Tag: MACOS

Lazarus_Linked_Malware_Targets_Windows
This article provides an analysis of the malware sample 875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe, attributed to the Lazarus Group, a state-sponsored cyber threat actor. Using tools like ANY.RUN and Hybrid Analysis, the analysis reveals the malware’s behavior, including process injection and registry modifications, targeting primarily Windows systems and expanding to Linux and macOS environments.…
Read More
Advanced macOS Spyware PasivRobber
A suspicious Mach-O file named *wsus* was discovered on VirusTotal, leading researchers to uncover a suite of more than 20 binaries designed to capture data from macOS systems, specifically targeting popular applications among Chinese users. The investigation suggested ties to a Chinese organization involved in surveillance and forensic tools, prompting concerns about the software’s legitimacy and cybersecurity risks.…
Read More
Apple fixes two zero-days exploited in targeted iPhone attacks
Summary: Apple has released emergency security updates to address two zero-day vulnerabilities in multiple operating systems that were used in sophisticated attacks on targeted iPhones. The vulnerabilities, CVE-2025-31200 in CoreAudio and CVE-2025-31201 in RPAC, affect a wide range of Apple devices. Users are urged to update their devices immediately to safeguard against potential exploitation.…
Read More
In February 2025, 13 hacking groups were identified, engaging in various cybercrimes including ransomware distribution, phishing attacks, and identity theft through sophisticated techniques. Each group employed unique methods to compromise targets and steal valuable information or funds, affecting numerous sectors globally. Affected: government, e-commerce, social media, enterprise security, individual users

Keypoints :

SectorJ09 used formjacking to steal financial information from e-commerce sites.…
Read More
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
This article discusses the latest developments of the Chinese state-sponsored threat actor UNC5174, known for its advanced cyber warfare techniques. The actor has transitioned from using the SUPERSHELL tool to the open source VShell, which has been integrated into their SNOWLIGHT malware campaign. This evolution highlights their persistent espionage activities targeting organizations in Western countries and critical infrastructure sectors, using stealthy methods including fileless malware and sophisticated command-and-control tactics.…
Read More
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Summary: A new campaign attributed to the China-linked threat actor UNC5174 employs a variant of the SNOWLIGHT malware and the VShell tool to breach Linux and macOS systems. These tools utilize open-source resources for obfuscation and cost-effectiveness, making attribution challenging. The campaign has been linked to attacks exploiting security flaws in Ivanti appliances, affecting multiple sectors worldwide.…
Read More
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
Summary: A North Korea-linked hacking group, referred to as Slow Pisces, has been linked to a series of malicious campaigns targeting cryptocurrency developers, delivering stealer malware disguised as job-related coding challenges. The group uses platforms like LinkedIn for recruitment lures, employing multi-stage attacks that focus on individual victims rather than broad phishing methods.…
Read More
New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
Summary: A sophisticated new malware family named ResolverRAT has emerged, primarily targeting organizations in the healthcare and pharmaceutical sectors. This advanced malware utilizes in-memory execution, layered evasion techniques, and complex infrastructure to evade detection and facilitate attacks via phishing emails. Researchers assert that despite some similarities to prior malware campaigns, ResolverRAT represents a distinct threat due to its unique operational characteristics and methods.…
Read More
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
The article discusses Slow Pisces, a North Korean state-sponsored hacking group focused on cryptocurrency theft. The group employs social engineering, particularly on LinkedIn, to deliver malware disguised as coding challenges to cryptocurrency developers. They successfully stole over billion in 2023, using clever tactics that involve fake applications and supply chain compromises.…
Read More
Lazarus_Linked_Malware_Targets_Windows
This analysis of the APT38 malware highlights the sophisticated methods used by the Lazarus Group, emphasizing the malware’s malicious capabilities and behaviors, such as process injection and command and control operations. The findings indicate the need for immediate security measures against such threats. Affected: Windows, Linux, macOS, financial institutions, government agencies, corporate networks

Keypoints :

The malware analyzed is linked to the Lazarus Group, a state-sponsored APT associated with North Korea.…
Read More
🔒 Cybersecurity And Much More – Vol. 5 2
This newsletter highlights various recent security breaches and critical vulnerabilities affecting major organizations like DBS Group, Oracle, Europcar, and more. It emphasizes the increasing trend of supply chain attacks, challenges posed by legacy systems, and the need for vigilant vendor security assessments. Affected: DBS Group, Bank of China, Oracle Cloud, Europcar Mobility Group, State Bar of Texas, Port of Seattle, Google Gemini, Microsoft Windows, Linux Kernel, Apache Tomcat, reviewdog/action-setup, Chromium, Juniper Junos OS, Apple WebKit

Keypoints :

Multiple significant breaches reported, including ransomware attacks and data exposure.…
Read More
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Email addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Leaks • Hidden Services • Social Networks • Phone numbers • Images • Threat Intelligence • Web History • Files • Surveillance cameras • Crypto • People

General Search EnginesGoogleBingYahoo!YandexAskBaiduSearXNGEXALeadDuckDuckGoSwisscowsNaverAOLBraveYepGibiruKagiStractServersShodan – Search Engine for the Internet of EverythingCensys Search – Search Engine for every server on the Internet to reduce exposure and improve securityOnyphe.io …
Read More
CentreStack RCE exploited as zero-day to breach file sharing servers
Summary: A zero-day vulnerability in Gladinet CentreStack’s file-sharing software has been exploited since March 2025, allowing hackers to breach storage servers through a deserialization flaw. The vulnerability, tracked as CVE-2025-30406, affects versions up to 16.1.10296.56315 and is linked to a hardcoded machineKey in the configuration that could be exploited for remote code execution.…
Read More