Tag: CREDENTIAL

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…
Read More
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
Summary: Hackers linked to China-based groups, especially UAT-5918, are targeting critical infrastructure in Taiwan to gain long-term access and steal sensitive information. This malicious activity aligns with tactics used by other state-backed groups, such as Volt Typhoon and Flax Typhoon, which have been known to exploit vulnerabilities in internet-facing systems.…
Read More
VanHelsing Ransomware
The CYFIRMA Research and Advisory Team has discovered the VanHelsing Ransomware, which targets Windows systems and uses advanced encryption methods, making it challenging to detect and remove. It employs double extortion tactics, threatening to leak sensitive data, and stresses the importance of proactive cybersecurity measures and incident response strategies.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
A Deep Dive into Strela Stealer and How It Targets European Countries
The Strela Stealer is a targeted infostealer malware that primarily focuses on extracting email credentials from users of Mozilla Thunderbird and Microsoft Outlook in select European countries. Delivered through phishing campaigns, it employs sophisticated social engineering techniques to trick victims into executing its payload. The malware’s infrastructure is linked to Russian hosting services, and it utilizes complex obfuscation methods to evade detection.…
Read More
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
This article describes an ongoing malware campaign utilizing malicious WordPress plugins to spread the LummaStealer trojan. The malware trick users into running harmful PowerShell commands, thus collecting sensitive data from infected PCs. The campaign exploits fake human verification prompts primarily targeting Windows users. Affected: WordPress websites, Windows operating system users

Keypoints :

LummaStealer is an infostealer malware designed to collect sensitive data.…
Read More
Emulating the Sophisticated Chinese Adversary Salt Typhoon
Salt Typhoon, a Chinese APT group active since 2019, targets critical sectors, including Telecommunications and Government entities across multiple regions. Known for its advanced cyberespionage tactics, the group utilizes various tools and techniques to maintain access while evading detection. This includes exploiting Microsoft Exchange vulnerabilities and employing a range of persistence and privilege escalation techniques.…
Read More
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia
Summary: Recent leaks of chat logs from the Black Basta ransomware group suggest possible ties to Russian authorities. The messages reveal insights into their operations, use of AI for malicious purposes, and development of new cybercrime tools, including a brute-forcing framework aimed at corporate networks. These findings complicate efforts for Black Basta to distance itself from past activities following internal and external pressures.…
Read More
Why it’s time for phishing prevention to move beyond email
Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…
Read More
The Information Heist: Cracking the Code on Infostealers (New Hudson Rock Interview)
This podcast episode features a discussion on the evolving landscape of infostealers, highlighting new malware capabilities and delivery methods. It emphasizes the significant rise in cyber-attacks involving infostealers and suggests ways for individuals and organizations to safeguard themselves. Affected: individuals, organizations

Keypoints :

Hudson Rock’s podcast features Leonid Rozenberg discussing infostealers.…
Read More
Securing XIoT in the Era of Convergence and Zero Trust
The article discusses the rise of the Extended Internet of Things (XIoT) and its implications for cybersecurity. As connected devices proliferate, they increase automation and innovation while also expanding the attack surface for potential cyber threats. The convergence of IT and XIoT environments necessitates a shift to Zero Trust security models to safeguard critical infrastructure.…
Read More
How I Wasted 537 Dollars on the SANS Paller Scholarship without Even Being Considered as a Valid Applicant
This article recounts an individual’s challenging experience with the Paller Cybersecurity Scholarship application process, highlighting communication breakdowns, delays in credential validation by partner organizations, and unexpected financial burdens. Despite the scholarship’s promise of substantial professional development in cybersecurity, the author expresses frustration over a lack of accountability and support from SANS Institute, ultimately resulting in an unsuccessful application.…
Read More
CISA Warns of Exploited GitHub Action CVE-2025-30066 – Users Urged to Patch

Summary: A critical security vulnerability (CVE-2025-30066) has been found in the tj-actions/changed-files GitHub Action, exposing sensitive information such as access keys and tokens. The flaw has been patched in version 46.0.1, and users are urged to update their workflows immediately to mitigate potential risks. CISA has flagged this issue, emphasizing the need for organizations to enhance their security when utilizing third-party actions.…

Read More
Sneaking a Peek into the Inner DNS Workings of Sneaky 2FA
Sneaky 2FA, a phishing tool marketed through Telegram, conducted an adversary-in-the-middle attack targeting Microsoft 365 users by utilizing fake login pages. The investigation revealed numerous indicators of compromise (IoCs), including domains and IP addresses linked to malicious campaigns. The analysis aims to aid in threat detection and provide critical insights to enhance cybersecurity measures.…
Read More
Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files
A recent compromise of the tj-actions/changed-files GitHub action highlights significant risks in CI/CD pipelines stemming from third-party dependencies. Attackers exploited a vulnerability that allowed unauthorized access to sensitive workflow secrets and data breaches. The incident affected over 23,000 repositories and raised concerns about security in software supply chains.…
Read More
Targeted phishing campaign at UniPd: approximately 200 compromised credentials
A recent phishing campaign targeted the University of Padua, where malicious actors stole clear-text email and password credentials from students and staff using two fraudulent domains. The campaign affected over 190 accounts, prompting immediate steps to deactivate the fake pages and disseminate indicators of compromise (IoCs) to accredited public administrations.…
Read More