Tag: LATERAL MOVEMENT

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.…
Read More
10 Critical Network Pentest Findings IT Teams Overlook
Summary: After conducting over 10,000 automated internal network penetration tests, vPenTest identifies critical security gaps due to common misconfigurations, unpatched systems, and weak passwords. The analysis reveals that these vulnerabilities present significant risks that attackers can exploit easily, often resulting from simple oversights. The article outlines the ten most pressing internal network security risks and provides recommendations to mitigate them effectively.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
Emulating the Sophisticated Chinese Adversary Salt Typhoon
Salt Typhoon, a Chinese APT group active since 2019, targets critical sectors, including Telecommunications and Government entities across multiple regions. Known for its advanced cyberespionage tactics, the group utilizes various tools and techniques to maintain access while evading detection. This includes exploiting Microsoft Exchange vulnerabilities and employing a range of persistence and privilege escalation techniques.…
Read More
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Summary: Identity-based attacks are increasingly targeting organizations reliant on SaaS, with traditional threat detection methods often overlooking the unique risks present in these environments. Identity Threat Detection and Response (ITDR) offers a comprehensive solution, ensuring visibility and proactive measures to counteract potential breaches. Key strategies discussed include full coverage of SaaS applications, identity-centric monitoring, threat intelligence, and effective prioritization of alerts, alongside necessary integrations and posture management.…
Read More
HP Launches Printers with Quantum Resilient Cryptography 
Summary: HP has introduced the world’s first business printers designed to protect against quantum computer attacks by utilizing the Leighton-Micali Signature (LMS), a post-quantum cryptographic method approved by NIST. These printers are aimed at enhancing security for both private users and government sales while addressing the unique vulnerabilities of printers as edge devices.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog
Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…
Read More
Think You Can Hack a Kubernetes Cluster? Here’s What to Look For.
As organizations increasingly turn to Kubernetes for container orchestration, security challenges such as overprivileged access and misconfigured network policies emerge. Implementing RBAC, network policies, and Zero Trust principles can significantly enhance security and safeguard Kubernetes workloads. Effective strategies are essential to minimize lateral movement risks, enforce least-privilege access, and ensure data confidentiality.…
Read More
Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights
The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More
Patching is Not Enough: Why You Must Search for Hidden Intrusions
Organizations often fail to investigate after patching zero-day vulnerabilities, leading to undetected compromises. A proactive approach involving compromise assessments is critical to uncover potential breaches. Affected: VMware ESXi, cybersecurity sector

Keypoints :

Patching alone does not confirm if systems have been breached. Recent zero-day vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) have been exploited.…
Read More
Cato CTRL, Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
A recent global campaign has been identified that targets TP-Link Archer routers through a remote code execution (RCE) vulnerability (CVE-2023-1389). The campaign exploits these routers to create a botnet, with the potential for widespread impact given the number of vulnerable devices connected to the internet. The malware dropper utilizes a bash script to install and execute additional malware while maintaining evasion techniques.…
Read More
Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
Summary: Microsegmentation can be a crucial strategy for achieving Zero Trust security, but traditional approaches often fail due to complexity and operational disruptions. Andelyn Biosciences successfully implemented Elisity’s identity-based microsegmentation approach, allowing them to rapidly secure their networks without significant downtime or resource allocation. This case highlights the importance of visibility and policy simulation in modern segmentation efforts.…
Read More