Tag: VIRUS

Investigative Journalists in Serbia Hit by Advanced Spyware Attack
Summary: Two Serbian journalists from the Balkan Investigative Reporting Network (BIRN) were targeted with Pegasus spyware, confirming a disturbing trend of digital surveillance against civil society in Serbia. This incident marks the third use of Pegasus spyware against Serbian activists in recent years, highlighting the ongoing repression and intimidation faced by journalists.…
Read More
New York’s cyber chief on keeping cities and states safe from cyberattacks
Summary: Colin Ahern, New York state’s first chief cyber officer, reflects on his journey from military intelligence to leading cybersecurity efforts. During his tenure, he has focused on protecting government systems from escalating cyber threats, particularly ransomware. Ahern discusses the collaboration needed between state and local governments, as well as the essential role of education in promoting cybersecurity awareness.…
Read More
Malaysia Braces for Cyberattacks During Hari Raya: Cyber999 Issues Warning
Summary: A significant rise in cybersecurity incidents has been reported in Malaysia since early 2025, prompting Cyber999 to issue an advisory for heightened vigilance and preventive measures. The ongoing threats include ransomware, data breaches, and various scams, especially during the festive season. Key recommendations for system administrators, financial institutions, and home users are provided to mitigate these risks.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs – Tinyhack.com
This article provides a practical guide on recovering data from the Akira ransomware variant without paying the ransom, detailing the technical approach, source code, and encryption methods used by the ransomware. The author shares their personal experience and insights into the brute-forcing method that made the data recovery possible.…
Read More
Zero-Day Exploits: How They Work and Why They Are So Dangerous
This article explores zero-day vulnerabilities, which are unknown software flaws that can be exploited by cybercriminals before any patch is available, leading to significant security risks. The piece highlights recent cases of zero-day attacks such as WannaCry and recent patches from Apple, emphasizing the need for robust defenses and responsible disclosure practices to protect against such threats.…
Read More
HellCat Ransomware: Exposing the TTPs of a Rising Ransomware Threat in 2025
HellCat Ransomware is a significant cyber extortion group that emerged in 2024, using advanced phishing techniques and exploiting vulnerabilities to target organizations. Their operations focus on data exfiltration and aggressive ransom demands, often collaborating with the Morpheus group. This article analyzes their tactics, techniques, and procedures to better understand their threat.…
Read More
Android Apps Laced With North Korean Spyware Found in Google Play
Summary: Researchers have identified multiple Android apps that, despite passing Google Play’s security checks, are secretly uploading sensitive user data to North Korean intelligence. These apps, which appear as utility tools, collect various personal information including SMS messages, call logs, and location data. The detected malware, named KoSpy, highlights the risk of installing seemingly legitimate applications from app marketplaces.…
Read More
Blind Eagle: …And Justice for All
Check Point Research has uncovered a series of cyber campaigns led by the group Blind Eagle (APT-C-36) targeting Colombian government and private sector institutions. The attacks, which began in late 2024, exploit a vulnerability (CVE-2024-43451) linked to NTLMv2 hash exposure but utilize a .url file that triggers a WebDAV request to notify attackers when the file is downloaded.…
Read More
Analysis of the Relationship Between Emergency Martial Law Themed APT Attacks and the Kimsuky Group
This article analyzes APT attacks leveraging political and social issues in South Korea, with a focus on a spear phishing campaign distributing malicious files via email. The attack targets users in the North Korean sector using social engineering tactics to avoid antivirus detection. It emphasizes the urgent need for Endpoint Detection and Response (EDR) systems to identify and mitigate these threats effectively.…
Read More
UFO-1, – Threat Intelligence
This article discusses various exercises completed as part of Threat Intelligence training on the Hack The Box platform, focusing on the Sandworm Team (also known as BlackEnergy Group and APT44). The training utilizes the MITRE ATT&CK framework to explore the tactics, techniques, and procedures (TTPs) employed by this group, analyzing their historical campaigns, tools, and methods.…
Read More

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Read More
Confluence Exploit Leads to LockBit Ransomware
A cyber intrusion targeting a Windows Confluence server exploited a critical vulnerability (CVE-2023-22527), leading to the rapid deployment of LockBit ransomware. The attacker utilized various tools and techniques for lateral movement and data exfiltration, completing the ransomware attack in just over two hours. Affected: Confluence, Windows Server, LockBit Ransomware victims

Keypoints :

Intrusion initiated by exploiting a critical Confluence vulnerability (CVE-2023-22527).…
Read More