BLOG 2024  AI blog  APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog  2024  2023

H  January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29)  February(72)  March()

DATE

NAME

Info

CATEG.

WEB

8.3.25 Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security DeepSeek-R1 uses Chain of Thought (CoT) reasoning, explicitly sharing its step-by-step thought process, which we found was exploitable for prompt attacks. AI blog Trend Micro
8.3.25 Malvertising campaign leads to info stealers hosted on GitHub Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain. Malware blog Microsoft blog
8.3.25 Uncovering .NET Malware Obfuscated by Encryption and Virtualization We will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a sandbox performing static analysis to extract crucial malware configuration parameters from such samples. Malware blog Palo Alto
8.3.25 Unmasking the new persistent attacks on Japan Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities. Exploit blog

Cisco Blog

8.3.25 Who is Responsible and Does it Matter? Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter. Cyber blog

Cisco Blog

8.3.25 Kids behaving badly online? Here's what parents can do By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age Cyber blog Eset
8.3.25 Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution AI blog

Eset

8.3.25 Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media Cyber blog

Eset

1.3.25 JavaGhost’s Persistent Phishing Attacks From the Cloud Unit 42 researchers have observed phishing activity that we track as TGR-UNK-0011. We assess with high confidence that this cluster overlaps with the threat actor group JavaGhost. The threat actor group JavaGhost has been active for over five years and continues to target cloud environments to send out phishing campaigns to unsuspecting targets. Phishing blog Palo Alto
1.3.25 Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations This article reviews a cluster of malicious activity that we identify as CL-STA-0049. Since at least March 2023, a suspected Chinese threat actor has targeted governments, defense, telecommunication, education and aviation sectors in Southeast Asia and South America. Malware blog

Palo Alto

1.3.25 RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector Malware targeting macOS systems is increasingly pervasive in our current threat landscape. Most of the associated threats are cybercrime-related, ranging from information stealers to cryptocurrency mining. Over the past year, we have witnessed an increase in cybercrime activity linked to North Korean nation-state APT groups. Malware blog

Palo Alto

1.3.25 Auto-Color: An Emerging and Evasive Linux Backdoor Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation. Malware blog

Palo Alto

1.3.25 Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign While the abuse of vulnerable drivers has been around for a while, those that can terminate arbitrary processes have drawn increasing attention in recent years. As Windows security continues to evolve, it has become more challenging for attackers to execute malicious code without being detected. APT blog Checkpoint
1.3.25 Modern Approach to Attributing Hacktivist Groups Over the past few decades, hacktivism has been, in a lot of cases, characterized by minor website defacements and distributed denial-of-service (DDoS) attacks, which, while making headlines, had minimal lasting impact. BigBrother blog Checkpoint
1.3.25 Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools APT blog

Cisco Blog

1.3.25 Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. APT blog

Cisco Blog

1.3.25 Your item has sold! Avoiding scams targeting online sellers There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. Spam blog

Cisco Blog

1.3.25 Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

While today’s artificial intelligence excels at recognizing patterns, Schölkopf's talk raises a crucial question: what is the next great leap for AI?

AI blog Eset
1.3.25 This month in security with Tony Anscombe – February 2025 edition Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news Ransom blog

Eset

1.3.25 Laurie Anderson: Building an ARK | Starmus highlights The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times Cyber blog

Eset

1.3.25 Deceptive Signatures: Advanced Techniques in BEC Attacks Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. Spam blog

Cybereason

22.2.25

Updated Shadowpad Malware Leads to Ransomware Deployment In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication. Malware blog

Trend Micro

22.2.25

Chinese-Speaking Group Manipulates SEO with BadIIS This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. APT blog

Trend Micro

22.2.25

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, and maintain control over compromised systems. APT blog

Trend Micro

22.2.25

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Vulnerebility blog

Trend Micro

22.2.25

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. Malware blog

Trend Micro

22.2.25

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. Vulnerebility blog

Trend Micro

22.2.25

Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions. Malware blog

SonicWall

22.2.25

Russian Threat Group CryptoBytes is Still Active in the Wild with UxCryptor The SonicWall Capture Labs threat research team has recently been analyzing malware from the CryptoBytes hacker group. UxCryptor is a ransomware strain associated with the CryptoBytes group, a financially motivated Russian cybercriminal organization. It has been active since at least 2023. The group is known for leveraging leaked ransomware builders to create and distribute their malware. Cryptocurrency blog

SonicWall

22.2.25

NIS2: Cybersecurity Becomes Law in Europe NIS2 builds on the original directive to strengthen cybersecurity standards, ensuring greater protection for EU networks and increased accountability for organizations. Cyber blog

SonicWall

22.2.25

GCleaner is Packed and Ready to Go This week, the SonicWall Capture Labs threat research team investigated a sample of GCleaner, a Themida-packed malware variant that downloads and drops additional malware, has C2, heavy anti-analysis/anti-VM, and evasion capabilities. GCleaner will also attempt to infect removable drives by encryption or to spread to other systems. Malware blog

