VPN Archives - Cybersecurity News Everyday

MITRE Hackers’ Backdoor Has Targeted Windows for Years

Summary: A recent analysis by cybersecurity firm Nviso highlights the emergence of Windows variants of the BrickStorm backdoor used by the Chinese APT group UNC5221 in a breach of MITRE. The hackers exploited zero-day vulnerabilities in a VPN and have been targeting European organizations since 2022.…

Threat Research

Global_Rise_of_Akira_Ransomware

April 17, 2025April 17, 2025 Securonix

The Akira ransomware group has been operational since March 2023, employing a “double extortion” strategy that involves data exfiltration before encryption and threats of public exposure if ransoms are not paid. Their attacks have predominantly targeted sectors like Education, Finance, Manufacturing, and Healthcare across North America, Europe, and Australia, leading to significant financial gains exceeding million.…

Cyber Security News

CISA tags SonicWall VPN flaw as actively exploited in attacks

April 17, 2025 BleepingComputer

Summary: CISA has warned federal agencies to secure SonicWall Secure Mobile Access (SMA) 100 series appliances due to a high-severity remote code execution vulnerability (CVE-2021-20035) that is being actively exploited. The vulnerability affects several SMA devices, allowing remote attackers with low privileges to execute arbitrary code.…

Interesting Stuff

The Spy Who Logged In: Real Hacks, Real People, Real Damage

April 17, 2025April 17, 2025 iocOne

This article discusses the covert cyber-espionage activities of a hacking group known as UNC5221, which exploited the vulnerability CVE-2025-22457 in Ivanti Connect Secure to access various organizations’ internal systems without detection. The group, believed to have ties to Chinese government interests, targets under-resourced sectors and employs stealthy malware, causing significant damage across multiple regions.…

Cyber Security News

Over 16,000 Fortinet devices compromised with symlink backdoor

April 17, 2025 BleepingComputer

Summary: Over 16,000 Fortinet devices have been compromised through a symlink backdoor, allowing read-only access to sensitive files, as reported by The Shadowserver Foundation. The issue stems from previously patched vulnerabilities and has been linked to ongoing attacks since 2023. Fortinet has begun notifying affected users and has released updates to mitigate the threat.…

Interesting Stuff

Sophisticated Vulnerabilities in Modern Cyberattacks

April 16, 2025April 16, 2025 iocOne

The rise in advanced cyber threats is attributed to sophisticated vulnerabilities that attackers exploit, including zero-day exploits and supply chain compromises. This trend highlights the need for organizations to enhance their defenses and embrace continuous threat exposure management (CTEM) to stay ahead of attackers. Affected: organizations, critical infrastructure, software supply chains, cloud services, end-users

Keypoints :

2023 saw a rise in zero-day exploits, with 97 reported in the wild compared to 62 in 2022.…

Threat Research

Interlock ransomware evolving under the radar

April 16, 2025 SekoiaIO

The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…

Cyber Security News

Monthly Threat Actor Group Intelligence Report, February 2025 (ENG) – Red Alert

April 16, 2025April 16, 2025 iocOne

In February 2025, 13 hacking groups were identified, engaging in various cybercrimes including ransomware distribution, phishing attacks, and identity theft through sophisticated techniques. Each group employed unique methods to compromise targets and steal valuable information or funds, affecting numerous sectors globally. Affected: government, e-commerce, social media, enterprise security, individual users

Keypoints :

SectorJ09 used formjacking to steal financial information from e-commerce sites.…

Youtube

Do you agree? Using Open WiFi networks in 2025? #shorts #wifi #iphone #android #cybersecurity

April 16, 2025 admin

Summary: The video discusses the dangers of connecting to open Wi-Fi networks in 2025, highlighting how hackers can use devices like the Hack 5 Wi-Fi pineapple to set up fake networks and steal personal information. It emphasizes the risks involved, especially for sensitive activities like internet banking, and the importance of staying informed.…

Cyber Security News

Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities

April 15, 2025 CybersecurityNews

Summary: Australian organizations using Fortinet products are urged to promptly update their systems following the active exploitation of known vulnerabilities in Fortinet devices. The Australian Cyber Security Centre (ASD’s ACSC) has warned that attackers can maintain unauthorized access even after patches have been applied due to a new technique.…

