BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023H January(21) February(46) H
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(72) March(67)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
29.3.25 |
Juniper Routers, Network Devices Targeted with Custom Backdoors | Backdoored Juniper networking devices are at the center of two major cybersecurity stories that highlight the ongoing vulnerability and active targeting of network infrastructure by cyber adversaries. | Hacking blog | |
|
29.3.25 |
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin | Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. | Vulnerebility blog | |
|
29.3.25 |
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure | Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines. | Vulnerebility blog | |
|
29.3.25 |
Trend Cybertron: Full Platform or Open-Source? | Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology. | Cyber blog | |
|
29.3.25 |
Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
29.3.25 |
MoDiRAT Malware Uses Horus Protector to Target France | The SonicWall Capture Labs threat research team has identified a new development in the Horus Protector distributed infection chain. Recently, it has been targeting the French region with MoDiRAT, a malware notorious for stealing credit card and other victim information. | Malware blog | SonicWall |
|
29.3.25 |
Critical Apache Tomcat RCE Vulnerability (CVE-2025-24813) Under Active Exploitation | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
29.3.25 |
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration | The attacks against cloud-hosted infrastructure are increasing, and the proof is in the analysis of security alert trends. Recent research reveals that organizations saw nearly five times as many daily cloud-based alerts at the end of 2024 compared to the start of the year. This means attackers have significantly intensified their focus on targeting and breaching cloud infrastructure. | Hacking blog | Palo Alto |
|
29.3.25 |
VanHelsing, new RaaS in Town | In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world. Launched on March 7, 2025, this service has already demonstrated its rapid growth and deadly potential, having infected three victims within just two weeks of its introduction | Ransom blog | Checkpoint |
|
29.3.25 |
Gamaredon campaign abuses LNK files to distribute Remcos backdoor | Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. | Malware blog | Cisco Blog |
|
29.3.25 |
Money Laundering 101, and why Joe is worried | In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime. | Cyber blog | Cisco Blog |
|
29.3.25 |
Making it stick: How to get the most out of cybersecurity training | Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near | Cyber blog | Eset |
|
29.3.25 |
RansomHub affiliates linked to rival RaaS gangs | ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions | Ransom blog | |
|
29.3.25 |
FamousSparrow resurfaces to spy on targets in the US, Latin America | Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time | APT blog | |
|
29.3.25 |
Shifting the sands of RansomHub’s EDRKillShifter | Ransom blog | ||
|
29.3.25 |
You will always remember this as the day you finally caught FamousSparrow | ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor | APT blog | |
|
29.3.25 |
Prevent Web Scraping by Applying the Pyramid of Pain | The Bots Pyramid of Pain: a framework for effective bot defense. | BotNet blog | |
|
29.3.25 |
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive | The 2025 Advanced Persistent Bot (APB) Report covers all bot types, across all industries, at a high level. But web scrapers, in particular, are a persistent threat, growing even more so with the seemingly infinite appetite of generative AI platforms. | BotNet blog | |
|
29.3.25 |
2025 Advanced Persistent Bots Report | Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses. | BotNet blog | |
|
29.3.25 |
The Curious Case of PlayBoy Locker | Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. | Ransom blog | Cybereason |
|
29.3.25 |
An analysis of the NSO BLASTPASS iMessage exploit | On September 7, 2023 Apple issued an out-of-band security update for iOS | Exploit blog | Project Zero |
|
22.3.25 |
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations | Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. | Ransom blog | |
|
22.3.25 |
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns | Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution. | Vulnerebility blog | |
|
22.3.25 |
SonicWall Detects Credential-Stealing SVG File in Phishing Campaign | This week, the SonicWall Capture Labs threat research team performed an analysis of a phishing email that included an SVG file attachment, which contains HTML and JavaScript code designed to capture user credentials. | Phishing blog | SonicWall |
|
22.3.25 |
WormLocker Ransomware Resurfaces: Infection Cycle, Encryption Tactics, and Prevention | WormLocker was first spotted in late 2020. Since its discovery, it has been observed spreading through phishing emails and exploiting vulnerabilities. The SonicWall Capture Labs threat research team has received what appears to be a more recent sample of this ransomware. Given the dynamic nature of ransomware threats, this might signify its potential resurgence. | Ransom blog | SonicWall |
|
22.3.25 |
Microsoft Security Bulletin Coverage for March 2025 | Microsoft’s March 2025 Patch Tuesday has 56 vulnerabilities, of which 23 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2025 and has produced coverage for 10 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
|
22.3.25 |
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the | Updated March 20: The recent compromise of the GitHub action tj-actions/changed-files and additional actions within the reviewdog organization has captured the attention of the GitHub community, marking another major software supply chain attack. Our team conducted an in-depth investigation into this incident and uncovered many more details about how the attack occurred and its timeline. | Cryptocurrency blog | Palo Alto |
