January(137)  February(207)  March(430) April(317) May(278)  June(237)  July(216)  August(316) September(186) October(24) November(114) December(126)

i

DATE

NAME

INFO

CATEGORY

SUBCATE

29.7.24

Hive0137 threat group leverages LLM in recent attacks

The threat actor known as Hive0137 has been leveraging Large Language Models (LLM) in their recent attacks. LLM is a form of generative AI designed to understand and generate human-like text. The Hive0137 group is known for their malware distribution attacks that often lead to ransomware infections.

ALERTS

AI

29.7.24

CVE-2024-40348 - Bazaar Directory Traversal vulnerability

CVE-2024-40348 is a recently disclosed directory traversal vulnerability affecting Bazaar (version 1.4.3) which is an open source version control software. Successful exploitation of the flaw might allow unauthenticated attackers to perform directory traversal on the vulnerable system, leading to unauthorized access to system directories and sensitive files.

ALERTS

VULNEREBILITY

29.7.24

Scammers exploit Hamster Kombat’s popularity with malicious farm bot tools

With the rise in popularity of the Telegram clicker game Hamster Kombat, scamsters are increasingly targeting players. Enthusiasts are attracted by the promise of significant rewards linked to the introduction of a new cryptocoin by the game's creators.

ALERTS

SPAM

29.7.24

OceanSpy Ransomware

A ransomware actor calling themselves OceanCorp has been observed in the wild targeting single machines. At this time, according to their ransom note (OceanCorp.txt), this actor does not perform double-extortion tactics, meaning they do not threaten to leak or sell data.

ALERTS

RANSOM

29.7.24

Vietnam campaign: Android Spyware Masquerades as Techcombank

Groups and individuals around the world have been using SpyNote, a popular Android remote access trojan, for the past few years, and its prevalence shows no signs of decreasing. E-crime and targeted campaigns against both enterprises and consumers are observed on a daily basis.

ALERTS

CAMPAIGN

29.7.24

EchoSpoofing

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails

HACKING

Phishing

29.7.24

Gh0stGambit

Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT

MALWARE

RAT

28.7.24

Yellow Cockatoo

Yellow Cockatoo is an activity cluster involving a remote access trojan (RAT) that filelessly delivers various other malware modules.

MALWARE

RAT

28.7.24

Fog

Lost in the Fog: A New Ransomware Threat

RANSOMWARE

RANSOMWARE

28.7.24

ShadowRoot

ShadowRoot Ransomware Targeting Turkish Businesses

RANSOMWARE

RANSOMWARE

28.7.24

Moonstone Sleet

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

GROUP

GROUP

28.7.24

PKfail

PKfailJuly 2024 Research Report

REPORT

REPORT

28.7.24

PlugX campaigns

New PlugX campaigns utilising Steam

CAMPAIGN

CAMPAIGN

28.7.24

PlugX USB worm botnet

Unplugging PlugX: Sinkholing the PlugX USB worm botnet

BOTNET

BOTNET

27.7.24

Connecio

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

MALWARE

Stealer

27.7.24

Lumma Stealer

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

MALWARE

Stealer

27.7.24

GXC Team

GXC Team Unmasked: The cybercriminal group targeting Spanish bank users with AI-powered phishing tools and Android malware

GROUP

AI

27.7.24

ExelaStealer Delivered "From Russia With Love"

Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):

SANS

SANS

27.7.24

ExelaStealer

Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):

MALWARE

Stealer

27.7.24

Threat Actor uses MSHTML flaw to distribute Atlantida InfoStealer

A malware campaign conducted by the threat actor known as Void Banshee, which distributes the Atlantida InfoStealer, has been reported. The attack exploits CVE-2024-38112, an MSHTML vulnerability, by abusing .URL files to execute through disabled Internet Explorer.

ALERTS

VIRUS

27.7.24

SeleniumGreed cryptomining operation

SeleniumGreed is a recently disclosed cryptomining operation observed in the wild. The campaign targets exposed versions of Selenium Grid which is a component in Selenium open-source automation framework used for testing web applications.

ALERTS

CRYPTOCURRENCY

27.7.24

Zilla Ransomware - a recent Crysis variant

Zilla is the latest Crysis/Dharma ransomware observed in the threat landscape. The malware encrypts user data and appends .ZILLA extension to the encrypted files. Alongside this custom extension, also a unique ID and the email address of the threat actors is added.

ALERTS

RANSOM

27.7.24

Phishing campaign targeted at users in India attributed to the Smishing Triad group

Fortinet researchers reported on a recent phishing operation targeting mobile users in India. The attack has been attributed to a threat group known as the Smishing Triad, known previously to be targeting various countries across the world with similar smishing runs.

ALERTS

PHISHING

27.7.24

Continuous espionage activities attributed to the Stonefly APT

Symantec Security Response is aware of the recent joint alert from CISA, FBI and several other partners concerning a number of recent targeted activities attributed to the Stonefly APT group (also known as Andariel or DarkSeoul).

ALERTS

APT

27.7.24

Malware campaign exploits SEO poisoning to target W2 Form seekers

A malware campaign has been reported targeting users searching for W2 forms through SEO poisoning techniques. Victims are redirected to spoofed IRS websites, where they are lured into downloading a masqueraded JS file disguised as a W2 form.

