, including obfuscation and leveraging the “search-ms” protocol to initiate malware downloads. This campaign marks a notable shift in tactics, utilizing Telegram for victim tracking while continuing to demonstrate operational security lapses.…

Interesting Stuff

Understanding Russian Cognitive Warfare

April 3, 2025April 3, 2025 iocOne

This article explores Russia’s cognitive warfare tactics, rooted in Soviet KGB doctrines, and their modern adaptations involving disinformation and cyber operations. It presents strategies to counter these tactics, including targeted cyber retaliation and strategic communication, utilizing frameworks such as SWOT and DIMEFIL. A comprehensive analysis is provided on the strategic environment and implications of Russian hacktivist groups, along with methods for dismantling them from within.…

Threat Research

RedCurl’s Ransomware Debut: A Technical Deep Dive

April 3, 2025April 3, 2025 BitDefender

This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…

Youtube

EU OS – Troy Hunt Phished, InControl

April 3, 2025 Youtube

Summary: The video discusses the recent developments in security related to various topics, including a ransomware attack on Kuala Lumpur’s International Airport, the hacking of Troy Hunt’s Have I Been Pwned website, and the European Union’s potential shift towards a Linux-based operating system for public sector use.…

Cyber Security News

The Reality Behind Security Control Failures—And How to Prevent Them

April 2, 2025 BleepingComputer

Summary: Many organizations face significant gaps between their expected and actual security control effectiveness, often realizing these deficiencies only after a breach occurs. Current traditional testing methods are inadequate for truly validating security measures, leading to blind spots that may not be uncovered until it’s too late.…

Cyber Security News

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals

April 2, 2025 CybersecurityNews

Summary: Threat actors are aggressively probing Palo Alto Networks GlobalProtect secure remote access instances, with over 24,000 unique IP addresses engaged in login scans, signaling a potential exploitation of vulnerabilities. The activity peaked between March 17 and March 26, primarily originating from the United States and Canada.…

Cyber Security News

Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans

April 1, 2025 BleepingComputer

Summary: A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been reported, suggesting a possible upcoming attack or exploitation of vulnerabilities. The activity peaked with over 20,000 unique IP addresses per day and may indicate reconnaissance before the disclosure of flaws.…

Threat Research

Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs

April 1, 2025 Seqrite

The article discusses Operation HollowQuill, a targeted cyber campaign against the Baltic State Technical University, designed to infiltrate academic and defense networks through weaponized decoy documents. The attack utilizes a multi-stage infection chain, including a malicious RAR file, a .NET malware dropper, Golang shellcode, and a Cobalt Strike payload.…

Threat Research

GreenSpot APT Phishing Campaigns with Fake 163.com Login Analysis

April 1, 2025 AnalysisSpace

GreenSpot APT phishing campaigns target 163.com users, attempting to steal credentials through fake login pages without embedding malicious attachments. While currently not direct threats, future modifications could introduce risks. Affected: 163.com, users of GreenSpot phishing campaigns

Keypoints :

GreenSpot APT is conducting phishing campaigns. Fake login pages prompt users to enter credentials twice.…

Threat Research

A DNS Investigation of SEO Manipulation via Bad Seed BadIIS

April 1, 2025 CircleID

A recent investigation by Trend Micro researchers revealed a search engine optimization (SEO) manipulation campaign named BadIIS targeting users of Internet Information Services (IIS). This financially motivated campaign redirects victims to illegal gambling websites and has notably affected Asian countries such as India, Thailand, and Vietnam, with potential global repercussions.…

Youtube

‘I Scanned 100,000+ Subdomains For CVE-2025-29927

April 1, 2025 Youtube

Summary: The video discusses a critical vulnerability that affects numerous apps and companies, highlighting a comprehensive process of discovering and exploiting this vulnerability across over 100,000 subdomains. The presenter shares insights on their scanning setup, exploitation strategies, and the different scenarios encountered during the hunt, revealing that even large companies with robust security teams can remain vulnerable.…

Tag: HUNT