Victim: leonardo.com Country : IT Actor: threeam Source: http://threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onionpost.php?id=57 Discovered: 2025-02-13 17:33:42.859573 Published: 2025-02-13 17:33:39.935782 Description : Leonardo is a global aerospace company. Specializes in defense and security systems. Offers products such as helicopters, security electronics, aeronautics, and space defense systems. Founded in 1948. Headquartered in Rome, Italy.…
Read More
Palo Alto Networks Fixes Two High-Severity PAN-OS Vulnerabilities
Summary: Palo Alto Networks has issued advisories for two high-severity vulnerabilities in PAN-OS, allowing attackers to bypass authentication and execute arbitrary commands. CVE-2025-0108 enables unauthenticated access to invoke PHP scripts, while CVE-2025-0110 allows authenticated administrators to execute commands through a command injection flaw. Users are urged to update their PAN-OS software and restrict access to management interfaces to mitigate these vulnerabilities.…
Read More
JavaScript to Command-and-Control (C2) Server Malware
This report investigates a highly sophisticated multi-stage malware attack utilizing obfuscation, steganography, and covert communication techniques to evade detection and compromise systems. The attack involves the execution of an obfuscated JavaScript file that downloads malicious payloads and deploys Stealer malware to collect sensitive data. Affected: organizations, individuals, cyber security sector

Keypoints :

The attack employs a multi-stage process beginning with an obfuscated JavaScript file.…
Read More
How Public & Private Sectors Can Better Align Cyber Defense
Summary: Cybercrime poses a serious threat to national security and essential infrastructure, yet there is a disconnect in data sharing and collaboration between the public and private sectors. Recent reports call for a unified military Cyber Force to enhance national defense against rising cyber threats, while current efforts highlight the need for timely responses and improved coordination.…
Read More
China-linked Espionage Tools Used in Ransomware Attacks
A ransomware attack involving a toolset associated with China-based espionage actors targeted an Asian software and services company in late 2024. The attackers deployed the RA World ransomware while utilizing espionage tools previously linked to the Chinese threat group Fireant. The attack raised questions about the motivations behind combining espionage techniques with a ransomware campaign.…
Read More

Victim: Layfield & Borel CPA’s L.L.C Country : US Actor: bianlian Source: http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion/companies/layfieldandborelcpas.com/ Discovered: 2025-02-13 14:14:59.600852 Published: 2025-02-13 14:13:51.649690 Description : Layfield & Borel CPA’s L.L.C. is a verified accounting firm. Offers accounting and tax preparation services. Serves customers and small business owners. Located in and around Baton Rouge, Louisiana.…
Read More
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
Summary: Palo Alto Networks has addressed a critical vulnerability in its PAN-OS software, known as CVE-2025-0108, which could lead to authentication bypass and potentially compromise system integrity. The flaw affects multiple versions of PAN-OS and has a high severity with a CVSS score of 7.8. Additional vulnerabilities have also been mitigated in the recent updates, emphasizing the importance of securing the management interface.…
Read More
Palo Alto Networks Patches Potentially Serious Firewall Vulnerability
Summary: Palo Alto Networks published 10 new security advisories addressing vulnerabilities in its products, with a focus on CVE-2025-0108, a high-severity flaw in PAN-OS that could allow an unauthenticated attacker to bypass authentication. Although this flaw is serious, it does not enable remote code execution, and the company has provided patches and mitigations.…
Read More
XELERA Ransomware Targets Tech Aspirants with Fake Food Corporation of India Job Offers
The article discusses the discovery of multiple cyberattack campaigns targeting job applicants at Food Corporations of India, using a variant of ransomware named Xelera. The attack begins with a malicious document aimed at enticing applicants, which ultimately installs a PyInstaller executable that also utilizes Discord for command and control.…
Read More
2024 Annual Active Mining Trojan Review – 4hou.com
The article discusses the various threats posed by mining trojans that infiltrate victims’ computers, utilizing their resources for illegal cryptocurrency mining without their consent. It highlights the negative impacts on system performance, increased risk of failure, and potential for creating backdoors leading to further cyberattacks. The trend towards the use of sophisticated techniques like BYOVD attacks and the rise of dark web mining pools is emphasized.…
Read More
GitLab Patches High-Severity XSS Flaw (CVE-2025-0376) and Other Security Flaws in Latest Release
Summary: GitLab has issued a critical security advisory, urging users to update their installations to address nine identified vulnerabilities, most notably a high-severity Cross-Site Scripting (XSS) flaw. The affected versions include 17.8.2, 17.7.4, and 17.6.5 for both Community and Enterprise Editions. Users are strongly recommended to upgrade immediately to mitigate these security risks.…
Read More
Cyberattack Disrupts Williamsburg James City County Public Schools’ IT System

