BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023H January(21) February(46) H
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(59) March()
DATE |
NAME |
Info |
CATEG. |
WEB |
|
22.2.25 | Updated Shadowpad Malware Leads to Ransomware Deployment | In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication. | Malware blog | |
|
22.2.25 | Chinese-Speaking Group Manipulates SEO with BadIIS | This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. | APT blog | |
|
22.2.25 | Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection | Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, and maintain control over compromised systems. | APT blog | |
|
22.2.25 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | Vulnerebility blog | |
|
22.2.25 | Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response | The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. | Malware blog | |
|
22.2.25 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. | Vulnerebility blog | |
|
22.2.25 | Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered | This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions. | Malware blog | |
|
22.2.25 | Russian Threat Group CryptoBytes is Still Active in the Wild with UxCryptor | The SonicWall Capture Labs threat research team has recently been analyzing malware from the CryptoBytes hacker group. UxCryptor is a ransomware strain associated with the CryptoBytes group, a financially motivated Russian cybercriminal organization. It has been active since at least 2023. The group is known for leveraging leaked ransomware builders to create and distribute their malware. | Cryptocurrency blog | |
|
22.2.25 | NIS2: Cybersecurity Becomes Law in Europe | NIS2 builds on the original directive to strengthen cybersecurity standards, ensuring greater protection for EU networks and increased accountability for organizations. | Cyber blog | |
|
22.2.25 | GCleaner is Packed and Ready to Go | This week, the SonicWall Capture Labs threat research team investigated a sample of GCleaner, a Themida-packed malware variant that downloads and drops additional malware, has C2, heavy anti-analysis/anti-VM, and evasion capabilities. GCleaner will also attempt to infect removable drives by encryption or to spread to other systems. | Malware blog | |
|
22.2.25 | Critical Wazuh RCE Vulnerability (CVE-2025-24016): Risks, Exploits and Remediation | SonicWall Capture Labs threat research team has become aware of a critical remote code execution (RCE) vulnerability in Wazuh Server (CVE-2025-24016) and has implemented mitigating measures | Vulnerebility blog | |
|
22.2.25 | Microsoft Security Bulletin Coverage for February 2025 | Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities. | Vulnerebility blog | |
|
22.2.25 | Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-8856, assessed its impact, and developed mitigation measures for this vulnerability. Since it is tied to CWE-434 (“Unrestricted Upload of File with Dangerous Type”) and listed in CISA bulletins, it signals a strong likelihood of active exploitation. | Vulnerebility blog | |
|
22.2.25 |
Explore January 2025’s top CVEs, from RTF exploits to command injection chaos. Stay ahead with insights, PoCs, and patch recommendations. Protect your systems now! | |||
|
22.2.25 |
Cyber Threat Landscape Q&A with Trellix Head of Threat Intelligence John Fokker |
We sat down with Trellix Head of Threat Intelligence John Fokker to get his thoughts on the most pressing cyber threats of 2025 and biggest takeaways from 2024. | ||
|
22.2.25 |
Windows Bug Class: Accessing Trapped COM Objects with IDispatch |
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. |
||
|
22.2.25 |
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) |
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. |
||
|
22.2.25 |
In this Threat Analysis report, Cybereason investigates the the Phorpiex botnet that delivers LockBit Black Ransomware (aka LockBit 3.0). |
|||
|
22.2.25 |
CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series |
A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall SMA 1000 Series. | ||
|
22.2.25 |
Fake job offers target software developers with infostealers |
|||
|
22.2.25 |
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges |
|||
|
22.2.25 | ||||
|
22.2.25 |
Katharine Hayhoe: The most important climate equation | Starmus highlights |
|||
|
22.2.25 | ||||
|
22.2.25 |
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10) |
|||
|
22.2.25 | ||||
|
22.2.25 |
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights |
|||
|
22.2.25 |
Patch or perish: How organizations can master vulnerability management |
|||
|
22.2.25 |
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights | |||
|
22.2.25 | ||||
|
22.2.25 |
This month in security with Tony Anscombe – January 2025 edition |
|||
|
22.2.25 | ||||
|
22.2.25 | ||||
|
22.2.25 |
Going (for) broke: 6 common online betting scams and how to avoid them |
|||
|
22.2.25 |
The evolving landscape of data privacy: Key trends to shape 2025 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Under lock and key: Protecting corporate data from cyberthreats in 2025 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Protecting children online: Where Florida’s new law falls short |
Some of the state’s new child safety law can be easily circumvented. Should it have gone further? |
||
|
22.2.25 |
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe |
|||
|
22.2.25 |
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone |
|||
|
22.2.25 |
Investigating LLM Jailbreaking of Popular Generative AI Web Products |
This article summarizes our investigation into jailbreaking 17 of the most popular generative AI (GenAI) web products that offer text generation or chatbot services. | ||
|
22.2.25 |
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware |
While analyzing infrastructure related to Stately Taurus activity targeting organizations in countries affiliated with the Association of Southeast Asian Nations (ASEAN), Unit 42 researchers observed overlaps with infrastructure used by a variant of the Bookworm malware. |
||
|
22.2.25 |
This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. |
|||
|
22.2.25 |
Stealers on the Rise: A Closer Look at a Growing macOS Threat |
We recently identified a growing number of attacks targeting macOS users across multiple regions and industries. Our research has identified three particularly prevalent macOS infostealers in the wild, which we will explore in depth: Poseidon, Atomic and Cthulhu. We’ll show how they operate and how we detect their malicious activity. |
||
|
22.2.25 |
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek |
Unit 42 researchers recently revealed two novel and effective jailbreaking techniques we call Deceptive Delight and Bad Likert Judge. |
||
|
22.2.25 |
CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia |
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. |
||
|
22.2.25 |
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions |
We describe, in very general terms, how we were able to evade detection by taking advantage of statistical anomalies in the human interaction modules of several sandbox solutions. | ||
|
22.2.25 |
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike |
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. |
||
|
22.2.25 |
Efficiency? Security? When the quest for one grants neither. |
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research. |
||
|
22.2.25 |
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention. |
|||
|
22.2.25 |
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” | ||
|
22.2.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party |
|||
|
22.2.25 |
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. |
|||
|
22.2.25 |
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t |
During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality. | ||
|
22.2.25 |
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. |
|||
|
22.2.25 |
A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. |
|||