ALERTS

EXPLOIT

27.7.24

Russian-linked malware campaign targeting Indian political entities

A malware campaign believed to be orchestrated by a Russian-linked threat actor is reportedly targeting entities interested in Indian political affairs. Victims are lured with .LNK files disguised as genuine office documents.

ALERTS

VIRUS

27.7.24

Handala Hacking Team Handala Hack: What We Know About the Rising Threat Actor GROUP GROUP

27.7.24

Handala’s Wiper CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders. MALWARE Wipper

27.7.24

Cuckoo Spear Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. GROUP GROUP

27.7.24

CVE-2023-46229 langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.

VULNEREBILITY

CVE

27.7.24

CVE-2023-44467 LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

VULNEREBILITY

CVE

26.7.24

RADAR Ransomware Another ransomware group that employs double-extortion tactics has been making the rounds in the already crowded ransomware threat landscape. Calling themselves RADAR, the group compromises machines, encrypts the files, and appends them with a .[random8characters] extension. ALERTS RANSOM

26.7.24

Smishing in Japan – Utilities, financial services and shipping top lures Smishing, or SMS phishing, is increasingly becoming a favored tactic for cybercriminals due to the widespread use of mobile devices and generally high open rates of SMS messages compared to emails. ALERTS SPAM

26.7.24

Atlantida Stealer among the malware variants spread by Stargazer Goblin threat group Atlantida Stealer has been determined as one of several malware payloads spread recently in a malware distribution campaign attributed to the threat actor known as Stargazer Goblin. Other payloads spread via this malware delivery service dubbed as Stargazers Ghost Network included RedLine, Lumma Stealer, Rhadamanthys and RisePro. ALERTS VIRUS

26.7.24

The increasing incidence of threats utilizing AI There has been a rise in cyber attacks using Large Language Models (LLMs) to generate malicious code. Symantec's Team has observed phishing campaigns where LLM-generated scripts download harmful payloads like Rhadamanthys, NetSupport, CleanUpLoader (Broomstick, Oyster), ModiLoader (DBatLoader), LokiBot, and Dunihi (H-Worm). ALERTS AI

26.7.24

PicassoLoader Malware There was a recent surge in activity from the group called UAC-0057 (aka GhostWriter). In this campaign, attackers are distributing Word documents that are macro-enabled with the intention of launching a malware loader known as PicassoLoader. This malicious loader is capable of deploying a Cobalt Strike Beacon onto the victim's machine. ALERTS VIRUS

26.7.24

ConfusedFunction ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions

VULNEREBILITY

CVE

26.7.24

APT45 APT45: North Korea’s Digital Military Machine GROUP APT

26.7.24

CVE-2024-6327 In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.

VULNEREBILITY

CVE

26.7.24

CVE-2024-41110 Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

VULNEREBILITY

CVE

26.7.24

CVE-2024-4076 (CVSS score: 7.5) - Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure ICS VULNEREBILITY

26.7.24

CVE-2024-1975 (CVSS score: 7.5) - Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition. ICS VULNEREBILITY

26.7.24

CVE-2024-1737 (CVSS score: 7.5) - It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing ICS VULNEREBILITY

26.7.24

CVE-2024-0760 (CVSS score: 7.5) - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients ICS VULNEREBILITY

25.7.24

Cursed tapes Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android EXPLOIT Social site

25.7.24

Patchwork The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell GROUP GROUP

25.7.24

Falcon Content Update for Windows Hosts Remediation and Guidance Hub: Falcon Content Update for Windows Hosts INCIDENT INCIDENT

25.7.24

CVE-2024-21412 Exploiting CVE-2024-21412: A Stealer Campaign Unleashed CAMPAIGN CVE

25.7.24

ACR Stealer ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024. MALWARE Stealer

25.7.24

New Linux Play ransomware targets ESXi servers As recently reported by researchers from Trend Micro, a new Linux variant of the infamous Play ransomware has been observed to target the ESXi servers. Prior to execution, the malware runs checks to confirm that it is running within an ESXi environment. Play ransomware will also attempt to power off all running ESXi virtual machines before proceeding with the encryption process. ALERTS RANSOM

25.7.24

LummaC2 variant exploiting Steam for dynamic C2 domains A new variant of LummaC2 has been observed exploiting the 'Steam' gaming platform. This variant now obtains dynamic C2 domains on demand, a departure from its previous technique of embedding C2 details within the sample itself. The malware stores a Steam URL, specifically a Steam account profile page, as executable code. ALERTS VIRUS

25.7.24

New variant of the Jellyfish Loader observed in the wild A new variant of the .NET-based Jellyfish Loader malware has been found in the wild. The malware has been reported as being distributed via a malicious .LNK file execution. ALERTS VIRUS

25.7.24

CVE-2024-4879 - ServiceNow Jelly Template Injection vulnerability CVE-2024-4879 is a recently disclosed critical template injection vulnerability (CVSS score 9.3) affecting ServiceNow, which is a popular platform for digital business transformation. Successful exploitation of the flaw might allow the unauthenticated remote attackers to gain access and execute arbitrary code within the context of the Now Platform. ALERTS VULNEREBILITY

