Tag: SMTP

Hidden Threats of Game Assistants | Analysis Report on the “Catlavan” Backdoor Spread in Gaming Forums
As the user base for online gaming grows, so does the gray market for cheats and auxiliary software, which has also led to the spread of malware. A breakthrough in malicious file detection technology by BinaryAI identifies a recent attack targeting users in Russian-based gaming environments, linked to a backdoor named “Catlavan.”…
Read More
Targeted supply chain attack against Chrome browser extensions
This article discusses a supply chain attack on Chrome browser extensions that began in December 2024, where attackers exploited a phishing vulnerability to inject malicious code. This breach compromised a number of extensions, risking sensitive user data including authentication tokens. Investigations revealed the attackers’ sophisticated methods and infrastructure, highlighting the ongoing threats posed by such supply chain vulnerabilities.…
Read More
Nmap for Beginners
Nmap is a powerful network scanning tool used for discovering hosts and services on a network. This overview provides tips on maximizing its potential, including the use of various flags for enhanced scanning, such as aggressive scans and vulnerability detection. Affected: network security, penetration testing, bug bounty programs

Keypoints :

Nmap is used for network probing, service discovery, and operating system identification.…
Read More

➡️ 𝐏𝐫𝐞-𝐫𝐞𝐪𝐮𝐢𝐬𝐢𝐭𝐞𝐬⭐ Introduction to Malware Analysis https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Introduction-to-Malware-Analysis.md⭐ Malware Analyst Guide 2024 https://youtu.be/tUsx0I0TK54➡️ 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐏𝐫𝐨𝐣𝐞𝐜𝐭𝐬⭐ Static Analysis of a Simple Malware Sample https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Project Static Analysis of a Simple Malware Sample.md⭐ Analyzing FTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%232-analyzing-ftp-logs-using-splunk-siem.md⭐ Analyzing HTTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%233-analyzing-http-logs-using-splunk-siem.md⭐…

Read More
Hack The Box Escape
This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box

Keypoints :

The box “Escape” is rated Medium and is the author’s first Active Directory machine.…
Read More
Cybersecurity News Review Week 2
This article discusses recent significant developments in cybersecurity, including vulnerabilities in Ivanti products, phishing scams, data exposure issues, and new government initiatives aimed at improving cyber resilience. Affected: Ivanti Connect Secure, CrowdStrike, Motorola ALPR, Gmail, WordPress, CISA, UK Government

Keypoints :

Ivanti disclosed two high-severity vulnerabilities (CVE-2025–0282, CVE-2025–0283) affecting its products.…
Read More
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets
Socket’s threat research team has identified malicious npm packages that exfiltrate Solana private keys via Gmail. These packages, which typosquat popular libraries, serve as malware that drains victims’ wallets. The threat actors utilize overlapping tactics and Gmail’s SMTP servers for data exfiltration, making detection difficult. The malicious packages remain live on npm, prompting efforts for their removal.…
Read More

### #InvoiceNinjaExploits #SSRFvulnerability #PDFGenerationThreats

Summary: A newly discovered SSRF vulnerability in Invoice Ninja could allow attackers to read sensitive files from the host server, posing significant risks to users and organizations. This flaw, tracked as CVE-2024-53353, can be exploited through the platform’s PDF generation feature by both local and low-privileged users.…

Read More

Kimsuky, a North Korean cyber threat group, has been active since at least 2013, focusing on espionage against political, economic, and military targets. Their sophisticated tactics include spear phishing, malware deployment, and advanced evasion techniques, making them a persistent threat in the cybersecurity landscape. #Kimsuky #CyberThreat #APT

Keypoints :

Kimsuky, also known as Black Banshee, has been active since 2013 and is state-sponsored by North Korea.…
Read More

This report details a sophisticated email phishing campaign targeting businesses, utilizing trusted brand names to distribute malware through malicious attachments. The attackers employ various tactics to deceive victims into downloading and executing harmful files, leading to data theft and system compromise. #Phishing #Malware #CyberSecurity

Keypoints :

Targeted businesses through deceptive email phishing campaigns.…
Read More

### #NovaKeylogger #CredentialTheft #DataExfiltration

Summary: Nova, a newly identified variant of the Snake Keylogger family, employs sophisticated techniques to steal sensitive information while avoiding detection. Its advanced capabilities pose significant challenges in the realm of cybersecurity, particularly in credential theft and data exfiltration.

Threat Actor: Unknown | Nova Victim: Individuals and organizations | individuals and organizations

Key Point :

Nova gathers detailed victim information through network behavior, including public IP and geographical location.…
Read More

Androxgh0st is a sophisticated Python-based malware that exploits vulnerabilities in popular web frameworks, particularly Laravel, to execute remote code and harvest sensitive credentials. Its botnet capabilities and advanced evasion techniques make it a significant threat to cloud and web security. Organizations must adopt proactive defense strategies to mitigate this persistent threat.…
Read More

Summary: Nova, a fork of the Snake Keylogger, showcases advanced evasion techniques and sophisticated data exfiltration methods, posing a significant threat to cybersecurity. Keypoints: NOVA is a newly discovered variant of the Snake Keylogger family, known for its credential-stealing capabilities. It employs advanced evasion techniques such as process hollowing and obfuscation to avoid detection.…
Read More

Summary: Microsoft has disclosed a critical vulnerability (CVE-2024-49040) in Exchange Server that allows attackers to spoof legitimate email senders, potentially enhancing the effectiveness of phishing attacks. Discovered by researcher Vsevolod Kokorin, the flaw affects Exchange Server 2016 and 2019, prompting Microsoft to implement detection and warning measures in recent updates.…

Read More

Summary:

HawkEye, also known as PredatorPain, is a long-standing malware primarily functioning as a keylogger but has evolved to include functionalities typical of stealers. Initially emerging in 2008, it gained notoriety through spearphishing campaigns and has been utilized by various threat actors. Its delivery methods have diversified over time, and it has shown resilience in adapting to new evasion techniques and maintaining persistence on infected systems.…
Read More