PERSISTENCE Archives - Page 2 of 126 - Cybersecurity News Everyday

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Summary: Malicious hackers are exploiting the ‘mu-plugins’ directory in WordPress to conceal malware, which is difficult for standard security checks to detect. Recently identified files, such as redirect.php and index.php, facilitate backdoor access, redirect users to harmful sites, and alter site content. The exploitation often stems from vulnerabilities such as weak credentials and poorly configured server permissions.…

Threat Research

APT44’s ASPX Web Shell Utilizes Obfuscation Techniques and Firewall Rule Manipulation to Evade Detection

March 31, 2025 AnalysisSpace

The Sandworm Team, a destructive threat group linked to Russia’s military intelligence, has displayed a new trend by using an ASPX web shell in 2024. This web shell, while simple, allows for various malicious activities such as executing system commands, managing files, and creating firewall rules.…

Cyber Attack

Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

March 31, 2025 LeakNews

Summary: This week’s cybersecurity insights highlight vulnerabilities in widely used systems like Chrome and Kubernetes, as well as emerging threats from phishing-as-a-service operations. The coverage includes data leaks, ransomware trends, and the importance of vigilance against common oversights that can lead to security breaches. Additionally, the impact of recent legal cases and developments in AI-driven cyber threats are discussed.…

Threat Research

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

March 31, 2025 TrendMicro

The cyberespionage group Earth Alux, linked to China, employs sophisticated techniques to target critical sectors in the Asia-Pacific (APAC) and Latin America. Their primary backdoor, VARGEIT, facilitates stealthy data exfiltration, affecting vital industries including government, technology, and logistics. To mitigate the risks of such cyber threats, organizations should adopt proactive security measures.…

Threat Research

From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

March 31, 2025 SekoiaIO

In March 2025, the Bybit crypto exchange was targeted by the Lazarus group, causing the theft of .5 billion, marking one of the largest crypto heists ever. This incident is part of a larger trend of DPRK-affiliated cyberattacks on cryptocurrency platforms to fund its military programs.…

Threat Research

RST TI Report Digest: 31 Mar 2025

March 31, 2025March 31, 2025 iocOne

This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors.…

Threat Research

The Ransom Group D0glun: Hidden Threat or Just for Fun?

March 31, 2025 AnalysisSpace

The D0glun ransomware, first identified on January 16, 2025, showcases a unique method of operation, targeting victims by displaying their private information and requiring a key and ID for file decryption. The attack seems motivated by low confidence, potentially signaling an inept beginner. Affected: ransomware, cybersecurity

Keypoints :

D0glun ransomware was first submitted on January 16, 2025.…

Threat Research

Hidden Malware Strikes Again: Mu-Plugins Under Attack

March 30, 2025 Sucuri

This article discusses the emergence of new malware variants targeting WordPress websites through the mu-plugins directory. Threat actors are using this less visible directory to hide malicious code, affecting site security and integrity. The malware includes fake updates, webshells, and spam injectors, demonstrating persistent attacks on WordPress installations.…

Cyber Security News

CISA Warns of RESURGE Malware Exploiting Ivanti Vulnerability

March 29, 2025 Cyware

Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on a new malware variant called RESURGE, which has sophisticated persistence and manipulation capabilities, particularly linked to a known vulnerability in Ivanti products. The report highlights detailed mitigation measures in response to RESURGE’s exploitation of the CVE-2025-0282 vulnerability.…

Threat Research

Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques

March 29, 2025 Cyfirma

The report details Konni RAT, a sophisticated remote access Trojan that targets Windows systems for espionage and data exfiltration. It utilizes a multi-stage attack process leveraging batch files, PowerShell scripts, and VBScript to covertly collect sensitive data and maintain persistence, all while avoiding detection through complex evasion tactics.…

Threat Research

Apache Tomcat: CVE-2025-24813

March 29, 2025 RecordedFuture

CVE-2025-24813 is a critical vulnerability in Apache Tomcat that can allow remote, unauthenticated attackers to execute arbitrary code or access sensitive files. Organizations using vulnerable versions need to apply patches to protect their systems. Affected: Apache Tomcat

Keypoints :

Critical path equivalence vulnerability in Apache Tomcat, identified as CVE-2025-24813.…

0Trash

College Cybersecurity Notes Module 2 The Security Environment

March 29, 2025March 31, 2025 iocOne

This guide covers essential cybersecurity concepts, including definitions of cybercrime, the principles of cybersecurity, types of threats, vulnerabilities, and secure software development practices. Understanding these elements is crucial for organizations and individuals to strengthen their defenses against increasing cyber threats. Affected: Cybersecurity sector, organizations, individuals

Keypoints :

Cybercrime includes illegal activities performed using computers or the internet, such as hacking and phishing.…

Threat Research

Lotus Blossom: New Sagerunex Backdoor Variants Are Targeting APAC Governments

March 28, 2025 Picussecurity

The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…

Threat Research

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

March 28, 2025 TrendMicro

Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…

Cyber Security News

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

March 28, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified a new malware named CoffeeLoader, which is designed to download and execute secondary malware payloads while evading detection. This sophisticated loader exhibits behavioral similarities to the previously known SmokeLoader and employs various techniques to bypass security measures. CoffeeLoader primarily targets users through phishing campaigns and exploits vulnerabilities in systems for persistence and execution.…

Threat Research

TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications

March 28, 2025 Cyble

The TsarBot Android Banking Trojan targets over 750 applications, employing phishing sites and overlay attacks to steal sensitive information. It can manipulate the device’s screen, perform fraudulent transactions, and capture user credentials via a fake lock screen. This threat emphasizes the persistent dangers posed by banking malware.…

Threat Research

How an Exposed Jenkins Instance Led to a Full-Scale Infrastructure Compromise

March 28, 2025 CloudSek

This article discusses the risks associated with misconfigured Jenkins instances in CI/CD pipelines, highlighting a specific case where an exposed Jenkins service led to unauthorized access and severe security vulnerabilities. The findings from CloudSEK’s BeVigil underscore the potential consequences of such misconfigurations, including remote code execution, credential theft, and regulatory risks.…

Threat Research

I Am Not A Robot

March 28, 2025March 28, 2025 Securonix

Recent social engineering tactics have evolved to include a variant of the SectopRAT malware, which is disguised as a Cloudflare verification challenge. This Remote Access Trojan employs extensive techniques for data exfiltration and uses various evasion methods to avoid detection. Affected: Users, Browsers, Cryptocurrency Holders

Keypoints :

ClickFix-style social engineering techniques are becoming more prevalent among threat groups.…

Cyber Security News

Chinese FamousSparrow hackers deploy upgraded malware in attacks

March 28, 2025 BleepingComputer

Summary: A China-linked cyberespionage group named ‘FamousSparrow’ is actively using a new modular version of its backdoor ‘SparrowDoor’ to target a US-based trade organization and other entities, including a Mexican research institute and a Honduran government institution. ESET researchers have observed significant advancements in the malware’s capabilities, such as parallel command execution and a new plugin-based architecture.…

Cyber Security News

Russian Espionage Group Using Ransomware in Attacks

March 28, 2025 CybersecurityNews

Summary: RedCurl, a Russian-speaking threat actor, has shifted tactics by deploying a new ransomware called QWCrypt, primarily targeting virtual machines. This marks a notable change from its previous focus on corporate espionage since 2018. The group uses phishing methods for initial access while maintaining a low profile and avoiding public ransom demands.…

Tag: PERSISTENCE