25.7.24

BianLian Ransomware changes strategy BianLian is a ransomware threat actor that has been active since mid-2022, specifically targeting the infrastructure sector in the US and Australia. As part of its attack vector, the threat actor typically exploits RDP credentials acquired through third parties or phishing to gain initial access. ALERTS RANSOM

25.7.24

Threat Actors continue to exploit CVE-2024-21412 Threat actors continue to exploit CVE-2024-21412, a security bypass vulnerability in Microsoft Windows SmartScreen that was reported and patched in February 2024. ALERTS VULNEREBILITY

25.7.24

"Mouse Logger" Malicious Python Script Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. SANS SANS

25.7.24

CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability

VULNEREBILITY

CVE

25.7.24

CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability

VULNEREBILITY

CVE

24.7.24

Malware-laden Word Document Delivering Daolpu Stealer Following the recent outage which affected computers running Microsoft operating systems across the globe, attackers are continuously exploiting the incident to lure users into accessing malicious links or launching malware-laden files. A new attack linked to this incident has been discovered involving a Word document containing macros that execute and download an unidentified stealer dubbed Daolpu. ALERTS VIRUS

24.7.24

Protection Highlight: ScriptNN Phishing is an all-too-common type of social engineering attack that attempts to steal user data by sending fraudulent communications, usually via email or SMS, which appear to come from a legitimate source. Phishing is predominantly employed at the first stage in a malware attack, whether the ultimate objective is reconnaissance or compromise. ALERTS PHISHING

24.7.24

Braodo: A new Python-based Infostealer in the cyber threat landscape A new infostealer, named Braodo, has been observed circulating in the ever-evolving threat landscape. It is distributed through an archive file that includes a BAT file. When executed, this BAT file connects to GitHub to download a secondary BAT file and a ZIP archive containing the final Braodo infostealer payload. ALERTS VIRUS

24.7.24

Daggerfly group updates their toolset The Daggerfly (aka Evasive Panda, Bronze Highland) threat group, which has been active for at least a decade, has made some significant updates to their toolset. Symantec’s Threat Hunter Team has published a report providing details regarding Daggerfly tools such as the modular malware framework MgBot, Macma, a modular macOS backdoor, and a recently observed multi-stage backdoor identified as Suzafk. ALERTS GROUP

24.7.24

FIN7 has a versatile attack arsenal Threat Actor FIN7 (also tracked under the names Carbon Spider, the Carbanak Group, and Sangria Tempest) is known for its proficiency in sophisticated campaigns and engineering attacks to gain initial access to corporate networks. ALERTS GROUP

24.7.24

BlackSuit Ransomware poses as fake Antivirus Installer New variants of BlackSuit ransomware have been observed in the wild, employing deceptive tactics to evade detection. Recently, they masqueraded as fake Qihoo 360 antivirus installers to deceive victims. Once installed, the malware encrypts user files and appends the .blacksuit extension. ALERTS RANSOM

24.7.24

CyberVolk Ransomware A new strain of ransomware dubbed CyberVolk has been reported. This ransomware is written in C/C++ and features a unique encryption algorithm developed entirely by the group behind the malware. ALERTS RANSOM

24.7.24

RA World Ransomware group Researchers at Palo Alto Networks have provided an analysis of the RA World Ransomware group. This group has been active since 2023 and has targeted victims worldwide across multiple industries. ALERTS RANSOM

24.7.24

RA World Ransomware group In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign. ALERTS RANSOM

24.7.24

FakeApp Campaign: South Korea's Financial Institutions' Mobile Users Targeted In recent weeks, mobile users of several major financial institutions in South Korea were targeted by a FakeApp/FakeBank Android campaign. ALERTS CAMPAIGN

24.7.24

New backdoor spreading in Seedworm malspam campaign Recently the APT group Seedworm has been observed deploying a previously undocumented backdoor named Bugsleep, primarily via a phishing campaign with PDFs containing malicious links targeting organizations in the Middle East. Once deployed this new backdoor allows attackers to execute remote commands and exfiltrate files to the C&C server. ALERTS CAMPAIGN

24.7.24

Tag-100: Emerging threat actor exploiting appliance vulnerabilities A new threat actor, dubbed Tag-100, has been reported targeting government and private sector entities worldwide. This threat actor exploits vulnerabilities in appliances to initiate its attacks and has been observed exploiting known vulnerabilities in appliances such as Citrix NetScaler. ALERTS GROUP

24.7.24

Copybara Android malware Copybara is a banking Trojan affecting Android mobile devices and has been observed targeting users in Italy. Threat actors use previously obtained contact details and portray themselves as bank employees to socially engineer victims into downloading the malicious application by way of SMS phishing and voice phishing, also known as smishing and vishing respectively. ALERTS VIRUS

24.7.24

NullBulge exploiting code repositories in AI and Gaming Sectors n response to the threat actors exploiting security vulnerabilities in AI and gaming-focused entities, a new group dubbed NullBulge has been reported. ALERTS AI

24.7.24

Health Insurance Fund (NEAK) Targeted with Lokibot Malware A recent report has revealed that the National Health Insurance Fund (NEAK) based in Hungary was targeted by attackers who aimed to deploy Lokibot malware. ALERTS VIRUS

24.7.24

Grayfly is targeting and compromising multiple sectors Over the past few weeks, multiple campaigns have been reported, carried out by the China-linked APT group Grayfly also known as APT41. ALERTS APT

24.7.24

New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273)

In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported.