SonicWall

22.2.25

Critical Wazuh RCE Vulnerability (CVE-2025-24016): Risks, Exploits and Remediation SonicWall Capture Labs threat research team has become aware of a critical remote code execution (RCE) vulnerability in Wazuh Server (CVE-2025-24016) and has implemented mitigating measures Vulnerebility blog

SonicWall

22.2.25

Microsoft Security Bulletin Coverage for February 2025 Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities. Vulnerebility blog

SonicWall

22.2.25

Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-8856, assessed its impact, and developed mitigation measures for this vulnerability. Since it is tied to CWE-434 (“Unrestricted Upload of File with Dangerous Type”) and listed in CISA bulletins, it signals a strong likelihood of active exploitation. Vulnerebility blog

SonicWall

22.2.25

The Bug Report - January 2025 Edition

Explore January 2025’s top CVEs, from RTF exploits to command injection chaos. Stay ahead with insights, PoCs, and patch recommendations. Protect your systems now!

Cyber blog

Trelix

22.2.25

Cyber Threat Landscape Q&A with Trellix Head of Threat Intelligence John Fokker

We sat down with Trellix Head of Threat Intelligence John Fokker to get his thoughts on the most pressing cyber threats of 2025 and biggest takeaways from 2024.

Cyber blog

Trelix

22.2.25

Windows Bug Class: Accessing Trapped COM Objects with IDispatch

Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries.

Vulnerebility blog

Project Zero

22.2.25

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)

Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows.

Vulnerebility blog

Project Zero

22.2.25

Phorpiex - Downloader Delivering Ransomware

In this Threat Analysis report, Cybereason investigates the the Phorpiex botnet that delivers LockBit Black Ransomware (aka LockBit 3.0).

Ransom blog

Cybereason

22.2.25

CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series

A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall SMA 1000 Series.

Vulnerebility blog

Cybereason

22.2.25

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

Malware blog

Eset

22.2.25

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

Malware blog

Eset

22.2.25

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Spam blog

Eset

22.2.25

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Cyber blog

Eset

22.2.25

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

Cyber blog

Eset

22.2.25

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

Cyber blog

Eset

22.2.25

How AI-driven identify fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

AI blog

Eset

22.2.25

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

AI blog

Eset

22.2.25

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Vulnerebility blog

Eset

22.2.25

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

AI blog

Eset

22.2.25

How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

AI blog

Eset

22.2.25

This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

AI blog

Eset

22.2.25

Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

AI blog

Eset

22.2.25

Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Cyber blog

Eset

22.2.25

Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

Cyber blog

Eset

22.2.25

The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

Cyber blog

Eset

22.2.25

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

APT blog

Eset

22.2.25

Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

Cyber blog

Eset

22.2.25

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Vulnerebility blog

Eset

22.2.25

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Vulnerebility blog

Eset

22.2.25

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

AI blog

Eset

22.2.25

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Cyber blog

Eset

22.2.25

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

Cryptocurrency blog

Eset

22.2.25

State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

Ransom blog

Eset

22.2.25

Investigating LLM Jailbreaking of Popular Generative AI Web Products

This article summarizes our investigation into jailbreaking 17 of the most popular generative AI (GenAI) web products that offer text generation or chatbot services.

AI blog

Palo Alto

22.2.25

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware

While analyzing infrastructure related to Stately Taurus activity targeting organizations in countries affiliated with the Association of Southeast Asian Nations (ASEAN), Unit 42 researchers observed overlaps with infrastructure used by a variant of the Bookworm malware.

Malware blog

Palo Alto

22.2.25

Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit

This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit.

Vulnerebility blog

Palo Alto

22.2.25

Stealers on the Rise: A Closer Look at a Growing macOS Threat

We recently identified a growing number of attacks targeting macOS users across multiple regions and industries. Our research has identified three particularly prevalent macOS infostealers in the wild, which we will explore in depth: Poseidon, Atomic and Cthulhu. We’ll show how they operate and how we detect their malicious activity.

OS Blog

Palo Alto

22.2.25

Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek

Unit 42 researchers recently revealed two novel and effective jailbreaking techniques we call Deceptive Delight and Bad Likert Judge.

BigBrother blog

Palo Alto

22.2.25

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization.

BigBrother blog

Palo Alto

22.2.25

The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions

We describe, in very general terms, how we were able to evade detection by taking advantage of statistical anomalies in the human interaction modules of several sandbox solutions.

Exploit blog

Checkpoint

22.2.25

Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike

This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access.

Exploit blog

Cisco Blog

22.2.25

Efficiency? Security? When the quest for one grants neither.

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

Cyber blog

Cisco Blog

22.2.25

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

APT blog

Cisco Blog

22.2.25

Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.”

Vulnerebility blog

Cisco Blog

22.2.25

ClearML and Nvidia vulns

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party

Vulnerebility blog

Cisco Blog

22.2.25

Changing the narrative on pig butchering scams

Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.

Spam blog

Cisco Blog

22.2.25

Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality.

Vulnerebility blog

Cisco Blog

22.2.25

Changing the tide: Reflections on threat data from 2024

Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.

Cyber blog

Cisco Blog

22.2.25

Google Cloud Platform Data Destruction via Cloud Build

A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family.

Cyber blog

Cisco Blog