Tag: SMTP

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Summary: This week’s cybersecurity insights highlight vulnerabilities in widely used systems like Chrome and Kubernetes, as well as emerging threats from phishing-as-a-service operations. The coverage includes data leaks, ransomware trends, and the importance of vigilance against common oversights that can lead to security breaches. Additionally, the impact of recent legal cases and developments in AI-driven cyber threats are discussed.…
Read More
Intercept VulnLab RBCD & Another word For ESC7
This article provides a detailed write-up on a recent Active Directory exploitation exercise. The author, known as Maverick, shares their experiences and methods used for exploiting vulnerabilities such as NTLM relay attacks, credential dumping, and privilege escalation within a Windows environment. The write-up includes steps taken to gain access, perform reconnaissance, exploit SMB shares, capture NTLM hashes, and escalate privileges through various attack vectors.…
Read More
Beware! Hacker Group Lazarus Deploys Malware Packages on npm Platform; SolarWinds Helpdesk Vulnerability Exposed: Attackers Can Decrypt Sensitive Passwords – Security Bull
A recent security report highlights multiple cyber threats, including the discovery of six malicious npm packages linked to the Lazarus hacker group, which are designed to steal sensitive credentials and deploy malware. Additionally, a serious vulnerability in SolarWinds’ web help desk has been uncovered, allowing attackers to decrypt sensitive credentials.…
Read More
MIIT CSTIS Warns: Prevent the Risks of Murdoc_Botnet; Google Fixes Two Exploited Android Zero-Day Vulnerabilities | NiuLian – Security Niu
The article discusses the current cyber threat landscape focusing on various incidents including the risks posed by the Murdoc_Botnet, which targets IoT devices and Unix-like systems, highlighting its infection methods and impact. The report also addresses a new DDoS botnet, Eleven11bot, and a series of cyberattacks on various sectors including Tata Technologies and the Polish Space Agency, along with vulnerabilities discovered in Google’s Android and HPE’s remote management tools.…
Read More
JavaGhost’s Persistent Phishing Attacks: Exploiting Cloud Environments for Long-Term Access
Summary: Security researchers from Unit 42 have identified a sophisticated phishing campaign led by the JavaGhost threat actor group, which has shifted its focus from website defacement to targeting cloud environments, particularly AWS. By exploiting misconfigurations in AWS, JavaGhost has successfully launched numerous phishing attacks using legitimate email services, allowing them to bypass traditional security measures.…
Read More
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Summary: Threat actors, identified as TGR-UNK-0011 and related to the JavaGhost group, are exploiting misconfigurations in Amazon Web Services (AWS) environments to conduct phishing campaigns. They have evolved their tactics since 2019, focusing on gaining unauthorized access through exposed AWS access keys and leveraging services like Amazon SES and WorkMail.…
Read More
Let’s Defend: SOC336 – Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025-21298)
This article delves into CVE-2025–21298, a critical zero-click Remote Code Execution vulnerability affecting Windows Object Linking and Embedding (OLE). This flaw enables attackers to execute arbitrary code without user interaction. Immediate action is necessary to mitigate the risks related to this vulnerability. Affected: Windows OLE, cybersecurity sectors, and end-user devices

Keypoints :

CVE-2025–21298 is a zero-click RCE vulnerability in Windows OLE.…
Read More
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
Summary: A new malware campaign, codenamed PolarEdge, targets edge devices like those from Cisco, ASUS, QNAP, and Synology, using a critical vulnerability to compromise routers and create a botnet. The malware exploits CVE-2023-20118, delivering a sophisticated TLS backdoor that allows for remote command execution. This campaign has reportedly infected over 2,000 unique IP addresses globally, raising concerns about its potential use for launching cyber attacks.…
Read More
Breach – VulnLab | Malicious File Upload to SMB, Kerberoasting, Silver Ticket, and AV Shenanigans
Maverick discusses a recent security testing engagement with the VulnLab machine, elaborating on a detailed attack sequence involving credential harvesting, Kerberoasting, and privilege escalation through Silver Ticket attacks. Despite facing tough AV defenses, the use of various exploits and tools like HoaxShell allowed successful exploitation and control over the MSSQL server.…
Read More
Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts
Summary: A botnet controlled by a China-linked threat actor has been conducting extensive password spraying attacks on Microsoft 365 accounts, utilizing over 130,000 compromised devices. These attacks exploit non-interactive sign-ins with Basic Authentication, which often bypass Multi-Factor Authentication (MFA). As Microsoft works towards phasing out Basic Authentication, security experts warn of the immediate risks posed by these stealthy attacks.…
Read More
Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments
Summary: A large botnet-driven campaign poses a significant risk to Microsoft 365 environments utilizing Basic Authentication, which Microsoft is phasing out. Attackers leverage a botnet of 130,000 compromised devices to execute password spraying attacks, exploiting non-interactive sign-ins to bypass security measures such as multifactor authentication. Security teams are urged to monitor non-interactive sign-in logs closely and to rotate credentials if suspicious activity is detected.…
Read More
Botnet targets Basic Auth in Microsoft 365 password spray attacks
Summary: A massive botnet comprising over 130,000 compromised devices is conducting widespread password-spray attacks against Microsoft 365 accounts, exploiting Basic Authentication to evade multi-factor authentication. This method allows attackers to use stolen credentials without triggering security alerts, posing significant risks to organizations relying on outdated authentication mechanisms.…
Read More
Testing ports for a reverse shell
This article discusses an automated approach to testing network ports for penetration testing and red teaming activities using Python scripts to create TCP listeners and various methods to determine which ports are accessible. The content emphasizes ethical practices, requiring explicit permission for such testing. Affected: penetration testing, red teaming

Keypoints :

Automated ping pong tests help identify open ports for reverse shells.…
Read More
Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign
Summary: A new variant of the Snake Keylogger (404 Keylogger) has been detected, targeting major web browsers to steal sensitive user information. Identified by FortiGuard Labs, this malware employs sophisticated evasion techniques and is linked to over 280 million blocked infection attempts worldwide. Organizations are urged to enhance their email security and adopt advanced detection tools to combat this threat effectively.…
Read More