Tag: PAYLOAD

Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
Exposed Jupyter Notebooks Targeted to Deliver Cryptominer
Cado Security Labs uncovered a new cryptomining campaign that exploits misconfigured Jupyter Notebooks across Windows and Linux systems. This campaign employs a series of executables, scripts, and binary downloads to install cryptominers targeting various cryptocurrencies. Affected: Jupyter Notebooks, Windows systems, Linux systems, cloud environments

Keypoints :

A cryptomining campaign utilizes Jupyter Notebooks, targeting Windows and Linux.…
Read More
SVC New Stealer on the Horizon
SvcStealer 2025 is a sophisticated information-stealing malware delivered through spear phishing emails. It captures sensitive data from victims, including credentials and cryptocurrency wallet information, and sends it to a command and control (C2) server. With a focus on evading detection, it deletes traces of its activities and can potentially download additional malware.…
Read More
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
Summary: A targeted malware campaign by the Russian state-aligned group Gamaredon is exploiting Windows shortcut files to disseminate the Remcos backdoor, primarily targeting users in Ukraine. By masquerading as sensitive military documents, this operation takes advantage of the ongoing geopolitical strife, using sophisticated techniques for stealth and access retention.…
Read More
The Ransom Group D0glun: Hidden Threat or Just for Fun?
The D0glun ransomware, first identified on January 16, 2025, showcases a unique method of operation, targeting victims by displaying their private information and requiring a key and ID for file decryption. The attack seems motivated by low confidence, potentially signaling an inept beginner. Affected: ransomware, cybersecurity

Keypoints :

D0glun ransomware was first submitted on January 16, 2025.…
Read More
Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging
APT28 has been observed conducting cyber espionage activities focusing on Central Asia and Kazakhstan. This analysis explores a heavily obfuscated malware sample, assessing its capabilities, particularly its use of VBScript and interaction with a command-and-control server. Affected: APT28, Central Asia, Kazakhstan

Keypoints :

APT28 is engaged in cyber espionage targeting Central Asia and Kazakhstan.…
Read More
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks
Summary: Seqrite Labs reports on a malicious campaign using SnakeKeylogger, an advanced info-stealing malware, which employs a multi-stage infection chain and stealthy execution methods to extract sensitive data from victims. The infection begins with malicious spam emails that contain disguised executable files, leading to the deployment of sophisticated payloads that evade detection.…
Read More
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
Summary: A malware campaign has compromised approximately 150,000 websites by injecting malicious JavaScript to redirect users to Chinese-language gambling platforms. These attacks utilize iframe tactics for full-screen overlays, targeting visitors of infected sites. Another related operation, dubbed DollyWay, has affected over 20,000 websites globally by redirecting traffic through a complex network of compromised WordPress sites to various scam pages.…
Read More
Apache Tomcat: CVE-2025-24813
CVE-2025-24813 is a critical vulnerability in Apache Tomcat that can allow remote, unauthenticated attackers to execute arbitrary code or access sensitive files. Organizations using vulnerable versions need to apply patches to protect their systems. Affected: Apache Tomcat

Keypoints :

Critical path equivalence vulnerability in Apache Tomcat, identified as CVE-2025-24813.…
Read More
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Summary: Cybersecurity researchers have identified a new malware named CoffeeLoader, which is designed to download and execute secondary malware payloads while evading detection. This sophisticated loader exhibits behavioral similarities to the previously known SmokeLoader and employs various techniques to bypass security measures. CoffeeLoader primarily targets users through phishing campaigns and exploits vulnerabilities in systems for persistence and execution.…
Read More
Detecting Obfuscated PowerShell Attacks Using Sysmon and the ELK Stack
This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defenders with hands-on experience in threat detection. The lab teaches students to recognize malicious activities, log telemetry, and utilize practical tools for cybersecurity defenses.…
Read More
I Am Not A Robot
Recent social engineering tactics have evolved to include a variant of the SectopRAT malware, which is disguised as a Cloudflare verification challenge. This Remote Access Trojan employs extensive techniques for data exfiltration and uses various evasion methods to avoid detection. Affected: Users, Browsers, Cryptocurrency Holders

Keypoints :

ClickFix-style social engineering techniques are becoming more prevalent among threat groups.…
Read More
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
Summary: An APT group linked to Pakistan, referred to as APT36 or Transparent Tribe, has launched a fake website mimicking India’s postal system to infect users on both Windows and Android platforms. The site delivers malware through a deceptive PDF for Windows users and a malicious app for Android users, both of which are designed to harvest sensitive information.…
Read More
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Summary: Hackers continue to exploit Microsoft Office documents, using phishing attacks, vulnerabilities, and creative tactics to gain access to systems. This article highlights three primary exploits: phishing with Office files, the CVE-2017-11882 Equation Editor exploit, and the Follina vulnerability. Organizations must take proactive steps to secure their environments against these persistent threats.…
Read More
XWorm Unmasked: Weaponizing Script Obfuscation and Modern Evasion Techniques
The XWorm malware family utilizes advanced obfuscation techniques and scripting languages such as VBScript, Batch, and PowerShell to create a sophisticated Remote Access Trojan (RAT). It employs multi-stage payload delivery methods and evasion tactics to avoid detection. Affected: XWorm malware, organizations using Windows operating systems

Keypoints :

XWorm malware uses VBScript, Batch, and PowerShell scripts for modular and advanced obfuscation.…
Read More