Tag: MONITOR

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
Investigative Journalists in Serbia Hit by Advanced Spyware Attack
Summary: Two Serbian journalists from the Balkan Investigative Reporting Network (BIRN) were targeted with Pegasus spyware, confirming a disturbing trend of digital surveillance against civil society in Serbia. This incident marks the third use of Pegasus spyware against Serbian activists in recent years, highlighting the ongoing repression and intimidation faced by journalists.…
Read More
Firefox Patch Released as Mozilla Addresses Chrome-Like Security Threat
Summary: Mozilla has released an urgent update for Firefox on Windows to fix a critical sandbox escape vulnerability (CVE-2025-2857) that may allow unauthorized system access. This update comes in response to a recent similar exploit found in Google Chrome, highlighting growing concerns over browser security. Users are strongly urged to update their browsers immediately to ensure protection against this and similar vulnerabilities.…
Read More
Detecting Obfuscated PowerShell Attacks Using Sysmon and the ELK Stack
This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defenders with hands-on experience in threat detection. The lab teaches students to recognize malicious activities, log telemetry, and utilize practical tools for cybersecurity defenses.…
Read More
StreamElements Confirms Third-Party Data Breach from an Infostealer Infection
StreamElements has reported a serious data breach affecting over 100,000 individuals due to a third-party service provider’s compromise. Sensitive data, including names, addresses, and emails, was accessed via a Redline Infostealer infection that targeted an employee’s credentials, leading to unauthorized access to their merchandise operations. Affected: StreamElements, Gooten.com,…
Read More
Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation
Summary: A critical security vulnerability (CVE-2025-30232) has been discovered in Exim, a popular message transfer agent for Unix systems. This use-after-free vulnerability may allow local privilege escalation under specific conditions. Administrators of affected Exim versions are advised to apply security patches promptly and review their security practices to mitigate risks.…
Read More
Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild
Summary: A critical zero-day vulnerability, CVE-2025-30355, has been found in Synapse, a Matrix homeserver, allowing for denial-of-service attacks through malformed events. This flaw is actively being exploited, impacting Synapse versions up to 1.127.0. Administrators are urged to upgrade to version 1.127.1 to mitigate risks.

Affected: Synapse (Matrix homeserver implementation)

Keypoints :

Vulnerability CVE-2025-30355 has a CVSS score of 7.1.…
Read More
More Solar System Vulnerabilities Expose Power Grids to Hacking 
Summary: Researchers at Forescout have identified over 90 vulnerabilities within solar power products from leading vendors like Sungrow, Growatt, and SMA, highlighting serious risks to electrical grids. Newly discovered vulnerabilities could allow attackers to hijack inverters and execute arbitrary code, potentially disrupting power supply and compromising user data.…
Read More
SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch
Summary: A critical security vulnerability (CVE-2025-26512) has been discovered in NetApp’s SnapCenter software, allowing authenticated users to escalate privileges and gain unauthorized administrative access. This flaw affects SnapCenter versions prior to 6.0.1P1 and 6.1P1, with a CVSS score of 9.9. While no public exploitation has been detected, organizations are urged to update to the latest versions to mitigate risks.…
Read More
Multiple CVEs Found in Ingress-NGINX—Patch Now to Prevent Cluster Compromise
Summary: A set of vulnerabilities in Ingress-NGINX Controller for Kubernetes poses significant security risks, including unauthorized remote code execution and potential full cluster takeover for versions prior to 1.12.1 and 1.11.5. The Australian Cyber Security Centre has outlined specific vulnerabilities that could allow attackers to manipulate configurations and access sensitive credentials.…
Read More
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…
Read More
CoffeeLoader: A Brew of Stealthy Techniques
Zscaler ThreatLabz has uncovered CoffeeLoader, a sophisticated malware family capable of bypassing detection mechanisms and deploying second-stage payloads. Originating in September 2024, CoffeeLoader employs advanced evasion techniques like GPU execution, call stack spoofing, and sleep obfuscation. It is primarily distributed through SmokeLoader and can utilize DGA for command-and-control communication.…
Read More
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Summary: A Chinese hacker group, FamousSparrow, has launched cyber attacks targeting a U.S. trade group and a Mexican research institute, deploying advanced versions of their backdoor tools, SparrowDoor and a new variant of ShadowPad. This marks the first observed use of ShadowPad by this group, which has a history of attacks involving hotel and government sectors.…
Read More
Chinese ‘FamousSparrow’ hackers back from the dead and targeting North America, researchers say
Summary: A Chinese hacking group known as FamousSparrow, previously considered dormant, has resurfaced to target organizations in the U.S., Mexico, and Honduras. Researchers from ESET discovered upgrades to their backdoor tool, SparrowDoor, indicating ongoing cyber-espionage activities since 2022. The group is linked to a series of attacks on various sectors, including government and research institutes, using sophisticated malware and tools, showcasing a notable evolution in their tactics.…
Read More
Next.js CVE-2025-29927: Tryhackme Writeup
A critical vulnerability identified as CVE-2025-29927 has been discovered in Next.js, a widely-used web framework. This flaw enables attackers to bypass middleware-based authorization, posing significant security risks for applications built on Next.js, including e-commerce sites and SaaS platforms. Developers are urged to upgrade to the latest versions to prevent unauthorized access.…
Read More
Pentesting for Biotech: Simulating a Cyberattack on Your Genomic Data
Biotech firms, holding sensitive data such as patient genomes and drug formulas, are prime targets for cyberattacks due to their high value. Cybercriminals can exploit such data for financial gain, leading to risks that include compromised patient safety and legal penalties. Biotech penetration testing is crucial to safeguard against these threats, simulating attacks to identify and mitigate vulnerabilities in systems critical to research and patient data.…
Read More
Arkana Ransomware Group Hacks WideOpenWest Using Data from an Infostealer Infection
The Arkana ransomware group has claimed a massive breach of WideOpenWest (WOW!), one of the largest ISPs in the U.S., exposing over 403,000 customer accounts. This breach originated from an infostealer infection in September 2024, highlighting the urgent need for improved monitoring of such threats. Affected: WideOpenWest, customers, ISPs

Keypoints :

The Arkana ransomware group claimed responsibility for breaching WideOpenWest, exposing over 403,000 customer accounts.…
Read More
YouTube Creators Under Siege Again: Clickflix Technique Fuels Malware Attacks
This report reveals a sophisticated malware campaign targeting YouTube creators through spearphishing, utilizing the Clickflix technique to deceive victims into executing malicious scripts. Attackers leverage brand impersonation and exploit interest in professional collaborations to spread malware via meticulously crafted phishing emails. Once activated, the malware steals sensitive data or allows remote access.…
Read More