Tag: TOOL

Ivanti patches Connect Secure zero-day exploited since mid-March
Summary: Ivanti has issued security updates to address a critical remote code execution vulnerability (CVE-2025-22457) exploited by Chinese espionage actors to deploy malware. The vulnerability affects multiple Ivanti products, including older Pulse Connect Secure versions, and was initially misclassified as a bug. Users are urged to update to the latest versions to mitigate risks from active exploitation observed in the wild.…
Read More
Halo ITSM Vulnerability Exposed Organizations to Remote Hacking
Summary: UK-based Halo recently addressed a significant SQL injection vulnerability in its IT service management software, HaloITSM, which could have allowed unauthorized access to sensitive data. Approximately 1,000 cloud deployments were potentially at risk, exposing critical systems to remote attacks. The vendor has released patches to mitigate the threat and advises on-premises users to update promptly.…
Read More

Summary: The video discusses how developers can run large language models (LLMs) locally on their laptops using the open-source tool Ollama. This setup allows for full data privacy and independence from cloud services while enabling various applications such as code assistance and AI integration. The presenter demonstrates installation, model selection, and integration into applications.…
Read More
Hunters International Ransomware Gang Rebranding, Shifting Focus
Summary: Hunters International, a ransomware group reportedly linked to Hive, is transitioning from ransomware attacks to exfiltration-only techniques. This shift includes targeting organization executives directly to negotiate ransoms without alerting a wider audience. The group has experienced significant activity across various sectors, and their methods are evolving to become more automated and stealthy.…
Read More
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Summary: Threat hunters have identified an advanced web skimmer campaign exploiting a deprecated Stripe API to validate stolen payment information. This campaign, affecting an estimated 49 merchants, is designed to exfiltrate only valid card data, making it harder to detect. The attackers leverage vulnerabilities in popular e-commerce platforms to implement their malicious scripts, which also target additional payment options like cryptocurrencies.…
Read More
Understanding Russian Cognitive Warfare
This article explores Russia’s cognitive warfare tactics, rooted in Soviet KGB doctrines, and their modern adaptations involving disinformation and cyber operations. It presents strategies to counter these tactics, including targeted cyber retaliation and strategic communication, utilizing frameworks such as SWOT and DIMEFIL. A comprehensive analysis is provided on the strategic environment and implications of Russian hacktivist groups, along with methods for dismantling them from within.…
Read More
RedCurl’s Ransomware Debut: A Technical Deep Dive
This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…
Read More
Emulating the Sophisticated Russian Adversary Seashell Blizzard
Seashell Blizzard, also known as APT44, is a highly sophisticated Russian adversary linked to military intelligence, targeting various critical sectors to conduct espionage through persistent access and custom tools. The AttackIQ assessment template helps organizations validate their security against this threat. Affected: energy, telecommunications, government, military, transportation, manufacturing, retail sectors.…
Read More
BYOVD Reloaded: Abusing a New Driver to Kill EDR
The article discusses a sophisticated ransomware attack involving Qilin ransomware, which utilizes the technique of bring-your-own-vulnerable-driver (BYOVD) to bypass traditional Endpoint Detection and Response (EDR) measures. The analysis uncovers the exploitation of a lesser-known driver, TPwSav.sys, in the context of a ransomware-as-a-service model. It emphasizes the vulnerabilities exploited, the attack chain, and the retaliation measures taken by Blackpoint’s Security Operations Center (SOC).…
Read More
John the Ripper is a powerful hash-cracking tool that efficiently cracks various hash types such as Windows authentication hashes, /etc/shadow hashes, and password-protected files. Through practical tasks, users learn the syntax, features, and methods to conduct dictionary attacks and utilize custom rules. Affected: Windows systems, Linux systems, password-protected ZIP and RAR files

Keypoints :

John the Ripper is a versatile tool for hash cracking.…
Read More
RolandSkimmer: Silent Credit Card Thief Uncovered
The “RolandSkimmer” campaign utilizes malicious browser extensions and LNK files to execute persistent credit card skimming attacks, primarily targeting users in Bulgaria. The malware collects sensitive data through deceptive mechanisms while maintaining stealth and adaptation to its victims’ environments. Affected: Microsoft Windows, Chrome, Edge, Firefox

Keypoints :

The “RolandSkimmer” campaign targets Microsoft Windows users through malicious LNK files and browser extensions.…
Read More
Verizon Call Filter API flaw exposed customers’ incoming call history
Summary: A vulnerability in Verizon’s Call Filter feature allowed unauthorized access to incoming call logs of other Verizon customers through an unsecured API. Discovered by researcher Evan Connelly in February 2025, this flaw posed significant risks particularly for high-profile users. Verizon addressed the issue promptly, but details regarding the exposure period remain unclear.…
Read More
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks
The Socket research team uncovered a malicious Python package named disgrasya on PyPI, designed to automate carding attacks against WooCommerce stores using CyberSource as a payment gateway. This openly malicious tool facilitates the testing of stolen credit card numbers, allowing low-skilled fraudsters to simulate transactions without raising fraud detection alarms.…
Read More
Latest Ivanti bug, paired with malware, earns an alert from CISA
Summary: Federal cybersecurity officials have identified a powerful malware named Resurge, allegedly used by Chinese hackers alongside the exploitation of a vulnerability in Ivanti’s security tools. The malware can manipulate system integrity checks, harvest credentials, and perform numerous harmful functions. CISA urges affected organizations to reset their Ivanti devices and take necessary precautions against this threat.…
Read More
Halo ITSM Vulnerability Exposed Organizations to Remote Hacking
Summary: Adaptive Security, a startup combating deepfake social engineering and AI threats, has secured million in early-stage funding led by Andreessen Horowitz and the OpenAI Startup Fund. Founded by Brian Long and Andrew Jones, the company aims to develop a platform for simulating AI-generated attacks, enhancing employee training and real-time threat triaging.…
Read More
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
Summary: The financially motivated threat actor FIN7 has been linked to a Python-based backdoor known as Anubis, which grants attackers remote access to compromised Windows systems. This malware enables a variety of malicious activities while minimizing detection risks and is delivered through malspam campaigns. Additionally, FIN7 continues to expand its capabilities and monetization strategies by promoting tools that can disable security measures.…
Read More
PicoCTF 2025 Walkthrough
The article provides walkthroughs for various challenges in the PicoCTF 2025 competition, focusing on different aspects of cybersecurity such as cryptography, reverse engineering, and web exploitation. It details methods for cracking hashes, decoding encrypted messages, analyzing binaries, and exploiting web vulnerabilities to capture flags. Affected: cybersecurity sector, educational platforms

Keypoints :

The first challenge involves cracking an MD5 hash using online tools.…
Read More
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
Summary: Cybersecurity researchers have identified enhanced malware loaders, including Hijack Loader and SHELBY, that use advanced evasion tactics and innovative command-and-control methods. Hijack Loader introduces call stack spoofing and anti-VM checks, while SHELBY operates through GitHub for remote control and data exfiltration. Meanwhile, Emmenhtal loader has been distributing SmokeLoader via phishing emails using .NET…
Read More