SANS

SANS

24.7.24

CVE-2024-3273

New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273)

VULNEREBILITY

CVE

24.7.24

macOS.Macma

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

MALWARE

macOS

24.7.24

Volt TyphoonII

A secret Disinformation Campaign targetingU.S.Congress and Taxpayers conductedbyU.S.Government agencies

REPORT

REPORT

24.7.24

Daggerfly

Daggerfly: Espionage Group Makes Major Update to Toolset

GROUP

Espionage

24.7.24

Attackers Abuse Swap File to Steal Credit Cards When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers CRIME Steal Credit Cards

24.7.24

FrostyGoop Impact of FrostyGoop ICS Malware on Connected OT Systems MALWARE ICS

23.7.24

VIGORISH VIPER This groundbreaking report unveils the discovery of a technology suite and its connection to
Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia.
PAPERS PAPERS

23.7.24

VIGORISH VIPER GAMBLING IS NO GAME: DNS LINKS BETWEEN CHINESE ORGANIZED CRIME AND SPORTS SPONSORSHIPS GROUP GROUP

23.7.24

FLUXROOT A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. GROUP HACKING

23.7.24

SocGholish Fake Browser Updates Lead to BOINC Volunteer Computing Software MALWARE Malware

23.7.24

Prolific Puma Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma GROUP Ransomware

20.7.24

CHINA’S CYBER REVENGE WHY THE PRC FAILS TO BACK ITS CLAIMS OF WESTERN ESPIONAGE REPORT REPORT

20.7.24

AuKill ‘AuKill’ EDR killer malware abuses Process Explorer driver MALWARE Tool

20.7.24

BUGSLEEP BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server. The backdoor is currently in development, with the threat actors continuously improving its functionality and addressing bugs. MALWARE Backdoor

19.7.24

New variant of BeaverTail malware targets job seekers A new variant of the BeaverTail malware has been reported, distributed via a macOS DMG file that mimics the legitimate video call service MiroTalk. This campaign is linked to North Korean hackers targeting job seekers. The updated malware is a native Mach-O executable capable of stealing sensitive data from web browsers and cryptocurrency wallets. ALERTS VIRUS

19.7.24

APT17 Campaign: New variants of 9002 RAT targeting Italian government entities A malware campaign by the APT17 group has been reported, distributing newer variants of 9002 RAT. The campaign specifically targets government entities and Italian companies. Users are lured with a link to a masqueraded Italian government domain, purportedly to download a Skype installer. ALERTS APT

19.7.24

UAC-0180 Phishing Campaign Targeting Ukrainian A recent phishing campaign was observed by researchers targeting Ukrainian defense enterprises on the topic of Unmanned Aerial Vehicle (UAV) purchasing. The distributed email includes a ZIP attachment with a PDF file containing a malicious link. ALERTS GROUP

19.7.24

RDPWrapper and Tailscale leveraged in recent malspam campaign Researchers have uncovered a multi-stage cyberattack campaign starting with a malicious zip file containing a .lnk shortcut file that was likely spread via phishing emails. Upon execution, the .lnk file downloads a PowerShell script enabling threat actors access via RDP. ALERTS CAMPAIGN

19.7.24

ShadowRoot Ransomware Threat researchers have identified a new ransomware called ShadowRoot which targets businesses in Turkey. The attack starts with a PDF attachment sent via suspicious emails from the "internet[.]ru" domain. If a user clicks on the embedded links within the PDF, it triggers the download of an executable payload that proceeds to encrypt files. Encrypted files have their extensions changed to ".shadowroot". ALERTS RANSOM

19.7.24

Phishing malware campaign targeting Ukrainian Government entities linked to Russian Threat Actor UNC4814 Symantec has observed a phishing malware campaign targeting government entities in Ukraine. Based on the attack vector and behavior, Symantec believes UNC4814, a suspected Russian threat actor, is responsible for the campaign. The threat actor initiates attacks by sending phishing emails with HTA files attached, masquerading as bills and payment notifications.  ALERTS PHISHING

19.7.24

Zero-Day Exploit: Malicious .url Files Leveraging CVE-2024-38112 on Windows An ongoing campaign targeting Windows users has been observed. Threat actors distribute phishing emails containing Windows Internet Shortcut files with a .url extension. ALERTS EXPLOIT

19.7.24

CVE-2024-23471 Solarwinds ARM CreateFile Directory Traversal Remote Code Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23470 Solarwinds ARM UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23466 Solarwinds ARM Directory Traversal Remote Code Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23467 Solarwinds ARM Traversal Remote Code Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23475 Solarwinds ARM Traversal and Information Disclosure Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23469 Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-28074 SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability VULNEREBILITY CVE

19.7.24

CVE-2024-23472 SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability VULNEREBILITY CVE

19.7.24

Snowflake We have released our Snowflake threat hunting guide, which contains guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. REPORT REPORT

19.7.24

UNC5537 UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion GROUP GROUP

19.7.24

APT41 APT41 Has Arisen From the DUST APT APT

19.7.24

Demodex A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit. MALWARE Rootkit

