BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(72) March()
DATE |
NAME |
Info |
CATEG. |
WEB |
8.3.25 | Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security | DeepSeek-R1 uses Chain of Thought (CoT) reasoning, explicitly sharing its step-by-step thought process, which we found was exploitable for prompt attacks. | AI blog | Trend Micro |
8.3.25 | Malvertising campaign leads to info stealers hosted on GitHub | Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain. | Malware blog | Microsoft blog |
8.3.25 | Uncovering .NET Malware Obfuscated by Encryption and Virtualization | We will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a sandbox performing static analysis to extract crucial malware configuration parameters from such samples. | Malware blog | Palo Alto |
8.3.25 | Unmasking the new persistent attacks on Japan | Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities. | Exploit blog | |
8.3.25 | Who is Responsible and Does it Matter? | Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter. | Cyber blog | |
8.3.25 | Kids behaving badly online? Here's what parents can do | By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age | Cyber blog | Eset |
8.3.25 | Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights | Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution | AI blog | |
8.3.25 | Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani | Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media | Cyber blog | |
1.3.25 | JavaGhost’s Persistent Phishing Attacks From the Cloud | Unit 42 researchers have observed phishing activity that we track as TGR-UNK-0011. We assess with high confidence that this cluster overlaps with the threat actor group JavaGhost. The threat actor group JavaGhost has been active for over five years and continues to target cloud environments to send out phishing campaigns to unsuspecting targets. | Phishing blog | Palo Alto |
1.3.25 | Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations | This article reviews a cluster of malicious activity that we identify as CL-STA-0049. Since at least March 2023, a suspected Chinese threat actor has targeted governments, defense, telecommunication, education and aviation sectors in Southeast Asia and South America. | Malware blog | |
1.3.25 | RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector | Malware targeting macOS systems is increasingly pervasive in our current threat landscape. Most of the associated threats are cybercrime-related, ranging from information stealers to cryptocurrency mining. Over the past year, we have witnessed an increase in cybercrime activity linked to North Korean nation-state APT groups. | Malware blog | |
1.3.25 | Auto-Color: An Emerging and Evasive Linux Backdoor | Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation. | Malware blog | |
1.3.25 | Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign | While the abuse of vulnerable drivers has been around for a while, those that can terminate arbitrary processes have drawn increasing attention in recent years. As Windows security continues to evolve, it has become more challenging for attackers to execute malicious code without being detected. | APT blog | Checkpoint |
1.3.25 | Modern Approach to Attributing Hacktivist Groups | Over the past few decades, hacktivism has been, in a lot of cases, characterized by minor website defacements and distributed denial-of-service (DDoS) attacks, which, while making headlines, had minimal lasting impact. | BigBrother blog | Checkpoint |
1.3.25 | Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools | Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools | APT blog | |
1.3.25 | Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome | Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. | APT blog | |
1.3.25 | Your item has sold! Avoiding scams targeting online sellers | There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. | Spam blog | |
1.3.25 | Bernhard Schölkopf: Is AI intelligent? | Starmus highlights | AI blog | Eset | |
1.3.25 | This month in security with Tony Anscombe – February 2025 edition | Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news | Ransom blog | |
1.3.25 | Laurie Anderson: Building an ARK | Starmus highlights | The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times | Cyber blog | |
1.3.25 | Deceptive Signatures: Advanced Techniques in BEC Attacks | Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. | Spam blog | |
22.2.25 | Updated Shadowpad Malware Leads to Ransomware Deployment | In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication. | Malware blog | |
22.2.25 | Chinese-Speaking Group Manipulates SEO with BadIIS | This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. | APT blog | |
22.2.25 | Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection | Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, and maintain control over compromised systems. | APT blog | |
22.2.25 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | Vulnerebility blog | |
22.2.25 | Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response | The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. | Malware blog | |
22.2.25 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. | Vulnerebility blog | |
22.2.25 | Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered | This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions. | Malware blog | |
22.2.25 | Russian Threat Group CryptoBytes is Still Active in the Wild with UxCryptor | The SonicWall Capture Labs threat research team has recently been analyzing malware from the CryptoBytes hacker group. UxCryptor is a ransomware strain associated with the CryptoBytes group, a financially motivated Russian cybercriminal organization. It has been active since at least 2023. The group is known for leveraging leaked ransomware builders to create and distribute their malware. | Cryptocurrency blog | |
22.2.25 | NIS2: Cybersecurity Becomes Law in Europe | NIS2 builds on the original directive to strengthen cybersecurity standards, ensuring greater protection for EU networks and increased accountability for organizations. | Cyber blog | |
