Tag: VPN

How to Detect and Eliminate Persistent Malware Before It Wreaks Havoc
This article provides an in-depth analysis of an intrusion investigation conducted by security professionals, focusing on the methods and techniques used to unravel a complex attack. It details how the threat actor gained initial access, performed credential theft, and executed lateral movement within a network. The findings highlight the challenges of gathering complete telemetry during such investigations.…
Read More
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Summary: A new ransomware group named ‘Mora_001’ is leveraging Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to compromise firewall appliances and deploy their ransomware variant known as SuperBlack. This group utilizes a structured attack strategy, gaining high-level privileges and executing double extortion tactics. There are indications that SuperBlack is connected to LockBit operations through several shared methods and tools.…
Read More
Juniper patches bug that let Chinese cyberspies backdoor routers
Summary: Juniper Networks has issued emergency security updates to address a vulnerability (CVE-2025-21590) in Junos OS that has been exploited by Chinese hackers to create backdoors in routers. This medium severity flaw allows local attackers to execute arbitrary code, compromising device integrity. Affected customers are advised to upgrade their systems promptly and restrict shell access to mitigate risks.…
Read More
On the Internet, Everything Old is Exploitable Again
This article discusses the continued exploitation of older vulnerabilities in cyberattacks, particularly focusing on legacy flaws that remain actively targeted despite being publicly disclosed years ago. The GreyNoise report highlights the importance of addressing both new and vintage CVEs, advocating for comprehensive vulnerability management strategies. Affected: legacy vulnerabilities, cybersecurity sector, government agencies, Fortune 500 companies

Keypoints :

Older vulnerabilities, some over five years old, are consistently targeted by attackers.…
Read More
Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months
Summary: Chinese hackers associated with the Volt Typhoon campaign infiltrated the systems of Littleton Electric Light and Water Department in Massachusetts for nearly a year, aiming for data theft and potential sabotage. The breach, discovered in November 2023, revealed that while customer-sensitive data was not compromised, the hackers sought critical operational information on energy grid operations.…
Read More
Are Threat Groups Belsen and ZeroSevenGroup Related?
Summary: A threat intelligence report from Kela indicates potential links between two cybercrime groups, Belsen and ZeroSevenGroup. Belsen is newly formed and has leaked sensitive data from FortiGate devices, while ZeroSevenGroup is linked to a substantial data breach involving Toyota. The connection between the two groups is largely circumstantial, based on similarities in their posting formats and other stylistic markers.…
Read More
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
Summary: CISA has issued a warning to U.S. federal agencies regarding three critical vulnerabilities in Ivanti Endpoint Manager, which can allow remote attackers to compromise servers. The vulnerabilities were patched by Ivanti, but proof-of-concept exploits have been released, escalating concerns about their active exploitation. Federal agencies are mandated to secure their systems within three weeks against these vulnerabilities to mitigate potential cyber threats.…
Read More
Dark Web Profile: APT35
APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…
Read More
Ransomware Groups Favor Repeatable Access Over Mass Exploits
Summary: Ransomware groups are evolving their tactics by focusing on targeting weak credentials rather than exploiting vulnerabilities, as highlighted in Travelers’ latest Cyber Threat Report. There was a noted surge in ransomware activity, particularly in Q4 2024, with a record number of victims. The report emphasizes the effectiveness of basic attack techniques, urging businesses to implement stronger security measures like multifactor authentication (MFA).…
Read More
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
Summary: A new mass malware campaign is distributing a cryptocurrency miner called SilentCryptoMiner under the guise of a tool for bypassing internet restrictions, affecting over 2,000 Russian users. This attack utilizes deceptive practices involving fake installation instructions that encourage users to disable their security solutions. Leveraging advanced techniques such as process hollowing, the malware evades detection while masquerading as legitimate software.…
Read More
Summary: A new cybercriminal entity named EncryptHub has drawn attention for its sophisticated multi-stage attack strategies and reliance on trojanized applications. Outpost24’s KrakenLabs report reveals EncryptHub’s operational missteps, increasing the understanding of their techniques and infrastructure. The group is also developing a remote access tool (RAT) called EncryptRAT, potentially to be commercialized for other cybercriminals.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
Qilin Ransomware Gang Claims the Hack of the Ministry of Foreign Affairs of Ukraine
Summary: The Qilin Ransomware group has claimed responsibility for an attack on Ukraine’s Ministry of Foreign Affairs, allegedly stealing sensitive data and selling some of it. They provided evidence of the stolen documents, but the ministry has not yet confirmed the breach. This incident marks an escalation in hybrid warfare tactics between Russia and Ukraine, with cybercrime groups playing a significant role.…
Read More
March Kicks Off with Major Exploits! | Weely Reports | Loginsoft
In March, the CISA catalog added nine new vulnerabilities, significantly impacting various platforms like VMware, Hitachi Vantara, Linux, and more. New botnet threats emerged alongside advanced threat actor tactics, emphasizing the critical importance of prompt patching and security measures. Key vulnerabilities include critical issues in VMware, Progress WhatsUp Gold, and Hitachi Vantara products which have already seen active exploitation.…
Read More
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
Summary: A critical command injection vulnerability (CVE-2025-1316) affecting the Edimax IC-7100 IP camera is currently being exploited by botnet malware that compromises devices. Despite attempts by both Akamai and the U.S. Cybersecurity & Infrastructure Agency (CISA) to contact the manufacturer, Edimax, the device, categorized as end of life, is unlikely to receive further updates or a patch.…
Read More
Silk Typhoon: Evolving Tactics in Cyber Espionage
In response to increasing threats, the Chinese cyber-espionage group Silk Typhoon has adjusted its tactics, focusing on IT supply chains, remote management tools, and cloud services. The group targets Managed Service Providers to gain access to multiple organizations, exploiting unpatched applications and zero-day vulnerabilities. The article outlines recommendations for organizations to enhance their defenses against these evolving threats.…
Read More
CISA Warns of Critical Edimax IP Camera Flaw (CVE-2025-1316) with Public Exploits and No Vendor Fix
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has alerted users about a critical vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras, with a CVSS score of 9.8. This flaw enables remote code execution due to the camera’s inability to properly handle incoming requests. CISA emphasizes the urgent need for users to secure their devices as public exploits are already available and Edimax has not coordinated a fix.…
Read More
New ‘Desert Dexter’ Campaign Hits Over 900 Victims in Middle East, North Africa, and Other Regions
Summary: A malicious campaign known as “Desert Dexter” has infected around 900 victims mainly in the Middle East and North Africa, employing sophisticated tactics to deploy a modified version of AsyncRAT malware. The campaign leverages social media and legitimate platforms, utilizing geopolitical themes to lure victims into downloading malicious scripts.…
Read More