19.7.24

DUSTPAN APT41 used a combination of ANTSWORD and BLUEBEAM web shells for the execution of DUSTPAN to execute BEACON backdoor for command-and-control communication. EXPLOIT Shell

19.7.24

OilAlpha OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen MALWARE Mobil App

19.7.24

Statement on Falcon Content Update for Windows Hosts CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. INCIDENT INCIDENT

18.7.24

Killer Ultra Malware A tool used in Qilin ransomware attacks known as "Killer Ultra" was recently uncovered by researchers. ALERTS VIRUS

18.7.24

Noxious Stealer A new stealer malware dubbed Noxious Stealer was recently identified by researchers. ALERTS VIRUS

18.7.24

Specially crafted HTML files allow for abuse of Windows search Attackers have been recently observed abusing Windows search in order to redirect users to malware. ALERTS SPAM

18.7.24

Jenkings Script Console exploited for cryptocurrency mining Improperly configured Jenkins Script Console instances (such as Jenkins Groovy plugin) have been weaponized by attackers leading to criminal activities such as the deployment of cryptocurrency miners, and backdoors to gather sensitive information. ALERTS CRYPTOCURRENCY

18.7.24

Phishing campaign impersonating Afrihost services Afrihost is a South African Internet Service Provider (ISP) that offers services such as ADSL broadband, wireless, mobile services, and web hosting. ALERTS CAMPAIGN

18.7.24

CVE-2024-36401: Vulnerability in OSGeo GeoServer GeoTools CVE-2024-36401 (CVSS score: 9.8) is a vulnerability in OSGeo GeoServer GeoTools, with evidence of active exploitation. ALERTS VULNEREBILITY

18.7.24

Malware disguised as cracked versions of MS Office Threat researchers discovered malware disguised as cracked versions of MS Office. ALERTS VIRUS

18.7.24

BadPack method used in Android malware BadPack is a method observed in malware which targets Android mobile devices. ALERTS VIRUS

18.7.24

HotPage HotPage: Story of a signed, vulnerable, ad-injecting driver MALWARE Adware

18.7.24

SAPwned SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts VULNEREBILITY AI

18.7.24

TAG-100 TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies GROUP GROUP

18.7.24

CVE-2024-34102 (CVSS score: 9.8) - Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability VULNEREBILITY CVE

18.7.24

CVE-2024-28995 (CVSS score: 8.6) - SolarWinds Serv-U Path Traversal Vulnerability VULNEREBILITY CVE

18.7.24

CVE-2022-22948 (CVSS score: 6.5) - VMware vCenter Server Incorrect Default File Permissions Vulnerability VULNEREBILITY CVE

18.7.24

BeaverTail North Korean Hackers Update BeaverTail Malware to Target MacOS Users MALWARE Stealer

17.7.24

CVE-2024-27348 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. VULNEREBILITY CVE

17.7.24

DeputyDog Italian government agencies and companies in the target of a Chinese APT APT APT

17.7.24

FIN7 Reboot FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks APT APT

16.7.24

Quasar RAT delivered via Home Trading System Threat researchers have identified Quasar RAT malware being distributed via a private Home Trading System (HTS), a tool that allows investors to trade from their own PCs. However, the HTS (aka HPlus) used in these attacks is unsearchable and its provider remains unknown. ALERTS VIRUS

16.7.24

Malicious Word Document Spreading Stealer Malware An ongoing campaign has revealed a stealer malware initially distributed through Word documents. This malware infects computers, retrieves the device’s IP address, and subsequently sends the user’s browser information to a dedicated command-and-control (C2) server operated by the attackers, with the data customized for different countries. ALERTS VIRUS

16.7.24

CVE-2024-36991 - Path Traversal vulnerability in Splunk Enterprise CVE-2024-36991 (CVSS: 7.5 High) is a path traversal vulnerability in Splunk Enterprise, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, helping organizations derive insights from this data. ALERTS VULNEREBILITY

16.7.24

BUGSLEEP NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS MALWARE Backdoor

16.7.24

MuddyWater MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign GROUP GROUP

16.7.24

Void Banshee CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks GROUP GROUP

16.7.24

CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability VULNEREBILITY CVE

15.7.24

SYS01 Stealer How SYS01 Stealer Will Get Your Sensitive Facebook Info MALWARE Stealer

15.7.24

Poco RAT phishing campaign targeting Spanish speakers Since early 2024, an ongoing phishing campaign has been targeting Spanish speakers, distributing a new remote access trojan (RAT) known as Poco RAT. ALERTS VIRUS

15.7.24

CRYSTALRAY's Ongoing Operations Leveraging SSH-Snake Since February 2024, researchers have been tracking the evolving threat actor CRYSTALRAY. The group was observed to leverage the use of a network mapping tool called SSH-Snake, a self-modifying worm malware which exploits compromised SSH credentials to spread through networks. ALERTS GROUP

15.7.24

HardBit Ransomware 4.0 In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. RANSOMWARE RANSOMWARE

