Tag: INITIAL ACCESS

Technical Advisory: Mass Exploitation of CVE-2024-4577
In June 2024, Bitdefender Labs highlighted a critical security vulnerability (CVE-2024-4577) in PHP affecting Windows systems in CGI mode, allowing remote code execution through manipulated character encoding. This vulnerability has seen an increase in exploitation attempts, especially in Taiwan and Hong Kong, with attackers also modifying firewall settings to block known malicious IPs.…
Read More
Dragon RaaS: Pro-Russian Hacktivist Group Walks the Razor’s Edge Between Cybercrime and Propaganda
Summary: A new Ransomware-as-a-Service player, Dragon RaaS, combines political hacktivism with opportunistic cybercrime, targeting organizations with weak security. It emerged as a splinter group from the Stormous ransomware gang and is affiliated with various cybercrime syndicates. Dragon RaaS’s operations focus on defacement attacks and ransomware extortion, utilizing a rebranded version of existing ransomware techniques.…
Read More

🔴 RECONNAISSANCE:

RustScan ==https://github.com/bee-san/RustScanNmapAutomator ==https://github.com/21y4d/nmapAutomatorAutoRecon ==https://github.com/Tib3rius/AutoReconAmass ==https://github.com/OWASP/AmassCloudEnum ==https://github.com/initstring/cloud_enumRecon-NG ==https://github.com/lanmaster53/recon-ngAttackSurfaceMapper ==https://github.com/superhedgy/AttackSurfaceMapperDNSDumpster ==https://dnsdumpster.com/

🔴 INITIAL ACCESS:

SprayingToolKit ==https://github.com/byt3bl33d3r/SprayingToolkito365Recon ==https://github.com/nyxgeek/o365reconPsudohash ==https://github.com/t3l3machus/psudohashCredMaster ==https://github.com/knavesec/CredMasterDomainPasswordSpray ==https://github.com/dafthack/DomainPasswordSprayTheSprayer ==https://github.com/coj337/TheSprayer…
Read More
South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust Beacon
Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Rust Beacon Deploys Cobalt Strike in South Korean Cyber Intrusion Campaign
Summary: Hunt researchers have detected a sophisticated cyber intrusion campaign focusing on South Korean organizations, utilizing modified Cobalt Strike tools and various open-source exploitation tools. The attackers leveraged a publicly exposed web server to distribute their malware and gather intelligence on over 1,000 Korean domains, targeting government and commercial entities.…
Read More
Rapid7 MDR Supports AWS GuardDuty’s New Attack Sequence Alerts
AWS GuardDuty has introduced two new alerts—”Potential Credential Compromise” and “Potential S3 Data Compromise”—to enhance threat detection by correlating multiple signals over time, which aids in detecting sophisticated attacks. These improvements allow for rapid response to potential threats, supported by Rapid7’s Managed Threat Complete and InsightCloudSec services.…
Read More
The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: The Cloak ransomware group has executed a cyberattack on the Virginia Attorney General’s Office, leading to significant disruptions in their computer systems and services. Following the attack, Cloak claimed responsibility and released purportedly stolen data on their leak site. This incident marks Cloak’s first confirmed attack in 2023, amid an increasing number of victims since the group’s emergence.…
Read More
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.…
Read More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
Summary: The China-linked APT group Aquatic Panda has been implicated in a global espionage campaign targeting various organizations across multiple countries in 2022. This operation, codenamed “Operation FishMedley,” involved sophisticated malware tools and is attributed to a collective recognized for reusing well-known hacking mechanisms. The campaign underscores ongoing cybersecurity threats posed by state-sponsored actors using advanced techniques for espionage.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
Critical RCE Vulnerability Discovered in Veeam Backup & Replication
Summary: A critical-severity vulnerability (CVE-2025-23120) affecting Veeam Backup & Replication can lead to remote code execution by authenticated users, with a CVSS score of 9.9. This flaw impacts version 12.3.0.310 and all earlier builds, prompting urgent patching to the newly released version 12.3.1. Organizations are cautioned about the potential threats to data integrity and privilege escalation associated with this vulnerability.…
Read More
Why it’s time for phishing prevention to move beyond email
Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…
Read More
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender has uncovered a widespread ad fraud scheme utilizing over 331 malicious apps on the Google Play Store, which have amassed more than 60 million downloads. These apps display unwanted ads and attempt to extract user credentials and credit card information through phishing tactics. The campaign shows how criminals actively exploit vulnerabilities in app distribution platforms, emphasizing the need for enhanced mobile security measures.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More