Tag: WINDOWS

Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)
A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patched in Firefox, a ransomware fine was issued to a UK company, and numerous vulnerabilities were identified in solar inverters.…
Read More
Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
RST TI Report Digest: 31 Mar 2025
This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors.…
Read More
Exposed Jupyter Notebooks Targeted to Deliver Cryptominer
Cado Security Labs uncovered a new cryptomining campaign that exploits misconfigured Jupyter Notebooks across Windows and Linux systems. This campaign employs a series of executables, scripts, and binary downloads to install cryptominers targeting various cryptocurrencies. Affected: Jupyter Notebooks, Windows systems, Linux systems, cloud environments

Keypoints :

A cryptomining campaign utilizes Jupyter Notebooks, targeting Windows and Linux.…
Read More
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
Summary: A targeted malware campaign by the Russian state-aligned group Gamaredon is exploiting Windows shortcut files to disseminate the Remcos backdoor, primarily targeting users in Ukraine. By masquerading as sensitive military documents, this operation takes advantage of the ongoing geopolitical strife, using sophisticated techniques for stealth and access retention.…
Read More
The Ransom Group D0glun: Hidden Threat or Just for Fun?
The D0glun ransomware, first identified on January 16, 2025, showcases a unique method of operation, targeting victims by displaying their private information and requiring a key and ID for file decryption. The attack seems motivated by low confidence, potentially signaling an inept beginner. Affected: ransomware, cybersecurity

Keypoints :

D0glun ransomware was first submitted on January 16, 2025.…
Read More
Microsoft’s killing script used to avoid Microsoft Account in Windows 11
Summary: Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which enabled users to bypass the Microsoft Account requirement during OS installation. This change aims to enhance security and promote cloud-based services associated with Microsoft Accounts. While the script is gone, users can still create the bypass manually via the Windows Registry, potentially facing future restrictions on this method.…
Read More
Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging
APT28 has been observed conducting cyber espionage activities focusing on Central Asia and Kazakhstan. This analysis explores a heavily obfuscated malware sample, assessing its capabilities, particularly its use of VBScript and interaction with a command-and-control server. Affected: APT28, Central Asia, Kazakhstan

Keypoints :

APT28 is engaged in cyber espionage targeting Central Asia and Kazakhstan.…
Read More
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Summary: Cybersecurity researchers have identified a new Android banking malware named Crocodilus that specifically targets users in Spain and Turkey. This sophisticated malware employs advanced techniques for device takeover and credential theft, masquerading as a legitimate application. It showcases the growing complexity and danger of modern mobile threats, especially within the banking sector.…
Read More
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks
Summary: Seqrite Labs reports on a malicious campaign using SnakeKeylogger, an advanced info-stealing malware, which employs a multi-stage infection chain and stealthy execution methods to extract sensitive data from victims. The infection begins with malicious spam emails that contain disguised executable files, leading to the deployment of sophisticated payloads that evade detection.…
Read More
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on a new malware variant called RESURGE, which has sophisticated persistence and manipulation capabilities, particularly linked to a known vulnerability in Ivanti products. The report highlights detailed mitigation measures in response to RESURGE’s exploitation of the CVE-2025-0282 vulnerability.…
Read More
Microsoft fixes button that restores classic Outlook client
Summary: Microsoft has resolved a bug in the new Outlook email client that caused crashes when users attempted to switch to classic Outlook. Users can now successfully click the “Go to classic Outlook” button without facing application closures. Microsoft advises users who require classic Outlook to download it as a standalone client or from the Microsoft Store, with assistance available through IT admins for work or school accounts.…
Read More
CISA Adds Google Chromium Mojo Flaw to its Known Exploited Vulnerabilities Catalog
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a high-severity Google Chromium Mojo sandbox escape vulnerability, CVE-2025-2783, in its Known Exploited Vulnerabilities catalog, following its active exploitation in attacks targeting Russian organizations. Google has released out-of-band fixes for the Chrome browser on Windows, advising all users to update their systems.…
Read More
The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…
Read More
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Summary: Cybersecurity researchers have identified a new malware named CoffeeLoader, which is designed to download and execute secondary malware payloads while evading detection. This sophisticated loader exhibits behavioral similarities to the previously known SmokeLoader and employs various techniques to bypass security measures. CoffeeLoader primarily targets users through phishing campaigns and exploits vulnerabilities in systems for persistence and execution.…
Read More