14.7.24

CRYSTALRAY CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools GROUP GROUP
13.7.24 RADIUS/UDP Considered Harmf The core of the RADIUS protocol predates modern secure cryptographic design. Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5. In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks. PAPERS PAPERS
13.7.24 Blast-RADIUS Attack Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. ATTACK PROTOCOL
13.7.24 Xhibiter NFT Marketplace 1.10.2 - SQL Injection WebApps

Exploit

PHP
13.7.24 Azon Dominator Affiliate Marketing Script - SQL Injection WebApps

Exploit

PHP
13.7.24 Microweber 2.0.15 - Stored XSS WebApps

Exploit

PHP
13.7.24 Customer Support System 1.0 - Stored XSS WebApps

Exploit

PHP
13.7.24 Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS) WebApps

Exploit

PHP
13.7.24 SolarWinds Platform 2024.1 SR1 - Race Condition WebApps Exploit Multiple
13.7.24 Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated) WebApps

Exploit

PHP
13.7.24 Poultry Farm Management System v1.0 - Remote Code Execution (RCE) WebApps Exploit PHP

13.7.24

AT&T Confirms Data Breach AT&T Confirms Data Breach Affecting Nearly All Wireless Customers INCIDENT INCIDENT

13.7.24

DarkGate DarkGate: Dancing the Samba With Alluring Excel Files MALWARE RAT

13.7.24

Use-after-free vulnerability in lighttpd version 1.4.50 and earlier A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access sensitive data. ALERT ALERT

13.7.24

RADIUS protocol susceptible to forgery attacks. A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating authentication responses from a RADIUS server. ALERT ALERT

12.7.24

2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC

12.7.24

2024-06-24 - ClickFix popup leads to Lumma Stealer Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC

12.7.24

2024-06-17 - Google ad --> fake unclaimed funds site --> Matanbuchus with Danabot Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC

12.7.24

OilAlpha targets Arabic-speaking humanitarian NGOs in Yemen OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. According to reports, users are lured to a deceptive web portal that mimics the generic login interfaces of humanitarian organizations such as CARE International and the Norwegian Refugee Council, with the aim of stealing credentials. ALERTS APT

12.7.24

Vultur Campaign: Clothing Retailer Brand Abused in Fake App Scheme Brands of all genres are constantly abused by cybercriminals to target specific demographics, and financial institutions are usually the ones most impersonated. ALERTS CAMPAIGN

12.7.24

DodgeBox Loader Loading MoonWalk Backdoor Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku. ALERTS VIRUS

12.7.24

Tax-Themed Android Malware Targeting Uzbekistan Mobile Users Taxes have been and continue to be prevalently used in social engineering tactics around the world to trick users (both consumers and enterprises) into deploying malware on their machines, entangling themselves in BEC scams, inputting sensitive data into phishing websites, and more. ALERTS VIRUS

12.7.24

CVE-2024-39929 Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. VULNEREBILITY CVE

12.7.24

CVE-2024-3596 This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile. VULNEREBILITY CVE

12.7.24

CVE-2024-5910 Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. VULNEREBILITY CVE

11.7.24

Despite group disruptions, ransomware activity not decreasing In a newly released report, Symantec’s Threat Hunter Team shares insight into observed ransomware activity. The data shows that despite disruptions affecting Lockbit and Noberus groups and a downward trend between the last quarter of 2023 and the first quarter of 2024, activity is still on the rise. ALERTS RANSOM

11.7.24

ViperSoftX: Evolving tactics from Torrent software lures to eBook disguises ViperSoftX is an infostealer that continues to evolve and enhance its tactics and techniques. Initially, attackers leveraged pirated versions of popular software to lure users, often distributed through torrent sites. ALERTS VIRUS

11.7.24

GuardZoo: Android spyware targeting middle eastern defense entities An Android spyware dubbed GuardZoo has been observed targeting defense entities in the Middle East. It is believed to be associated with the Houthi rebel faction in Yemen. ALERTS VIRUS

11.7.24

Ghostscript (CVE-2024-29510) Symantec is aware of a remote code execution vulnerability (CVE-2024-29510) in the "Ghostscript" document conversion toolkit used on Linux systems. ALERTS VULNEREBILITY

11.7.24

DoNex ransomware decryptor The DoNex ransomware has been rebranded several times. The first brand, called Muse, appeared in April 2022. Multiple evolutions followed, resulting in the final version of the ransomware, called DoNex. TOOL Anti-ransom

11.7.24

CVE-2024-6385 GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 VULNEREBILITY CVE

11.7.24

Veeam Backup Software Vulnerability Patch or Peril: A Veeam vulnerability incident INCIDENT INCIDENT

11.7.24

DodgeBox DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 MALWARE Loader

11.7.24

Poco RAT New Malware Campaign Targeting Spanish Language Victims MALWARE RAT

10.7.24

Water Sigbin exploits vulnerabilities to deliver cryptocurrency miner The threat actor Water Sigbin (aka 8220 Gang) has exploited vulnerabilities in the Oracle WebLogic Server ( CVE-2017-3506 and CVE-2023-21839) to deliver a cryptocurrency miner called XMRing to the compromised systems. ALERTS CRYPTOCURRENCY

10.7.24

Protection Highlight: Recent Sideloading Attacks In this bulletin however we'll talk about sideloading as it relates to the cybersecurity field. MITRE defines sideloading attacks in T1574.002 as a type of (search order) Hijack Execution Flow, which exploits the way Windows applications load DLLs. ALERTS HACKING

