Tag: LEARN

Deep Dive Into a Linux Rootkit Malware
This article discusses a critical zero-day exploit affecting CentOS Linux, where attackers gain full remote control of compromised systems through a rootkit and malicious scripts. The analysis details the techniques used by the attackers to hijack network traffic and execute commands. Affected: CentOS Linux

Keypoints :

Critical vulnerability allows full remote control of CentOS systems.…
Read More
‘Codefinger’ hackers encrypting Amazon cloud storage buckets
Summary: Cybercriminals are increasingly targeting Amazon Web Services’ S3 buckets, using the platform’s own encryption tools to lock organizations out of their data and demand ransom payments. This new tactic represents a significant evolution in ransomware capabilities, as it leverages server-side encryption with customer-provided keys to make data recovery nearly impossible without cooperation from the attackers.…
Read More
Poland uncovers Russia-linked disinformation campaign targeting upcoming presidential election
Summary: A Russia-linked disinformation campaign is attempting to influence Poland’s upcoming presidential elections, as revealed by Poland’s digital affairs minister. The campaign, likely controlled by the Russian military intelligence service, GRU, aims to disrupt the political coherence of Poland amid rising cyber threats.

Threat Actor: GRU | GRU Victim: Poland | Poland

Key Point :

Russia is actively attempting to influence Polish politics and elections, marking a significant escalation in foreign interference.…
Read More
Critical Vulnerability Patched in GiveWP Plugin
Summary: The GiveWP plugin for WordPress has a critical unauthenticated PHP Object Injection vulnerability that could allow attackers to take over affected sites. Users are advised to update to version 3.19.4 or later to mitigate this risk.

Threat Actor: Unspecified | threat actor Victim: GiveWP users | GiveWP

Key Point :

Vulnerability tracked as CVE-2025-22777 allows unauthenticated PHP Object Injection.…
Read More
Hack The Box Escape
This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box

Keypoints :

The box “Escape” is rated Medium and is the author’s first Active Directory machine.…
Read More
Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
Telefonica has confirmed a significant data breach involving unauthorized access to its internal ticketing system, resulting in the extraction of sensitive employee and operational data. The breach was facilitated by infostealer malware and social engineering tactics, compromising over 15 employees and exposing 24,000 email addresses, 500,000 JIRA issues, and 5,000 internal documents.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has observed a campaign targeting Fortinet FortiGate firewall devices that involves unauthorized logins, account creation, and configuration changes through management interfaces exposed on the public internet. The campaign is likely exploiting a zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has identified a campaign targeting Fortinet FortiGate firewall devices, where unauthorized administrative access was gained through exposed management interfaces. The attackers created new accounts, altered configurations, and exploited a potential zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
What is IOC? Tracking Threats in Cybersecurity
Indicators of Compromise (IoCs) are critical technical indicators that help detect abnormal behaviors in systems, networks, or devices, aiding in the identification of malicious activities and facilitating effective responses to threats. They play a vital role in early threat detection by cybersecurity teams. Affected: None

Keypoints :

IoCs are crucial for identifying traces of cyberattacks.…
Read More
Marijuana dispensary STIIIZY warns of leaked IDs after November data breach
Summary: A data breach at STIIIZY, a California marijuana dispensary, exposed sensitive customer information, including IDs and passports, due to a cyberattack by the Everest gang. The company has warned affected customers and is offering credit monitoring services following the incident.

Threat Actor: Everest cybercrime gang | Everest cybercrime gang Victim: STIIIZY | STIIIZY

Key Point :

Data breach exposed personal information of customers, including drivers’ license and passport numbers.…
Read More
Slovakia’s land registry hit by biggest cyberattack in country’s history, minister says
Summary: A significant cyberattack on Slovakia’s land registry, attributed to a ransomware attack, has led to the shutdown of systems and physical offices, causing widespread disruption in property transactions and essential services. The attack is believed to have originated from Ukraine amid rising geopolitical tensions.

Threat Actor: Unknown | unknown Victim: Slovakian Geodesy, Cartography and Cadastre Office (UGKK) | Slovakian Geodesy, Cartography and Cadastre Office (UGKK)

Key Point :

The attack is the largest in Slovakia’s history, with attackers demanding millions in ransom.…
Read More
Bots identified pushing anti-NATO messages in Croatian presidential runoff
Summary: Researchers have identified pro-Russian bot networks attempting to influence public opinion in Croatia ahead of the presidential runoff election, primarily supporting incumbent president Zoran Milanović. These networks are promoting anti-EU and anti-NATO sentiments while amplifying pro-Milanović content.

Threat Actor: Pro-Russian Bot Networks | Pro-Russian Bot Networks Victim: Croatian Presidential Election | Croatian Presidential Election

Key Point :

Bot networks are promoting Zoran Milanović while undermining his opponent, Dragon Primorac.…
Read More
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Summary: Elisity offers an innovative identity-based microsegmentation solution that addresses the challenges of traditional segmentation methods, particularly in healthcare and manufacturing sectors. By leveraging existing network infrastructure, it simplifies policy management and enhances security without requiring extensive hardware investments.

Threat Actor: Cybercriminals | cybercriminals Victim: Healthcare Organizations | healthcare organizations

Key Point :

Elisity’s Virtual Edge allows for microsegmentation without new hardware, using lightweight virtual connectors.…
Read More
Chinese spies targeting new Ivanti vulnerability, Mandiant says
Summary: A newly discovered vulnerability in Ivanti’s Connect Secure VPN is being exploited by China-based espionage threat actors, prompting urgent action from U.S. cybersecurity agencies. Mandiant’s analysis highlights the ongoing risks and the potential for widespread exploitation of this vulnerability.

Threat Actor: UNC5221 | UNC5221 Victim: Ivanti | Ivanti

Key Point :

Mandiant identified exploitation of CVE-2025-0282 by Chinese hackers, linked to previous attacks on Ivanti products.…
Read More
Proton Mail still down as Proton recovers from worldwide outage
Summary: Proton experienced a significant worldwide outage affecting multiple services, including Proton Mail and Calendar, leaving many users unable to access their accounts. While most services have been restored, issues with Proton Mail and Calendar persisted for some time.

Threat Actor: N/A | Proton Victim: Proton users | Proton users

Key Point :

Outage began around 10:00 AM ET, affecting all major Proton services.…
Read More
Apple says it does not use Siri audio for advertising
Summary: Apple has reiterated its commitment to user privacy, stating that it does not use Siri audio for marketing or advertising purposes. This clarification follows a $95 million settlement related to allegations of Siri audio being shared with third parties for targeted advertising.

Threat Actor: N/A | N/A Victim: iPhone owners | iPhone owners

Key Point :

Apple confirms that Siri data has never been used for marketing profiles or advertising.…
Read More