Tag: MONITOR

RedCurl’s Ransomware Debut: A Technical Deep Dive
This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…
Read More
Counter-Strategy Against State-Sponsored Proxies & China
This article discusses strategies to counter China’s use of state-sponsored proxies in hybrid warfare. It analyzes the threats posed by these proxies, such as cyber groups and political influence networks, and outlines a comprehensive approach utilizing frameworks like DIMEFIL and SWOT. A coordinated response involving diplomatic, military, economic, and cyber measures is emphasized to effectively deter and disrupt China’s hybrid tactics.…
Read More
RolandSkimmer: Silent Credit Card Thief Uncovered
The “RolandSkimmer” campaign utilizes malicious browser extensions and LNK files to execute persistent credit card skimming attacks, primarily targeting users in Bulgaria. The malware collects sensitive data through deceptive mechanisms while maintaining stealth and adaptation to its victims’ environments. Affected: Microsoft Windows, Chrome, Edge, Firefox

Keypoints :

The “RolandSkimmer” campaign targets Microsoft Windows users through malicious LNK files and browser extensions.…
Read More
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks
The Socket research team uncovered a malicious Python package named disgrasya on PyPI, designed to automate carding attacks against WooCommerce stores using CyberSource as a payment gateway. This openly malicious tool facilitates the testing of stolen credit card numbers, allowing low-skilled fraudsters to simulate transactions without raising fraud detection alarms.…
Read More
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Ransomware attacks, specifically the so-called Babuk Locker 2.0, have resurfaced in 2025, attributed to groups named Skywave and Bjorka. Investigations reveal that Babuk Locker 2.0 is essentially a rebranding of LockBit 3.0, utilizing similar techniques and targeting high-profile organizations across various sectors. Affected: organizations, government agencies, cybercriminal sectors

Keypoints :

Ransomware threat persists, causing significant organizational disruption.…
Read More
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor
Summary: The advancement of artificial intelligence has lowered the barrier to entry for cybercrime, enabling even inexperienced individuals to perpetrate sophisticated attacks. Despite guardrails in AI systems, malicious actors have discovered ways to misuse them for developing malware. This trend foretells an increase in low-skilled threat actors using AI to execute varying levels of cyberattacks.…
Read More
How SSL Misconfigurations Impact Your Attack Surface
Summary: This content discusses the critical importance of properly configuring SSL certificates to mitigate cybersecurity risks, particularly focusing on the vulnerabilities presented by SSL misconfigurations. It highlights that many organizations fail to address these configurations properly, exposing themselves to various cyber threats. The article suggests that using a robust External Attack Surface Management (EASM) solution can significantly enhance an organization’s security posture.…
Read More
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
Summary: A new phishing-as-a-service platform, Lucid, has emerged, targeting 169 entities across 88 countries through advanced smishing techniques. Utilizing Apple iMessage and RCS, Lucid bypasses traditional anti-phishing measures, enabling significant increases in phishing success rates. This sophisticated model threatens financial security as it focuses primarily on harvesting credit card information and personally identifiable information (PII).…
Read More
Python-based RAT Abuses Discord API to Execute Data Theft Attacks
Summary: This report analyzes a Python-based Remote Access Trojan (RAT) that utilizes Discord’s API for malicious activities, including command execution and credential theft. It provides a detailed examination of the RAT’s code and behavior, revealing its capabilities for remote machine control and espionage. Recommendations for combating this cyber threat emphasize the importance of enhanced security measures and user education.…
Read More
French regulator fines Apple 2 million for anticompetitive use of privacy tool
Summary: Apple has been fined €150 million by French regulators for anticompetitive practices related to its App Tracking Transparency (ATT) tool. The French Competition Authority found that Apple’s implementation of ATT created an unfair market advantage, harming smaller app publishers dependent on third-party data collection. Despite the fine, which is minor compared to Apple’s revenues, the regulation did not require Apple to make changes to the tool.…
Read More
Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
Exposed Jupyter Notebooks Targeted to Deliver Cryptominer
Cado Security Labs uncovered a new cryptomining campaign that exploits misconfigured Jupyter Notebooks across Windows and Linux systems. This campaign employs a series of executables, scripts, and binary downloads to install cryptominers targeting various cryptocurrencies. Affected: Jupyter Notebooks, Windows systems, Linux systems, cloud environments

Keypoints :

A cryptomining campaign utilizes Jupyter Notebooks, targeting Windows and Linux.…
Read More
Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump
This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…
Read More
Microsoft’s killing script used to avoid Microsoft Account in Windows 11
Summary: Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which enabled users to bypass the Microsoft Account requirement during OS installation. This change aims to enhance security and promote cloud-based services associated with Microsoft Accounts. While the script is gone, users can still create the bypass manually via the Windows Registry, potentially facing future restrictions on this method.…
Read More
New Crocodilus malware steals Android users’ crypto wallet keys
Summary: A new Android malware named Crocodilus employs social engineering tactics to lure users into revealing their cryptocurrency wallet seed phrases. Disseminated through a sophisticated dropper that evades Android security, it allows attackers to hijack devices and compromise bank accounts. Initially reported in Turkey and Spain, it demonstrates extensive capabilities to remotely control the device and manipulate users, putting their financial assets at risk.…
Read More
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More