Tag: THREAT HUNTING

CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution
The article discusses the critical Microsoft Outlook vulnerability CVE-2025-21298, which allows remote code execution (RCE) through specially crafted emails. This zero-click flaw has a CVSS score of 9.8 and poses significant risks to email security. Immediate action is recommended, including applying patches and utilizing detection tools.…
Read More

Summary: The video discusses the top six cybersecurity projects for beginners to enhance their resumes and improve their chances of getting hired in 2025. Each project aims to provide hands-on experience and build technical skills essential for cybersecurity roles.

Keypoints:

Project 1: Securing Azure Active Directory – Learn to manage identities and access in cloud and hybrid environments, including user/group management and Azure AD domain services.…
Read More
Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity
Summary: AI SPERA has partnered with OnTheHub to offer its Criminal IP cybersecurity solution to students and educational institutions at affordable prices. This initiative aims to enhance cybersecurity awareness and protection in the education sector, providing globally compliant solutions. The partnership will facilitate access to high-quality threat intelligence data for academic purposes, thereby reinforcing the cybersecurity infrastructure in educational organizations worldwide.…
Read More
TA505 is a financially motivated cybercriminal group known for large-scale malware distribution and sophisticated phishing campaigns. Active since 2015, they utilize advanced social engineering tactics and target various sectors, including finance and healthcare. The article discusses threat hunting techniques in Azure/XDR to detect TA505 activities. Affected: finance, retail, healthcare, critical infrastructure

Keypoints :

TA505 is also known as GOLD TAHOE or FIN11.…
Read More
Gootloader inside out
The Gootloader malware employs sophisticated social engineering tactics to infect users through compromised WordPress sites. It manipulates search engine results to direct victims to these sites, where they encounter fake message boards that link to the malware. The infection process is complex and heavily obfuscated, making it difficult for even site owners to detect.…
Read More
Ransomware sanctions, software security among key points in new Biden executive order
Summary: President Joe Biden’s executive order focuses on enhancing federal cybersecurity, addressing cybercrime, and securing commercial software. It aims to make it more difficult and costly for foreign adversaries and ransomware criminals to execute cyberattacks against the U.S. The order outlines nine key initiatives to strengthen America’s digital infrastructure and improve the security of both government and private sector systems.…
Read More
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service “Sneaky Log”, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
Hunt for RedCurl | Huntress
Huntress discovered ongoing cyberespionage activities linked to the APT group RedCurl, targeting various organizations in Canada since late 2023. The group employs unique tactics involving scheduled tasks and PowerShell scripts to exfiltrate data without detection. Their methods include using legitimate Windows binaries for malicious purposes, making detection challenging.…
Read More
CVE-2024-50603 is a critical code execution vulnerability in Aviatrix Controller, allowing unauthenticated attackers to execute arbitrary commands remotely due to improper input handling. This vulnerability poses a significant risk, especially in AWS environments where privilege escalation is possible. Immediate upgrades to patched versions are recommended to mitigate exploitation risks.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has observed a campaign targeting Fortinet FortiGate firewall devices that involves unauthorized logins, account creation, and configuration changes through management interfaces exposed on the public internet. The campaign is likely exploiting a zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has identified a campaign targeting Fortinet FortiGate firewall devices, where unauthorized administrative access was gained through exposed management interfaces. The attackers created new accounts, altered configurations, and exploited a potential zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
How Cracks and Installers Bring Malware to Your Device
This article discusses the tactics used by attackers to distribute fake installers via trusted platforms like YouTube and file hosting services. By employing encryption and social engineering, these attackers aim to evade detection and steal sensitive browser data from unsuspecting users. Affected: YouTube, Mediafire, Mega.nz, OpenSea, SoundCloud

Keypoints :

Attackers exploit user trust by using platforms like YouTube to share fake installer links.…
Read More
CrowdStrike Achieves FedRAMP Authorization for New Modules
Summary: CrowdStrike has achieved FedRAMP authorization for three key modules of its Falcon cybersecurity platform, enabling government entities to enhance their security posture in compliance with federal regulations. This authorization allows for improved threat detection and response capabilities across various environments, addressing the sophisticated cyber threats faced by U.S.…
Read More
Zero Day Initiative – ZDI Threat Hunting 2024 Highlights Trends and Challenges
The Zero Day Initiative Threat Hunting team had a productive 2024, identifying numerous zero-day vulnerabilities and their exploitation by threat actors. The team highlighted key achievements and ongoing challenges in vulnerability management, emphasizing the need for prompt and comprehensive patching solutions. Affected: Microsoft, Dropbox

Keypoints :

The ZDI Threat Hunting team identified multiple zero-day vulnerabilities exploited in the wild during 2024.…
Read More