Threat Research Archives - Cybersecurity News Everyday

How a Fake Meta Email Leads to Password Plunder

This article discusses a sophisticated phishing campaign targeting users of Meta Business accounts, utilizing fake alerts claiming advertising violations. The deception is heightened by the use of a fake chat support system that guides users to input sensitive account information. Immediate caution is advised for businesses relying on social media for marketing.…

Threat Research

Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer

March 24, 2025March 24, 2025 Securonix

A newly identified malware named “문서열람 인증 앱” (Document Viewing Authentication App), linked to a North Korean-backed APT group, has been detected. This malicious application poses as a legitimate document viewing tool but is designed to perform keylogging and information theft through various malicious functions. Users in South Korea are the primary targets, and the malware has connections to a phishing page that impersonates CoinSwap.…

Threat Research

Technical Advisory: Mass Exploitation of CVE-2024-4577

March 24, 2025March 24, 2025 Securonix

In June 2024, Bitdefender Labs highlighted a critical security vulnerability (CVE-2024-4577) in PHP affecting Windows systems in CGI mode, allowing remote code execution through manipulated character encoding. This vulnerability has seen an increase in exploitation attempts, especially in Taiwan and Hong Kong, with attackers also modifying firewall settings to block known malicious IPs.…

Threat Research

The New Face of PowerShell: Ransomware Powered by PowerShell-Based Attacks

March 24, 2025March 24, 2025 AnalysisSpace

This article discusses the emergence of PowerShell ransomware, which has shifted from a supporting role to being used for malicious activities, including ransomware attacks. Recent samples demonstrate its capabilities such as file encryption using tools like VeraCrypt, and the combination of AES and RSA encryption schemes.…

Threat Research

VanHelsing, new RaaS in Town

March 24, 2025 Checkpoint

VanHelsingRaaS is an emerging ransomware-as-a-service (RaaS) launched in March 2025, allowing affiliates to initiate ransomware attacks with a low deposit. It targets multiple platforms and has already infected several victims demanding significant ransom payments. The program’s rapid growth and sophisticated capabilities highlight the evolving ransomware threat.…

Threat Research

South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust Beacon

March 22, 2025March 22, 2025 Securonix

Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…

Threat Research

New Ransomware Operator Exploits Fortinet Vulnerability Duo

March 22, 2025March 22, 2025 Securonix

Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…

Threat Research

Malicious Ads Targeting Advertisers in the DNS Spotlight

March 22, 2025 CircleID

This article discusses a new phishing campaign targeting Microsoft advertisers, leveraging Google ads to obtain user login information. The research identified a variety of IoCs linked to this campaign, including domains, email addresses, and IP addresses. Findings noted a mix of old and newly created domains, with most registrations occurring in the U.S.…

Threat Research

Rapid7 MDR Supports AWS GuardDuty’s New Attack Sequence Alerts

March 22, 2025 Rapid7

AWS GuardDuty has introduced two new alerts—”Potential Credential Compromise” and “Potential S3 Data Compromise”—to enhance threat detection by correlating multiple signals over time, which aids in detecting sophisticated attacks. These improvements allow for rapid response to potential threats, supported by Rapid7’s Managed Threat Complete and InsightCloudSec services.…

Threat Research

The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants

March 22, 2025 CloudSek

A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…

Threat Research

Operation FishMedley

March 22, 2025 ESET-welivesecurity

The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…

Threat Research

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations

March 21, 2025 TrendMicro

Trend Research has identified new versions of the Albabat ransomware targeting Windows, Linux, and macOS platforms. The group is utilizing GitHub to facilitate their ransomware operations. Organizations are advised to enhance security protocols and implement preventive measures to mitigate potential ransomware attacks. Affected: Windows, Linux, macOS

Keypoints :

New versions of Albabat ransomware have been discovered, indicating a potential expansion of targets.…

Threat Research

RansomHub: Attackers Leverage New Custom Backdoor

March 21, 2025 Symantec

This article discusses a range of exploits and malware variants associated with RansomHub, Betruger, and various other threats. Notably, it highlights multiple hashes identified as indicators of compromise related to these malware family. The findings suggest significant concerns regarding the cybersecurity landscape with active threats to different platforms.…

Threat Research

Squid Werewolf Cyber Spies Masquerade as Recruiters

March 21, 2025March 22, 2025 Securonix

This article discusses a sophisticated phishing attack characterized by a deceptive email presenting a job offer. The attack utilizes a password-protected ZIP file containing an LNK file that executes commands to establish persistence and deploy a malicious DLL. It highlights the techniques used by the threat actor to conduct the attack and indicates that the operation bears similarities to prior attacks attributed to the APT37 group.…

Threat Research

VanHelsing Ransomware

March 20, 2025 Cyfirma

The CYFIRMA Research and Advisory Team has discovered the VanHelsing Ransomware, which targets Windows systems and uses advanced encryption methods, making it challenging to detect and remove. It employs double extortion tactics, threatening to leak sensitive data, and stresses the importance of proactive cybersecurity measures and incident response strategies.…

Threat Research

Dark Web Profile: FSociety (Flocker) Ransomware

March 20, 2025 SocRadar

FSociety, or Flocker ransomware, emerged as a Ransomware-as-a-Service in 2024, enabling cybercriminals to execute attacks with minimal technical skills. Utilizing double extortion tactics, it encrypts data and threatens to leak sensitive information, targeting a variety of sectors primarily in the U.S. The group collaborates with FunkSec to enhance their operations.…

Threat Research

Black Basta’s Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems

March 20, 2025 admin

Recent leaks from Black Basta’s internal chat logs highlight the gang’s strategy to leverage open source ecosystems, specifically npm and PyPI, to execute dependency confusion attacks. This research uncovers the threat posed by ransomware attacks and extortionware within these ecosystems, along with examples of historical attacks.…

Threat Research

SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset

March 20, 2025 Picussecurity

SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…

Category: Threat Research