10.7.24

CVE-2024-38021 Microsoft Office Remote Code Execution Vulnerability VULNEREBILITY CVE

10.7.24

CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability VULNEREBILITY CVE

10.7.24

CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability VULNEREBILITY CVE

10.7.24

CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability VULNEREBILITY CVE

10.7.24

Huione Guarantee Huione Guarantee: The multi-billion dollar marketplace used by online scammers SPAM SPAM

10.7.24

ViperSoftX The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution MALWARE Malware

10.7.24

CVE-2024-6387 CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child due to a race condition in signal handling VULNEREBILITY CVE

9.7.24

Popular sticky-note installers trojanized to push malware A recent report by (CTA) member Rapid7 has recently disclosed that popular sticky-note app 'Notezilla' installers have been trojanized in order to deliver malware. ALERTS VIRUS

9.7.24

Recent Water Hydra APT Activity Exploiting CVE-2024-21412 In early 2024, threat researchers exposed the DarkGate campaign, exploiting CVE-2024-21412 via fake software installers. Afterwards, the APT group Water Hydra used the same vulnerability to target financial traders with the DarkMe RAT, bypassing SmartScreen. ALERTS APT

9.7.24

RADIUS RADIUS is almost thirty years old, and uses cryptography based on MD5. Given that MD5 has been broken for over a decade, what are the implications for RADIUS? Why is RADIUS still using MD5? ATTACK Protocol

9.7.24

Jenkins Script Console Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective HACKING CRYPTOCURRENCY

9.7.24

GuardZoo Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries MALWARE Android

9.7.24

APT40 People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action APT APT

8.7.24

Caught in the Net: Using Infostealer
Logs to Unmask CSAM Consumers
In this proof-of-concept (PoC) report, we used Recorded Future Identity Intelligence’s vast trove of information stealer (“infostealer”) malware data to identify consumers of child sexual abuse material (CSAM), surface additional sources, and arrive at geographic and behavioral trends for the most popular sources PAPERS PAPERS

8.7.24

Eldorado Eldorado Ransomware: The New Golden Empire of Cybercrime? RANSOM RANSOM

8.7.24

StrelaStealer StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe MALWARE Stealer

8.7.24

Satanstealer Satanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details. MALWARE Stealer

8.7.24

Poseidon ‘Poseidon’ Mac stealer distributed via Google ads MALWARE Stealer

8.7.24

0bj3ctivity 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. MALWARE Stealer

8.7.24

Neptune Stealer A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. MALWARE Stealer

8.7.24

Kematian Stealer Kematian-Stealer : A Deep Dive into a New Information Stealer MALWARE Stealer

8.7.24

CloudSorcerer CloudSorcerer – A new APT targeting Russian government entities APT APT

8.7.24

Zergeca: A new Golang botnet with advanced capabilities A new botnet, dubbed Zergeca and written in Golang, has been observed in the wild. In addition to conducting distributed denial-of-service (DDoS) attacks, the botnet includes several other features such as proxy-based obfuscation. ALERTS BOTNET

8.7.24

Beware of Orcinius trojan's multi-stage attack via Dropbox and Google docs Beware of the Orcinius trojan malware! It's a multi-stage trojan reported to utilize Dropbox and Google Docs as part of its attack vector for downloading secondary payloads. ALERTS VIRUS

8.7.24

Neptune Stealer A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. ALERTS VIRUS

8.7.24

CVE-2024-39930 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. VULNEREBILITY CVE

8.7.24

CVE-2024-39931 Gogs through 0.13.0 allows deletion of internal files. VULNEREBILITY CVE

8.7.24

CVE-2024-39932 Gogs through 0.13.0 allows argument injection during the previewing of changes. VULNEREBILITY CVE

8.7.24

CVE-2024-39933 Gogs through 0.13.0 allows argument injection during the tagging of a new release. VULNEREBILITY CVE

8.7.24

Mekotio Mekotio Banking Trojan Threatens Financial Systems in Latin America MALWARE Banking

5.7.24

Mekotio malware targets banking users in Latin America Mekotio is a banking trojan active in the threat landscape since at least 2015 and targeting predominantly the Latin America region. ALERTS VIRUS

5.7.24

Religion as Bait: AndroRAT Targets Nigerian Mobile Users Nigeria features a vibrant religious landscape with multiple different faiths shaping the country. ALERTS VIRUS

5.7.24

Fake Sex Tapes of Turkish Celebrities Fuel SpyNote Spread Fake sex tapes remain a common social engineering lure used by malware actors due to their ability to evoke strong emotions potentially resulting in impulsive actions. ALERTS VIRUS

5.7.24

CVE-2024-37051 - JetBrains IntelliJ IDEs vulnerability CVE-2024-37051 is a recently disclosed critical vulnerability impacting Jetbrains IntelliJ integrated development environment (IDE) apps. ALERTS VULNEREBILITY

5.7.24

LukaLocker ransomware distributed by Volcano Demon group LukaLocker is a newly seen offering from a ransomware group dubbed Volcano Demon. Recently observed attacks were prefaced by exfiltration of data using harvested credentials. ALERTS RANSOM

