Tag: DISCOVERY

Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime.…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog
Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…
Read More
TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE
This article provides a detailed walkthrough of exploiting a Remote Code Execution vulnerability found in Fuel CMS 1.4.1 (CVE-2018–16763) through TryHackMe’s Ignite room. It covers the steps from enumeration to post-exploitation, emphasizing the importance of input validation and system patching for defense. Affected: Fuel CMS, web applications

Keypoints :

Exploit Remote Code Execution vulnerability in Fuel CMS 1.4.1.…
Read More
Unraveling Time: A Deep Dive into TTD Instruction Emulation Bugs
This article delves into Microsoft’s Time Travel Debugging (TTD) framework, emphasizing the importance of accurate CPU instruction emulation for reliable debugging and security analysis. It highlights various emulation bugs discovered within TTD that could mislead investigations and emphasizes the need for continuous improvements to maintain the integrity of investigative tools.…
Read More
Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights
The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…
Read More
New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
Unmasking Hidden Threats: How BeVigil Secures Apache ActiveMQ from Cyber Risks
This article highlights the importance of securing open-source solutions like Apache ActiveMQ, especially when vulnerabilities arise from default configurations. A recent analysis by BeVigil exposed numerous ActiveMQ instances utilizing default admin credentials, which could lead to serious risks, including Remote Code Execution (RCE) and unauthorized system access.…
Read More

Summary: The video discusses a hacker’s discovery of a critical security vulnerability in a multi-billion dollar financial giant’s API, which had been overlooked for years. The hacker utilized automation and AI to expose sensitive user data, transforming a medium-severity bug into a high-risk threat. The tutorial invites viewers to learn from the experience and emphasizes the potential to find overlooked vulnerabilities in seemingly secure systems.…
Read More
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Summary: A supply chain compromise has affected the popular GitHub Action tj-actions/changed-files, leading to the unauthorized exposure of CI/CD secrets across over 23,000 repositories. The attackers modified the action’s code to leak sensitive information, including AWS access keys and GitHub Personal Access Tokens, although there is no evidence of data exfiltration to attacker-controlled infrastructure.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services
Summary: Nvidia has issued patches for two significant vulnerabilities in its Riva AI services that could enable hackers to exploit its functionalities. The issues involve improper access controls, allowing for potential privilege escalation and denial of service attacks. Both vulnerabilities affect earlier versions of Riva (2.18 and prior) and are critical for users to address promptly to avoid unauthorized access.…
Read More
Decrypting Zoom Team Chat: Forensic Analysis of Encrypted Chat Databases
This article delves into the complexities of analyzing Zoom Team Chat artifacts within a digital forensic framework, highlighting the challenges posed by data encryption and the necessity for both local and server-side keys. The forensic analysis focuses on user activity tracking through various applications, culminating in the extraction of crucial communication data from Zoom Team Chat.…
Read More
What Is The New Steganographic Campaign Distributing Multiple Malware
This web content discusses a sophisticated steganographic malware campaign involving various stealer malware such as Remcos and AsyncRAT. The campaign employs multiple stages of infection beginning with a phishing email containing an exploit that leads to the downloading of malicious payloads. It emphasizes the need for robust cybersecurity practices to protect against such advanced threats.…
Read More