Tag: PROXY

The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…
Read More
HellCat Ransomware: Exposing the TTPs of a Rising Ransomware Threat in 2025
HellCat Ransomware is a significant cyber extortion group that emerged in 2024, using advanced phishing techniques and exploiting vulnerabilities to target organizations. Their operations focus on data exfiltration and aggressive ransom demands, often collaborating with the Morpheus group. This article analyzes their tactics, techniques, and procedures to better understand their threat.…
Read More
Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations | CloudSEK
This report highlights the rise of Ramadan-related cyber scams, particularly targeting charitable contributions and crypto investments. Cybercriminals are exploiting the goodwill associated with Ramadan to spread fraudulent schemes, often using social engineering tactics to deceive victims. Understanding these scams is essential for safeguarding against potential losses.…
Read More
This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…
Read More
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Summary: The China-nexus cyber espionage group UNC3886 is targeting end-of-life MX routers from Juniper Networks to deploy custom backdoors that undermine security infrastructure. Recent developments indicate the group’s advanced capabilities to exploit network devices and evade detection by disabling logging mechanisms. Organizations are urged to update their Juniper systems to safeguard against these sophisticated attacks.…
Read More
Chinese cyberspies backdoor Juniper routers for stealthy access
Summary: Chinese hackers, linked to the UNC3886 group, have been identified deploying custom backdoors on end-of-life Juniper Networks’ Junos OS MX routers. The backdoors, primarily based on the TinyShell malware, exploit vulnerabilities to facilitate unauthorized access and data exfiltration. Mandiant’s report emphasizes the need for immediate device replacement and enhanced security measures to mitigate these threats.…
Read More
Analysis of Lazarus Group’s Attack on Windows Web Servers
The AhnLab Security Intelligence Center has reported ongoing attacks by the Lazarus group, which breaching South Korean web servers to install web shells and control scripts, notably LazarLoader malware for privilege escalation. The attackers utilize structured methodologies for command execution through newly defined C2 scripts. Affected: South Korean web servers, IT infrastructure

Keypoints :

The Lazarus group continues to exploit South Korean web servers to establish command and control (C2) infrastructure.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
From Foothold to Takeover: Mastering Pivoting Moves
This article provides an overview of pivoting and lateral movement techniques in cybersecurity, focusing particularly on the tool Ligolo-ng. Ligolo-ng is highlighted for its efficiency, user-friendliness, security features, and cross-platform compatibility, making it a valuable asset for penetration testers. The article explains how to set up Ligolo-ng and its advantages compared to other tunneling tools.…
Read More
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Sandworm, a threat actor linked to Russia’s GRU, has been conducting cyber espionage against Ukrainian Windows users by exploiting pirated software to distribute malware, notably the BACKORDER loader and Dark Crystal RAT. This activity has been ongoing since late 2023, coinciding with the Russian invasion of Ukraine, and highlights the vulnerabilities created by the country’s high rates of software piracy.…
Read More
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
Summary: A critical command injection vulnerability (CVE-2025-1316) affecting the Edimax IC-7100 IP camera is currently being exploited by botnet malware that compromises devices. Despite attempts by both Akamai and the U.S. Cybersecurity & Infrastructure Agency (CISA) to contact the manufacturer, Edimax, the device, categorized as end of life, is unlikely to receive further updates or a patch.…
Read More
Dark Web Profile: Ghost (Cring) Ransomware – SOCRadar® Cyber Intelligence Inc.
The Ghost (Cring) ransomware is a critical cybersecurity threat primarily targeting organizations with vulnerable systems, including healthcare, finance, government, and education sectors. This ransomware employs sophisticated techniques such as exploiting vulnerabilities, lateral movement, and advanced evasion methods to encrypt sensitive data and demand ransom payments. Affected: healthcare, financial services, government, critical infrastructure, manufacturing, education, professional services, retail, e-commerce

Keypoints :

Ghost (Cring) ransomware has been active since at least 2021, targeting vulnerable internet-facing systems.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Tracking Threat Actors: How Infrastructure Analysis Reveals Cyber Attack Patterns
This article discusses methodologies for clustering and analyzing cyber threats, focusing on the infrastructure used by the Iranian group Pioneer Kitten and its connections to other threat actors, including the North Korean IT workers. The emphasis is on the importance of cross-referencing diverse data sources to gain insights for long-term intelligence production.…
Read More
Bybit Hack: Lazarus Group Launders .4 Billion in Ethereum Through THORChain
Summary: On February 21, 2025, the cryptocurrency exchange Bybit was targeted in a cyberattack that resulted in the theft of 499,000 Ethereum (ETH), valued at around .4 billion. The North Korean Lazarus Group facilitated the laundering of the stolen funds, primarily converting them to Bitcoin (BTC) through cross-chain transactions and obfuscating their trail across thousands of wallet addresses.…
Read More