Tag: VPN

Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim
Summary: In February 2025, the eSentire Threat Response Unit (TRU) uncovered a sophisticated ransomware campaign by the Hunters International group against a retail organization, utilizing vulnerabilities in FortiOS for initial access. The attack involved the creation of a super admin account, lateral movement within the network, and the deployment of a new variant of ransomware designed to evade detection and prevent data recovery.…
Read More
TCS HackQuest Season 9
The TCS HackQuest competition serves as a recruitment event for Tata Consultancy Services, targeting final-year undergraduate and postgraduate students. The selection process includes three categories and consists of two CTF rounds followed by an interview. Despite a challenging platform and experience, the author advanced through the rounds and shared insights on their interview process, highlighting the importance of preparation and a clear understanding of cybersecurity concepts.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: The Cloak ransomware group has executed a cyberattack on the Virginia Attorney General’s Office, leading to significant disruptions in their computer systems and services. Following the attack, Cloak claimed responsibility and released purportedly stolen data on their leak site. This incident marks Cloak’s first confirmed attack in 2023, amid an increasing number of victims since the group’s emergence.…
Read More
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Summary: A new stealer malware called Arcane is being distributed through YouTube videos promoting game cheats, targeting Russian-speaking users. This malware gathers a wide range of sensitive information from various applications, including VPNs, messaging apps, and gaming clients. It utilizes various techniques, including a batch file that activates PowerShell to initiate its malicious activities, while also evading security measures like Windows SmartScreen.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia
Summary: Recent leaks of chat logs from the Black Basta ransomware group suggest possible ties to Russian authorities. The messages reveal insights into their operations, use of AI for malicious purposes, and development of new cybercrime tools, including a brute-forcing framework aimed at corporate networks. These findings complicate efforts for Black Basta to distance itself from past activities following internal and external pressures.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More
Ransomware gang creates tool to automate VPN brute-force attacks
Summary: The Black Basta ransomware operation has developed an automated brute-forcing tool named ‘BRUTED’ that targets edge networking devices such as firewalls and VPNs. This framework enhances their ransomware attacks by providing streamlined access to vulnerable endpoints, with reports of increased credential-stuffing attacks throughout 2024. The tool has been designed to evade detection while significantly increasing attack efficiency on various remote-access products.…
Read More
How to Detect and Eliminate Persistent Malware Before It Wreaks Havoc
This article provides an in-depth analysis of an intrusion investigation conducted by security professionals, focusing on the methods and techniques used to unravel a complex attack. It details how the threat actor gained initial access, performed credential theft, and executed lateral movement within a network. The findings highlight the challenges of gathering complete telemetry during such investigations.…
Read More
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Summary: A new ransomware group named ‘Mora_001’ is leveraging Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to compromise firewall appliances and deploy their ransomware variant known as SuperBlack. This group utilizes a structured attack strategy, gaining high-level privileges and executing double extortion tactics. There are indications that SuperBlack is connected to LockBit operations through several shared methods and tools.…
Read More
Juniper patches bug that let Chinese cyberspies backdoor routers
Summary: Juniper Networks has issued emergency security updates to address a vulnerability (CVE-2025-21590) in Junos OS that has been exploited by Chinese hackers to create backdoors in routers. This medium severity flaw allows local attackers to execute arbitrary code, compromising device integrity. Affected customers are advised to upgrade their systems promptly and restrict shell access to mitigate risks.…
Read More
On the Internet, Everything Old is Exploitable Again
This article discusses the continued exploitation of older vulnerabilities in cyberattacks, particularly focusing on legacy flaws that remain actively targeted despite being publicly disclosed years ago. The GreyNoise report highlights the importance of addressing both new and vintage CVEs, advocating for comprehensive vulnerability management strategies. Affected: legacy vulnerabilities, cybersecurity sector, government agencies, Fortune 500 companies

Keypoints :

Older vulnerabilities, some over five years old, are consistently targeted by attackers.…
Read More
Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months
Summary: Chinese hackers associated with the Volt Typhoon campaign infiltrated the systems of Littleton Electric Light and Water Department in Massachusetts for nearly a year, aiming for data theft and potential sabotage. The breach, discovered in November 2023, revealed that while customer-sensitive data was not compromised, the hackers sought critical operational information on energy grid operations.…
Read More