22.2.25 | GCleaner is Packed and Ready to Go | This week, the SonicWall Capture Labs threat research team investigated a sample of GCleaner, a Themida-packed malware variant that downloads and drops additional malware, has C2, heavy anti-analysis/anti-VM, and evasion capabilities. GCleaner will also attempt to infect removable drives by encryption or to spread to other systems. | Malware blog | |
22.2.25 | Critical Wazuh RCE Vulnerability (CVE-2025-24016): Risks, Exploits and Remediation | SonicWall Capture Labs threat research team has become aware of a critical remote code execution (RCE) vulnerability in Wazuh Server (CVE-2025-24016) and has implemented mitigating measures | Vulnerebility blog | |
22.2.25 | Microsoft Security Bulletin Coverage for February 2025 | Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities. | Vulnerebility blog | |
22.2.25 | Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-8856, assessed its impact, and developed mitigation measures for this vulnerability. Since it is tied to CWE-434 (“Unrestricted Upload of File with Dangerous Type”) and listed in CISA bulletins, it signals a strong likelihood of active exploitation. | Vulnerebility blog | |
22.2.25 |
Explore January 2025’s top CVEs, from RTF exploits to command injection chaos. Stay ahead with insights, PoCs, and patch recommendations. Protect your systems now! | |||
22.2.25 |
Cyber Threat Landscape Q&A with Trellix Head of Threat Intelligence John Fokker |
We sat down with Trellix Head of Threat Intelligence John Fokker to get his thoughts on the most pressing cyber threats of 2025 and biggest takeaways from 2024. | ||
22.2.25 |
Windows Bug Class: Accessing Trapped COM Objects with IDispatch |
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. |
||
22.2.25 |
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) |
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. |
||
22.2.25 |
In this Threat Analysis report, Cybereason investigates the the Phorpiex botnet that delivers LockBit Black Ransomware (aka LockBit 3.0). |
|||
22.2.25 |
CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series |
A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall SMA 1000 Series. | ||
22.2.25 |
Fake job offers target software developers with infostealers |
|||
22.2.25 |
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges |
|||
22.2.25 | ||||
22.2.25 |
Katharine Hayhoe: The most important climate equation | Starmus highlights |
|||
22.2.25 | ||||
22.2.25 |
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10) |
|||
22.2.25 | ||||
22.2.25 |
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights |
|||
22.2.25 |
Patch or perish: How organizations can master vulnerability management |
|||
22.2.25 |
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights | |||
22.2.25 | ||||
22.2.25 |
This month in security with Tony Anscombe – January 2025 edition |
|||
22.2.25 | ||||
22.2.25 | ||||
22.2.25 |
Going (for) broke: 6 common online betting scams and how to avoid them |
|||
22.2.25 |
The evolving landscape of data privacy: Key trends to shape 2025 |
|||
22.2.25 | ||||
22.2.25 |
Under lock and key: Protecting corporate data from cyberthreats in 2025 |
|||
22.2.25 | ||||
22.2.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|||
22.2.25 | ||||
22.2.25 |
Protecting children online: Where Florida’s new law falls short |
Some of the state’s new child safety law can be easily circumvented. Should it have gone further? |
||
22.2.25 |
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe |
|||
22.2.25 |
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone |
|||
22.2.25 |
Investigating LLM Jailbreaking of Popular Generative AI Web Products |
This article summarizes our investigation into jailbreaking 17 of the most popular generative AI (GenAI) web products that offer text generation or chatbot services. | ||
22.2.25 |
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware |
While analyzing infrastructure related to Stately Taurus activity targeting organizations in countries affiliated with the Association of Southeast Asian Nations (ASEAN), Unit 42 researchers observed overlaps with infrastructure used by a variant of the Bookworm malware. |
||
22.2.25 |
This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. |
|||
22.2.25 |
Stealers on the Rise: A Closer Look at a Growing macOS Threat |
We recently identified a growing number of attacks targeting macOS users across multiple regions and industries. Our research has identified three particularly prevalent macOS infostealers in the wild, which we will explore in depth: Poseidon, Atomic and Cthulhu. We’ll show how they operate and how we detect their malicious activity. |
||
22.2.25 |
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek |
Unit 42 researchers recently revealed two novel and effective jailbreaking techniques we call Deceptive Delight and Bad Likert Judge. |
||
22.2.25 |
CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia |
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. |
||
22.2.25 |
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions |
We describe, in very general terms, how we were able to evade detection by taking advantage of statistical anomalies in the human interaction modules of several sandbox solutions. | ||
22.2.25 |
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike |
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. |
||
22.2.25 |
Efficiency? Security? When the quest for one grants neither. |
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research. |
||
22.2.25 |
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention. |
|||
22.2.25 |
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” | ||
22.2.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party |
|||
22.2.25 |
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. |
|||
22.2.25 |
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t |
During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality. | ||
22.2.25 |
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. |
|||
22.2.25 |
A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. |