5.7.24

GootLoader GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks MALWARE Loader

5.7.24

Zergeca New Threat: A Deep Dive Into the Zergeca Botnet BOTNET BOTNET

5.7.24

CVE-2023-2071 PN1645 | FactoryTalk View Machine Edition Vulnerable to Remote Code Execution VULNEREBILITY ICS

5.7.24

CVE-2023-29464 PN1652 | FactoryTalk® Linx Vulnerable to Denial-of-Service and Information Disclosure VULNEREBILITY ICS

4.7.24

Disguised e-book delivering AsyncRAT Former reports detailed how AsyncRAT malware is usually distributed via file extensions such as .chm, .wsf, and .lnk. ALERTS VIRUS

4.7.24

CosmicSting (CVE-2024-34102) - XXE vulnerability is targeting Adobe Commerce and Magento CVE-2024-34102 is a critical (CVSS: 9.8) XML External Entity Reference (XXE) vulnerability in Adobe commerce and Magento, which are popular E-commerce platforms. ALERTS VULNEREBILITY

4.7.24

CVE-2024-29849 - Veeam Backup Enterprise Manager authentication bypass vulnerability CVE-2024-29849 is a recently disclosed critical authentication bypass vulnerability (CVSS score 9.8) affecting Veeam Backup Enterprise Manager. ALERTS VULNEREBILITY

4.7.24

CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz CVE-2024-36104 is a Path traversal vulnerability in Apache OFBiz, which is a comprehensive suite of business applications. ALERTS VULNEREBILITY

4.7.24

k4spreader: New malware tool used by '8220' Chinese threat actor group A new malware tool known as k4spreader has been observed being used by the '8220' Chinese threat actor group in recent campaigns. ALERTS GROUP

4.7.24

MerkSpy MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems MALWARE Spyware

3.7.24

SmokeLoader, part 2 A Brief History of SmokeLoader, Part 2 MALWARE Loader

3.7.24

SmokeLoader, part 1 A Brief History of SmokeLoader, Part 1 MALWARE Loader

3.7.24

FakeBat loader Exposing FakeBat loader: distribution methods and adversary infrastructure MALWARE Loader

3.7.24

HappyDoor Kimsuky Group's New Backdoor Appears (HappyDoor) MALWARE Backdoor

3.7.24

Xctdoor Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) MALWARE Backdoor

3.7.24

RegreSSHion (CVE-2024-6387) Symantec is aware of the "regreSSHion" vulnerability (CVE-2024-6387), which is a critical remote code execution (RCE) flaw in OpenSSH. ALERTS VULNEREBILITY

3.7.24

Protection Highlight: CVE-2024-4577 PHP-CGI Argument Injection Vulnerability PHP is a general-purpose server scripting language and a powerful scripting tool for making dynamic and interactive Web pages. ALERTS VULNEREBILITY

3.7.24

Apple IDs Targeted in US Smishing Campaign Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. ALERTS HACKING

3.7.24

CVE-2024-31982 - XWiki RCE vulnerability CVE-2024-31982 is a recently disclosed remote code execution (RCE) vulnerability affecting XWiki, which is a popular open-source and Java-based wiki platform. ALERTS VULNEREBILITY
2.7.24 Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predict This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs. PAPERS CPU
2.7.24 High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake). ATTACK CPU
2.7.24 Xhibiter NFT Marketplace 1.10.2 - SQL Injection PHP Exploit WebApps
2.7.24 Azon Dominator Affiliate Marketing Script - SQL Injection PHP

Exploit

WebApps
2.7.24 Microweber 2.0.15 - Stored XSS PHP

Exploit

WebApps
2.7.24 Customer Support System 1.0 - Stored XSS PHP

Exploit

WebApps

2.7.24

CVE-2024-20399 Cisco NX-OS Software CLI Command Injection Vulnerability VULNEREBILITY CVE

2.7.24

CocoaPods Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications VULNEREBILITY CVE

2.7.24

Datebug APT continues to spread CapraRAT Android malware Renewed malicious activity associated to the Datebug APT (aka. Transparent Tribe or APT36) has been reported by researchers from Sentinel One ALERTS APT

2.7.24

Poseidon infostealer targeting macOS Poseidon is a new infostealer variant targeting the macOS platform. The malware is an evolution of the older variant known as RodStealer. ALERTS VIRUS

2.7.24

MerkSpy malware payload delivered through exploitation of CVE-2021-40444 vulnerability Researchers from Fortinet have reported on a new campaign delivering the MerkSpy malware. ALERTS VIRUS

2.7.24

Kematian Stealer Researchers have reported a new stealer-type malware dubbed Kematian. ALERTS VIRUS

2.7.24

Fake ZainCash App Steals Mobile User Data ZainCash, a comprehensive mobile wallet service licensed under the Central Bank of Iraq, designed to provide a variety of digital financial services, has become one of the latest Fintech brands abused by cybercriminals. ALERTS VIRUS

1.7.24

CapraTube CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts MALWARE Android

1.7.24

Snowblind Beware of Snowblind: A new Android malware MALWARE Android

1.7.24

regreSSHion regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server VULNEREBILITY CVE

1.7.24

CVE-2024-2973 2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973) VULNEREBILITY CVE