Tag: RECONNAISSANCE

Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign
Summary: Grafana path traversal vulnerabilities have been exploited as part of a larger campaign targeting server-side request forgery (SSRF) flaws across multiple platforms, according to GreyNoise. Over 400 IP addresses have been identified as orchestrating these coordinated attacks, reflecting potential automation in their exploitation strategies. The attacks primarily focused on entities in specific countries, suggesting a directed effort in reconnaissance and exploitation of vulnerabilities.…
Read More
Redelegate – VulnLab | ForceChangePassword, GenericAll, and Constrained Delegation
In this article, the author, known as Maverick, provides a detailed walkthrough of exploiting an Active Directory machine, showcasing various techniques such as DACL abuse and constrained delegation. Maverick employs tools like Nmap to identify vulnerabilities and FTP to download sensitive files, ultimately leading to privilege escalation through clever password management and attack vectors.…
Read More
The Rise of AI-Driven Cyber Attacks: How LLMs Are Reshaping the Threat Landscape
This article discusses the transformative impact of generative AI on cyberattacks, enhancing their speed and effectiveness, particularly through the use of Large Language Models (LLMs). It highlights how various Advanced Persistent Threat (APT) groups are employing AI for reconnaissance, phishing, vulnerability discovery, and malware development. As AI capabilities advance, cybersecurity professionals face growing challenges in defending against sophisticated AI-driven threats.…
Read More
SideWinder APT Group: Maritime & Nuclear Targets, Evolved Malware
Summary: The SideWinder APT group has intensified its cyber-espionage efforts, specifically targeting maritime and nuclear sectors, while continuously evolving its malware and persistence strategies. Kaspersky Labs highlights notable increases in attacks across South and Southeast Asia, the Middle East, and Africa, as the group demonstrates refined techniques to maintain operational stealth.…
Read More
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
Summary: North Korean hackers known as APT37 or ScarCruft are utilizing advanced phishing techniques to deploy the RokRat remote access Trojan (RAT) by delivering malicious ZIP files containing disguised LNK files. These attacks exploit real information to enhance credibility and execute a multi-stage infection process that gathers system details and exfiltrates data using legitimate cloud services.…
Read More
Stopping Sobolan Malware with Aqua Runtime Protection
Aqua Nautilus researchers have uncovered a new multi-stage attack campaign focused on interactive computing environments like Jupyter Notebooks. The attackers exploit unauthenticated instances to deploy malicious tools, hijack system resources, and maintain persistence, posing significant risks to cloud-native environments. Enhanced security measures are crucial to defend against such threats.…
Read More
Dark Web Profile: APT35
APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…
Read More
RST TI Report Digest: 10 Mar 2025
This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…
Read More
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
Summary: Cisco Talos has uncovered a sophisticated cyberattack campaign targeting various Japanese industries, actively exploiting a vulnerability in PHP-CGI for remote code execution. The attacks include credential theft, privilege escalation, and deployment of persistent backdoors facilitated by the Cobalt Strike toolkit. Despite similarities to previous hacker group tactics, the attackers’ identities remain unconfirmed.…
Read More
🚨Cyber Attack Chronicles🚨
The SolarWinds hack, a significant supply chain attack discovered in December 2020, compromised numerous Fortune 500 companies and government agencies, resulting in extensive cybersecurity repercussions. Attackers embedded malicious code into SolarWinds’ Orion software updates, infiltrating thousands of networks and highlighting the vulnerabilities in vendor trust. Affected: Fortune 500 companies, US Government agencies, SolarWinds

Keypoints :

The hack was discovered in December 2020, but the infiltration began as early as March 2020.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
GZR Observer Daily, Mar 7, 2025
The U.S. has introduced tariffs on Canadian goods, leading to retaliatory actions that may increase costs for 1.5 million customers in border states. This situation mirrors past global economic crises and highlights growing geopolitical tensions, trade wars, and implications for domestic industries. Affected: U.S. customers in border states, Canadian goods

Keypoints :

The U.S.…
Read More
Security Implications of Low-Code/No-Code Platforms: The Unseen Cyberwar
This article provides a thorough analysis of the security vulnerabilities associated with low-code/no-code (LCNC) platforms, exposing architectural flaws and real-world breaches. It outlines case studies involving significant breaches such as Microsoft Power Apps and Airtable, highlighting the negligence of platform providers. A call to action for stronger security practices and vendor accountability concludes the report.…
Read More
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
Summary: A malicious campaign targeting various sectors in Japan has been attributed to unknown threat actors exploiting the CVE-2024-4577 vulnerability in PHP. The attackers utilize Cobalt Strike plugins for post-exploitation, establishing persistent access and conducting reconnaissance to steal credentials and sensitive data. Their operations utilizing tools hosted on Alibaba cloud servers suggest that their motives may extend beyond credential harvesting, indicating potential future threats.…
Read More
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole .5 Billion in Bybit Heist
Summary: Safe{Wallet} disclosed details about a sophisticated cyberattack on Bybit, attributed to state-sponsored North Korean hackers. The attackers employed advanced social engineering techniques to compromise a developer’s machine and hijack AWS session tokens, enabling them to conduct covert operations. The incident highlights serious security vulnerabilities in the cryptocurrency industry, which faces record losses from hacks in 2025.…
Read More
Summary: Microsoft Threat Intelligence reports that the Chinese state-backed cyber-espionage group, Silk Typhoon, has shifted tactics to exploit IT supply chains by targeting remote management tools and cloud applications. Their focus on infiltrating IT service providers and infrastructure companies allows them to indirectly access downstream networks, posing significant risks to various sectors.…
Read More
Emulating the Relentless RansomHub Ransomware
RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) operation targeting organizations globally, implementing a double-extortion model that encrypts and steals sensitive data. The encryptor, encoded in C++ or Go, presents challenges for security analysis due to its password requirement for execution. Potential links to previous ransomware groups like Knight and BlackCat/ALPHV are noted.…
Read More