Tag: LATERAL MOVEMENT

Securing Software with Chainguard Zero-CVE Base Images against Advanced Persistent Threat Groups
This article discusses Chainguard’s zero-CVE container images, which are designed to eliminate known vulnerabilities and enhance both software supply chain and runtime security against Advanced Persistent Threats (APTs) like Salt Typhoon. The text outlines how these images minimize risks through features such as frequent updates, hardened builds, and transparent components.…
Read More
Dark Web Profile: Flax Typhoon
Flax Typhoon, a Chinese state-sponsored APT group, has shown a significant evolution in its cyber espionage activities since mid-2021, primarily targeting Taiwanese entities while expanding globally to North America, Africa, and Southeast Asia. The group’s strategic focus aligns with Chinese government objectives, utilizing sophisticated techniques to maintain prolonged access to compromised networks.…
Read More
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
Summary: The “Cookie-Bite” attack leverages a malicious Chrome extension to steal session cookies from Azure Entra ID, allowing attackers to bypass multi-factor authentication (MFA) and gain unauthorized access to cloud services such as Microsoft 365. Although the tactic of stealing session cookies has been seen before, the attack’s stealth and persistence make it particularly concerning.…
Read More
Cybersecurity & Generative AI – Part 3 – Opportunities, Agents, Challenges
This article explores the applications of Generative AI in cybersecurity, highlighting its potential for enhancing threat detection, incident response, malware analysis, and more. It examines the concept of Agentic AI, which employs large language models (LLMs) to autonomously tackle complex cybersecurity tasks. Despite these advancements, the article addresses significant challenges in implementing Generative AI solutions, such as data quality, hallucinations, and integration complexities.…
Read More
The Reality of Mobile Endpoint Security in 2025
Mobile devices are becoming increasingly exploited entry points for cyber attacks in enterprises, prompting a shift in attack strategies from traditional methods to mobile vectors. As organizations adopt Bring Your Own Device (BYOD) policies, the need for effective Mobile Threat Defense (MTD) solutions becomes crucial. The rapid rise of sophisticated mobile attacks necessitates a reevaluation of security measures to address the vulnerabilities associated with mobile endpoints.…
Read More
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Summary: A new threat intelligence report reveals that financially motivated Chinese cybercriminals, known as Ghost, are targeting organizations globally, particularly in North America and the U.K., with ransomware attacks. These attackers exploit unpatched vulnerabilities to gain access, install backdoors, exfiltrate sensitive data, and deploy ransomware. The FBI and Cybersecurity and Infrastructure Security Agency have issued warnings regarding the persistent danger posed by Ghost hackers across more than 70 countries.…
Read More
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Summary: Recent cyber activity highlights the subtle ways attackers gain access to systems, often exploiting overlooked vulnerabilities and misconfigurations. Major findings include active exploitation of a Windows flaw and a phishing campaign targeting crypto developers. Organizations need to be vigilant against these evolving threats and ensure prompt patching of vulnerabilities.…
Read More
Summary: A critical Remote Command Execution (RCE) vulnerability has been discovered in the PyTorch framework, tracked as CVE-2025-32434, affecting versions ≤2.5.1. This flaw resides in the safe model loading function, torch.load(), especially when using the weights_only=True parameter, which many developers rely on for security. The PyTorch team has released a patched version (2.6.0) to address this critical issue, and users are urged to update immediately.…
Read More
Red teaming simulates real-world cyberattacks to evaluate organizational defenses, utilizing several tools such as Cobalt Strike, Caldera, and Infection Monkey. These tools are linked to the MITRE ATT&CK framework, enhancing their effectiveness in identifying vulnerabilities and testing defense mechanisms. Affected: organizations, IT security sector, cybersecurity environment

Keypoints :

Red teaming involves simulating cyberattacks to test defenses.…
Read More

Summary: The video discusses the importance of networking in ethical hacking and cyber security, emphasizing that programming alone is not sufficient. It highlights the necessity of understanding networking principles to conduct successful penetration testing and outlines the types of attacks that rely on networking.

Keypoints:

The foundation of ethical hacking includes programming, networking, and system administration skills.…
Read More
Lazarus_Linked_Malware_Targets_Windows
This article provides an analysis of the malware sample 875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe, attributed to the Lazarus Group, a state-sponsored cyber threat actor. Using tools like ANY.RUN and Hybrid Analysis, the analysis reveals the malware’s behavior, including process injection and registry modifications, targeting primarily Windows systems and expanding to Linux and macOS environments.…
Read More
Inside Black Basta: Ransomware Resilience and Evolution After the Leak
The article analyzes leaked communications from the Black Basta ransomware group, revealing their ongoing operations despite exposure. Significant tactics such as hybrid infrastructure exploitation and social engineering are highlighted. Microsoft Threat Intelligence’s report discusses warning signs of evolving ransomware techniques, especially in the context of nation-state actors and cloud vulnerabilities.…
Read More
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
Summary: CISA has added a medium-severity vulnerability in Microsoft Windows (CVE-2025-24054) to its Known Exploited Vulnerabilities catalog due to active exploitation. This NTLM hash disclosure spoofing vulnerability allows attackers to extract sensitive authentication data with minimal user interaction. Microsoft has recommended immediate patching to mitigate risks associated with this flaw.…
Read More
UNC5221 is a suspected China-nexus cyber-espionage group targeting edge network devices through zero-day exploits, particularly Ivanti’s Pulse Connect Secure/Ivanti Connect Secure (ICS) VPN appliances. A critical vulnerability (CVE-2025-22457) has been exploited since March 2025, allowing unauthorized network access and deployment of custom malware. The campaign has affected organizations globally, especially in the U.S.,…
Read More
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Summary: The China-linked threat actor Mustang Panda has targeted an organization in Myanmar with advanced malware, introducing tools such as a revamped backdoor called TONESHELL, a new lateral movement tool named StarProxy, and several keyloggers. This attack demonstrates the group’s continuous evolution in cyber capabilities, including methods to evade detection by security systems.…
Read More