Threat Research

Brute Force or Something More? Ransomware Initial Access Brokers Exposed

April 15, 2025 Huntress

This blog summarizes an investigation of a brute force attack that led to the discovery of a larger ransomware ecosystem, suggesting ties to initial access brokers. Analysts explored the anomaly in attack procedures that deviated from standard practices of threat actors, indicating a complex underlying infrastructure.…

Cyber Security News

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign

April 15, 2025 CybersecurityNews

Summary: A recent TeamT5 report reveals a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances, attributed to a China-linked Advanced Persistent Threat (APT) group. This campaign exploits critical vulnerabilities, affecting a range of organizations across twelve countries and multiple industries. TeamT5 warns that attack attempts have destabilized VPN appliances, suggesting multiple threat actors might be involved.…

Cyber Security News

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit

April 14, 2025 CybersecurityNews

Summary: Fortinet warns that threat actors are maintaining persistent access to FortiOS and FortiProxy devices due to known vulnerabilities, while a zero-day exploit for FortiGate firewalls is reportedly being sold on a dark web forum. This exploit could enable remote execution of arbitrary code without authentication, compromising sensitive configurations and data.…

Cyber Attack

Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

April 14, 2025 LeakNews

Summary: Attackers are increasingly exploiting vulnerabilities before defenses are ready, utilizing trusted security tools for malicious activities. This week’s highlights include a critical Windows zero-day vulnerability and various malware exploitation incidents, emphasizing the urgency of proactive security measures. Organizations must strengthen their defenses against the evolving threat landscape, as attackers continuously adapt their tactics.…

0Trash

The CyberDiplomat’s Daily Report 14th April 2025 | Monday

April 14, 2025April 15, 2025 iocOne

The CyberDiplomat’s Daily Incident Report highlights a significant increase in global cyber threats across various regions, notably Asia, Oceania, Europe, North America, and Africa. Key incidents include a DDoS attack on Tempo, rising malware detections, and critical data breaches in sectors like healthcare and transportation. The report underscores the urgency for stronger cybersecurity measures and collaborative efforts among organizations to mitigate these evolving threats.…

0Trash

The Daily Tech Digest: 14 April 2025

April 14, 2025April 15, 2025 iocOne

Today’s tech news highlights significant advancements in AI integration, cybersecurity vulnerabilities, corporate shifts, and the implications for privacy and accessibility in the digital landscape. Affected: GitHub, OpenAI, Azure, WordPress, US Department of Homeland Security, Meta.

Keypoints :

GitHub now integrates Google’s Gemini 2.5 Pro for enhanced AI coding assistance.…

Interesting Stuff

What They Didn’t Secure: SaaS Security Lessons from the World’s Biggest Breaches

April 14, 2025April 14, 2025 iocOne

This guide outlines a strategic security approach for Software-as-a-Service (SaaS) applications, focusing on five key pillars: Identity and Access Management (IAM), Data Protection, Secure Development, Network Security Controls, and Incident Response & Monitoring. It emphasizes the need for adopting Zero Trust principles and aligns each security pillar with established industry standards.…

0Trash

The Weekly Threat Round-up 07/04/2025 – 13/04/2025

April 13, 2025April 14, 2025 iocOne

This week’s threat round-up highlights significant cyber incidents, including Oracle’s cloud data breach, vulnerabilities in Ivanti VPN appliances, and targeted cyberattacks in Ukraine. Oracle privately notified customers about sensitive data exposure, while Chinese APTs exploited vulnerabilities in Ivanti systems. Meanwhile, Ukrainian institutions faced phishing attacks involving malware deployment.…

Threat Research

BlackTech Unmasked

April 13, 2025April 13, 2025 iocOne

The article examines the sophisticated cyber espionage group known as BlackTech, believed to be state-sponsored by the People’s Republic of China. Since at least 2010, they have targeted critical sectors across East Asia and the US, employing advanced tactics, techniques, and procedures (TTPs) to infiltrate networks and steal valuable information.…

Cyber Security News

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks

April 12, 2025April 14, 2025 BleepingComputer

Summary: Fortinet has issued a warning about a post-exploitation technique that allows threat actors to maintain read-only access to compromised FortiGate VPN devices, even after patching the original vulnerabilities. The technique involves creating symbolic links to the root filesystem, which may enable continued access to configurations despite software updates.…

Tag: VPN