|
22.3.25 |
UAT-5918 targets critical infrastructure entities in Taiwan | UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting. | BigBrother blog | Cisco Blog |
|
22.3.25 |
Operation FishMedley | ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON | Cyber blog | Eset |
|
22.3.25 |
MirrorFace updates toolset, expands targeting to Europe | The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo | Cyber blog | |
|
22.3.25 |
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor | ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor | Cyber blog | |
|
22.3.25 |
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1) | Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams | AI blog | |
|
22.3.25 |
Analysis of Black Basta Ransomware Chat Leaks | Trellix obtained access to Black Basta's chat leaks at the end of February 2025 and immediately began analyzing the chat logs. Given that Black Basta is a rebrand of Conti RaaS, our approach mirrored that which we took in Conti Leaks: Examining the Panama Papers of Ransomware. | Ransom blog | Trelix |
|
15.3.25 |
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution |
In this blog entry, we uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads. The campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content to make fake repositories appear legitimate. |
||
|
15.3.25 |
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware |
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. |
||
|
15.3.25 |
Critical Mautic Vulnerability (CVE-2024-47051) Enables Arbitrary File Uploads |
The SonicWall Capture Labs threat research team became aware of a critical arbitrary file upload in Mautic, assessed its impact, and developed mitigation measures. |
||
|
15.3.25 |
Recently, we discovered several new malware samples with unique characteristics that made attribution and function determination challenging. |
|||
|
15.3.25 |
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims |
Unit 42 researchers discovered a campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile applications. |
||
|
15.3.25 |
Enterprises Should Consider Replacing Employees’ Home TP-Link Routers |
An examination of CVE trends from February 2025 scanning data. |
||
|
15.3.25 |
Why Critical MongoDB Library Flaws Won't See Mass Exploitation |
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks. |
||
|
15.3.25 |
Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle, also known as APT-C-36, and deliver malicious .url files, which cause a similar effect to the CVE-2024-43451 vulnerability |
|||
|
15.3.25 |
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” |
|||
|
15.3.25 |
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. |
||
|
15.3.25 |
||||
|
15.3.25 |
||||
|
15.3.25 |
Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses |
|||
|
8.3.25 |
Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security |
DeepSeek-R1 uses Chain of Thought (CoT) reasoning, explicitly sharing its step-by-step thought process, which we found was exploitable for prompt attacks. |
||
|
8.3.25 |
Malvertising campaign leads to info stealers hosted on GitHub |
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain. |
||
|
8.3.25 |
Uncovering .NET Malware Obfuscated by Encryption and Virtualization |
We will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a sandbox performing static analysis to extract crucial malware configuration parameters from such samples. |
||
|
8.3.25 |
Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities. |
|||
|
8.3.25 |
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter. |
|||
|
8.3.25 | ||||
|
8.3.25 |
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights |
|||
|
8.3.25 |
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani |
|||
|
1.3.25 |
Unit 42 researchers have observed phishing activity that we track as TGR-UNK-0011. We assess with high confidence that this cluster overlaps with the threat actor group JavaGhost. The threat actor group JavaGhost has been active for over five years and continues to target cloud environments to send out phishing campaigns to unsuspecting targets. |
|||
|
1.3.25 |
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations |
This article reviews a cluster of malicious activity that we identify as CL-STA-0049. Since at least March 2023, a suspected Chinese threat actor has targeted governments, defense, telecommunication, education and aviation sectors in Southeast Asia and South America. |
||
|
1.3.25 |
Malware targeting macOS systems is increasingly pervasive in our current threat landscape. Most of the associated threats are cybercrime-related, ranging from information stealers to cryptocurrency mining. Over the past year, we have witnessed an increase in cybercrime activity linked to North Korean nation-state APT groups. |
|||
|
1.3.25 |
Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation. |
|||
|
1.3.25 |
Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign |
While the abuse of vulnerable drivers has been around for a while, those that can terminate arbitrary processes have drawn increasing attention in recent years. As Windows security continues to evolve, it has become more challenging for attackers to execute malicious code without being detected. |
||
|
1.3.25 |
Over the past few decades, hacktivism has been, in a lot of cases, characterized by minor website defacements and distributed denial-of-service (DDoS) attacks, which, while making headlines, had minimal lasting impact. |
|||
|
1.3.25 |
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools |
|||
|
1.3.25 |
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome |
Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. |
||
|
1.3.25 |
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. |
|||
|
1.3.25 |
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights |
|||
|
1.3.25 |
This month in security with Tony Anscombe – February 2025 edition |
|||
|
1.3.25 | ||||
|
1.3.25 |
Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. |
|||