ALERTS EXPLOIT
HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME |
INFO |
CATEGORY |
SUBCATE |
| 28.10.25 | ToolShell exploit used in recently disclosed attacks | China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in the Middle East shortly after the vulnerability was publicly revealed and patched in July 2025. The same threat actors also compromised two government departments in the same African country during the same time period. | EXPLOIT | |
| 4.10.25 | CORS vulns exploited to deliver Latrodectus via injected FakeCaptcha | According to recent reports, Lunar Spider (aka Gold SwathMore) has evolved its toolkit by exploiting CORS misconfigurations on websites—mainly in Europe—to inject a “FakeCaptcha” overlay that tricks victims into running malicious commands. The injected JavaScript creates a fake verification UI, copying a PowerShell command into the clipboard, which, when executed, initiates an MSI loader. | EXPLOIT | |
| 31.8.25 | TASPEN Impersonation Malware Exploits Indonesian Pensioners | A sophisticated mobile malware campaign, potentially linked to Chinese actors, is actively targeting Indonesian pensioners and civil servants by impersonating PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), a state-owned pension fund. | EXPLOIT | |
| 31.8.25 | ZipLine: Building Trust, Exploiting Trust – A New Attack Vector | The sophisticated social engineering campaign, "ZipLine," targets US companies across diverse sectors like manufacturing, semiconductors, and biotech, seeking valuable data, vendor networks, or exploitable infrastructure. Unlike traditional phishing, ZipLine initiates contact via a company's public "Contact Us" form, generating initial legitimacy. | EXPLOIT | |
| 20.8.25 | EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery | A recent campaign attributed to threat group EncryptHub (aka LARVA-208 and Water Gamayun), blends social engineering with the exploitation of the Microsoft Management Console (MMC) vulnerability tracked as CVE-2025-26633, dubbed MSC EvilTwin. | EXPLOIT | |
| 21.6.25 | Discord Vanity Link Flaw Exploited in New Malware Campaign Dropping AsyncRAT and Skuld Stealer | A new sophisticated malware campaign aimed at financial gain from cryptocurrency users is exploiting a subtle weakness in Discord's invitation system to distribute an information stealer called Skuld and the AsyncRAT. Targeted victims have been identified primarily in Austria, France, Germany, Slovakia, Vietnam, the Netherlands, the United States, and the United Kingdom. | EXPLOIT | |
| 29.4.25 | China-linked threat actors exploit NFC Tech | China-linked threat actors are exploiting NFC technologies for fraudulent activities targeting financial institutions worldwide, causing significant losses. Sophisticated tools like Z-NFC and King NFC are used to facilitate illegal transactions. These tools leverage Near Field Communication (NFC) technology, which is essential for contactless payments and applications relying on Host Card Emulation (HCE). | EXPLOIT | |
| 27.1.25 | GTA VI Hype Exploited: Malware Masquerades as Early Alpha Access | The hype surrounding popular games often becomes a breeding ground for cybercrime, and Grand Theft Auto VI is no exception. A highly anticipated next installment in Rockstar Games' iconic open-world action-adventure series. Officially announced in December 2023, the game is set to release in late 2025 for PlayStation and Xbox. | ALERTS | EXPLOIT |
8.8.24 | SbaProxy leveraged to hijack legitimate antivirus software | A recent report detailed how threat actors are leveraging a tool dubbed 'SbaProxy' disguised as a legitimate anti-virus software component to be able to create a proxy connection through a C2 server. The tool is distributed with malicious intent and in multiple formats such as DLLs, EXEs, and PowerShell scripts, which makes it challenging to detect due to its authentic look and advanced functionality. | EXPLOIT | |
27.7.24 | Malware campaign exploits SEO poisoning to target W2 Form seekers | A malware campaign has been reported targeting users searching for W2 forms through SEO poisoning techniques. Victims are redirected to spoofed IRS websites, where they are lured into downloading a masqueraded JS file disguised as a W2 form. | ALERTS | EXPLOIT |
19.7.24 | Zero-Day Exploit: Malicious .url Files Leveraging CVE-2024-38112 on Windows | An ongoing campaign targeting Windows users has been observed. Threat actors distribute phishing emails containing Windows Internet Shortcut files with a .url extension. | ALERTS | EXPLOIT |
10.5.24 | Exploitation of Ivanti Pulse Secure vulnerabilities for Mirai botnet delivery | In January of this year, Ivanti reported two vulnerabilities, CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection), affecting Ivanti Connect Secure and Ivanti Policy Secure Gateways. | ALERTS | EXPLOIT |
10.5.24 | Russian bulletproof hosting services exploited for malicious activities, SocGholish malware campaigns | The use of Russian bulletproof hosting services for hosting malicious activities, including command-and-control (C2) servers and phishing pages distributing SocGholish malware, has been reported. Multiple malware campaigns in recent months have utilized the Matanbuchus loader, with their C2 infrastructure hosted on bulletproof hosting services like "Proton66 OOO". | ALERTS | EXPLOIT |