Date Reported: 2025-02-13 Country: DEU | Germany Victim: Eckert & Ziegler SE | Eckert & Ziegler SE Website: ezag.com Information : The German company Eckert & Ziegler SE was the victim of a cyberattack. The attack affected certain parts of its information systems. Systems were temporarily taken offline to minimize the impact of the attack.…
Read More

Attacker: 0x1998Target: https://fafpa.gov.bf/kurd.htmlSource: http://www.zone-h.org/mirror/id/41321246

Attacker: 0xEv1lS0ULTarget: https://www.ssk4.go.th/evil.txtSource: http://www.zone-h.org/mirror/id/41321234

Attacker: CyberTeamTarget: https://tradicional.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321147

Attacker: CyberTeamTarget: https://snisolos.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321146

Attacker: CyberTeamTarget: https://inovacao.rederural.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321144

Attacker: CyberTeamTarget: https://agroinov.rederural.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321143

Attacker: CyberTeamTarget: https://sir.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321141

Attacker: CyberTeamTarget: https://saaf.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321140

Attacker: CyberTeamTarget: https://mpb.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321139

Attacker: CyberTeamTarget: https://animalbio.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321138

Attacker: CyberTeamTarget: https://agriculturafamiliar.dgadr.gov.pt/ct.htmlSource: http://www.zone-h.org/mirror/id/41321137

Attacker: CyberTeamTarget: https://parceriaptsolo.dgadr.gov.pt/ct.htmlSource:…

Read More
Ransomware attack disrupting Michigan’s Sault Tribe operations
Summary: A recent ransomware attack on the Sault Tribe in Michigan has severely disrupted essential services, leading to the closure of many departments and businesses. The incident has largely affected healthcare services, with many appointments cancelled while casinos have also halted gaming operations. Tribal leaders are working diligently to resolve the issue, but disruptions are expected to last longer than initially hoped.…
Read More
Microsoft Fixes 4 Zero-Day Vulnerabilities and 55 Defects in February 2025 Patch Tuesday – PRSOL:CC
Microsoft’s February 2025 Patch Tuesday addresses a total of 55 vulnerabilities, including four zero-day vulnerabilities, with three categorized as critical due to remote code execution risks. Key vulnerabilities include privilege escalation flaws in Windows Storage and WinSock Drivers, actively exploited in the wild. The update reinforces the importance of timely patching to mitigate security risks.…
Read More
Cyberattack Disrupts Williamsburg James City County Public Schools’ IT System

Date Reported: 2025-01-30 Country: AUS | Australia Victim: Natures Organics | Natures Organics Website: naturesorganics.com.au Information : The Australian company Natures Organics confirmed it was a victim of a cyberattack by the Medusa ransomware group. Personal data of employees, including scans of passports and driver’s licenses, was stolen.…
Read More
Subgroup of Russia’s Sandworm compromising US and European organizations, Microsoft says
Summary: A subgroup of the Russian hacking group Sandworm has conducted a multi-year campaign targeting critical infrastructure in the U.S. and Europe, aiming to gain initial access to strategic organizations across various sectors. Microsoft warns that this group’s activities support Russia’s military objectives and pose significant risks to global security.…
Read More