Tag: SQL INJECTION

RevivalStone: Attack Campaign Targeting Japanese Organizations by Winnti Group | LAC WATCH
The LAC Cyber Emergency Response Team confirmed a new attack campaign named “RevivalStone,” launched by the China-based “Winnti Group” in March 2024. This campaign targeted Japanese companies in the manufacturing, materials, and energy sectors, utilizing a new version of “Winnti malware.” The report elaborates on the campaign’s overall scope, the updated functionalities of the Winnti malware, and introduces detection and mitigation strategies against similar attacks.…
Read More
CVE-2024-12356 | AttackerKB
On December 16, 2024, BeyondTrust released patches for a critical remote code execution vulnerability (CVE-2024-12356) affecting their Remote Support and Privileged Remote Access products. This vulnerability has been linked to an attack on the U.S. Treasury Department, attributed to state-sponsored Chinese adversaries. Additionally, a related zero-day vulnerability in PostgreSQL (CVE-2025-1094) was discovered, which enabled exploitation through SQL injections.…
Read More
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Summary: Recent findings from Rapid7 indicate that the same threat actors exploiting a zero-day vulnerability in BeyondTrust software also took advantage of a SQL injection vulnerability in PostgreSQL, tracked as CVE-2025-1094. This vulnerability allows for arbitrary code execution through the interactive tool psql due to improper handling of invalid UTF-8 characters.…
Read More
Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
Summary: A new zero-day vulnerability (CVE-2025-1094) in PostgreSQL has been identified, enabling SQL injection via the psql interactive terminal, which has been linked to exploits against BeyondTrust Remote Support products. The exploitation of this PostgreSQL flaw has been confirmed as a critical component used in attacks, including those compromising systems at the US Treasury Department.…
Read More
Summary: A series of critical vulnerabilities in the Ivanti Cloud Service Appliance (CSA) 4.6 have been actively exploited, allowing remote attackers to execute arbitrary commands and manipulate SQL queries. Despite reaching its end-of-life in 2024, attackers target the platform, leveraging a chain of vulnerabilities to gain initial access and deploy persistent webshells.…
Read More
XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities – SOC Prime
Recent findings suggest that the XE Group, a Vietnam-linked hacking collective, has exploited zero-day vulnerabilities in VeraCore (CVE-2024-57968 and CVE-2025-25181) to deploy reverse shells and maintain stealthy access to targeted systems. This represents an evolution in their tactics, which previously focused on credit card data theft and supply chain attacks.…
Read More
US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin reports on new vulnerabilities identified within the past week, detailing their severity and impact based on the Common Vulnerability Scoring System (CVSS). Several vulnerabilities lack CVSS scores but involve critical systems including industrial automation, cybersecurity tools, and various software applications. Affected: 2N Access Commander, ABB ASPECT-Enterprise, Advantive VeraCore, Alexandros Georgiou Bitcoin Wallets, AMD EPYC, Apache Cassandra, Apache James server, Apache ShardingSphere, Cisco Identity Services Engine, IBM Cognos Analytics, and more.…
Read More
XE Group Shifts From Card Skimming to Supply Chain Attacks
Summary: The XE Group, a Vietnamese cybercrime organization known for credit card theft, has expanded its operations to targeted information stealing from manufacturing and distribution supply chains. Utilizing zero-day vulnerabilities in VeraCore’s warehouse management platform, the group has displayed increasing sophistication and adaptability in their cyber attacks.…
Read More
CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration
Summary: Zimbra Collaboration has been found to have two critical security vulnerabilities, CVE-2025-25064 and CVE-2025-25065, that could allow attackers unauthorized access to sensitive data. The first vulnerability involves a critical SQL injection risk, while the second is a moderate SSRF vulnerability. Users are strongly advised to update their systems to mitigate these risks.…
Read More
RST TI Report Digest: 10 Feb 2025
This report provides a comprehensive overview of recent cybersecurity threats from various actors, detailing their tactics, techniques, and indicators of compromise. The analysis covers sophisticated groups like XE Group, MuddyWater, and others, revealing their complex operations and targeting sectors affected by ongoing geopolitical tensions, particularly within financial and governmental infrastructures.…
Read More
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Summary: Zimbra has released critical security updates to its Collaboration software addressing vulnerabilities that could potentially lead to information disclosure. Notable flaws include an SQL injection vulnerability (CVE-2025-25064) with a CVSS score of 9.8, and a stored XSS vulnerability, both of which have been patched in recent versions.…
Read More
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Summary: Threat actors, particularly the XE Group, have been exploiting multiple security flaws, including zero-day vulnerabilities, to establish remote access through web shells. This activities highlight a shift in their operational focus targeting supply chains in various sectors. Security experts stress the importance of patching systems as older vulnerabilities continue to be actively exploited.…
Read More
FinStealer
This article discusses a sophisticated malware campaign targeting a leading Indian bank through fake mobile applications, advancing financial fraud via credential theft and social engineering. Key tactics include phishing links, dynamic payloads, and encrypted communications with C2 servers. The malware’s primary objective is to steal credentials and sensitive data for financial gain.…
Read More
Summary: The aviation sector is under increased cyber threat, illustrated by recent attacks on the International Civil Aviation Organization (ICAO) and the Arab Civil Aviation Organization (ACAO). The ICAO experienced a significant data breach involving the leak of 42,000 documents, primarily containing recruitment-related personal information. Meanwhile, the ACAO faced an attack through a SQL injection vulnerability, compromising sensitive records of aviation safety specialists.…
Read More
Summary: Cybersecurity researchers have revealed a significant evolution in the tactics of XE Group, a cybercriminal organization that has shifted from credit card skimming to targeted information theft using zero-day vulnerabilities. In 2024, they exploited critical vulnerabilities in VeraCore software to infiltrate organizations, demonstrating advanced operational methods.…
Read More
US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin highlights a range of new vulnerabilities reported in various software and systems, emphasizing their classification based on severity levels. It includes notable CVEs affecting several platforms, detailing the potential impacts and exploit details for critical, high, and medium vulnerabilities. Affected vulnerabilities can lead to SQL injection, unauthorized data access, buffer overflows, and other severe consequences.…
Read More
XE Group: From Credit Card Skimming to Exploiting Zero-Days
XE Group, a long-standing cybercriminal organization, has shifted its focus from credit card skimming to sophisticated targeted information theft using newly discovered vulnerabilities. Their operations underscore their adaptability and persistent threat to supply chains in the manufacturing and distribution sectors. Affected: Manufacturing and Distribution sectors, VeraCore software, Supply Chains

Keypoints :

XE Group has been active since at least 2013, initially focusing on credit card skimming and password theft.…
Read More

Victim: Zamzow’s Country : US Actor: lynx Source: http://lynxblog.net/leaks/679e80e1861630bc7797904e Discovered: 2025-02-01 20:27:35.333174 Published: 2025-02-01 20:26:28.383275 Description : Zamzows.com likely employs SSL/TLS to secure data in transit, protecting user information from interception. Potential attack vectors could include SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).…
Read More
Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns
Summary: Italy’s data protection authority has blocked the Chinese AI firm DeepSeek’s service due to inadequate clarity regarding its data handling practices and personal data usage. This decision follows concerns over user data collection, potential legal implications, and vulnerabilities in the company’s models, which have raised national security alarms.…
Read More