FrigidStealer is a macOS-targeting information-stealing malware that disguises itself as a browser update to exfiltrate sensitive user data, including credentials and cryptocurrency wallets. This article explains its behavior and demonstrates how to detect FrigidStealer using Wazuh custom decoders and rules on macOS endpoints. #FrigidStealer #EvilCorp
Tag: DNS
The ESC6 attack is a sophisticated privilege escalation technique exploiting misconfigurations in Active Directory Certificate Services (ADCS). It allows attackers to impersonate high-privilege users by issuing legitimate certificates, often bypassing detection. #ESC6 #ActiveDirectoryCertificateServices
Aquatic Panda is a Chinese state-sponsored cyberespionage group linked to the contractor i-Soon, focused on long-term intelligence gathering and surveillance of government, NGOs, academic, and ideological targets worldwide. Utilizing advanced modular malware like ShadowPad and stealthy techniques, the group operates within China’s broader cyber network alongside entities such as Winnti, driven by objectives of state surveillance and influence. #AquaticPanda #ChineseAPT #Cyberespionage #ShadowPad #iSoon #Winnti #MSS
PupkinStealer is a newly discovered .NET-based information-stealing malware designed to extract browser passwords, app session tokens, and files, exfiltrating data through Telegram’s Bot API. Originating from Russian-speaking cybercriminal groups, it targets Windows users indiscriminately and emphasizes rapid data theft without persistence mechanisms. #PupkinStealer #InfoStealer #Telegram #WindowsMalware #Cybercrime
A threat actor known as ‘Hazy Hawk’ is hijacking forgotten DNS CNAME records that point to abandoned cloud services, enabling them to take control of trusted subdomains of high-profile organizations and use them for malicious activities. This technique facilitates scams, fake apps, and malicious redirects, posing significant cybersecurity risks. #HazyHawk #DNSHijacking #CyberThreats #MaliciousDomains #OrganizationalSecurity
Hazy Hawk is a threat actor that hijacks abandoned cloud and DNS resources of high-profile organizations to host scams and malware, utilizing trusted domains to enhance credibility. Their operations involve redirecting victims through sophisticated URL redirection and flooding devices with malicious push notifications. #HazyHawk #DNSCNAMEHijacking #CloudResourceAbuse…
An unknown actor has been creating malicious Chrome browser extensions since early 2024, using fake websites to lure users into installing these extensions. These extensions provide some legitimate functionality but also connect to attacker-controlled servers to steal data, execute arbitrary code, and manipulate network traffic. #ChromeExtensions #Malware #BrowserSecurity #FakeWebsites #DataTheft
Chinese nation-state APT groups exploited an unauthenticated file upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer to gain persistent remote access to critical infrastructure networks globally. This wide-ranging campaign targeted essential services and government entities across multiple countries, using sophisticated webshells and multi-stage malware to maintain stealthy control and enable espionage. #APT, #SAPNetWeaver, #CVE202531324, #China, #CriticalInfrastructure, #Webshell, #Malware
Cisco Talos uncovered multiple cyber espionage campaigns conducted by the Lotus Blossom group targeting sectors such as government, manufacturing, telecommunications, and media. The attackers utilized custom variants of the Sagerunex tool combined with traditional C&C servers and legitimate cloud services to maintain persistence and control. #LotusBlossom #CiscoTalos
Several ransomware groups are leveraging the Skitnet malware to enhance their post-exploitation capabilities, including data theft and remote control. This versatile malware is currently impacting organizations targeted by Black Basta and other ransomware operators. #Organizations #CybersecuritySystem…
This cybersecurity report provides an in-depth analysis of the latest cyber threats, attack techniques, and trends observed through DNS activity data from Cisco Umbrella. It highlights key threat categories such as Information Stealers, Trojans, and Ransomware, offering insights into their behaviors and impact on organizations. #Organizations #CybersecuritySystems
Cloudflare has joined CISA’s “Secure by Design” pledge to strengthen transparency and best practices in vulnerability disclosure, reinforcing its commitment to securing digital ecosystems. The company actively issues and manages CVEs for its products while promoting open collaboration and responsible disclosure to protect customers and partners. #Cloudflare #CISA
Ransomware gangs are increasingly adopting Skitnet, a stealthy malware for post-exploitation activities on breached networks. This malware facilitates covert control, remote access, and data exfiltration, complicating detection efforts.Affected: Ransomware gangs, enterprise networks
LeakedData, emerging in December 2024, is the operational front of the Silent Ransom Group, a Conti ransomware offshoot that shifted from ransomware encryption to targeted data extortion using social engineering and legitimate remote management tools. The group primarily targets U.S.-based law firms, insurance providers, and financial services companies to maximize extortion leverage by threatening data leaks. #SilentRansomGroup #LeakedData #ContiRansomware
Tor has introduced Oniux, a new command-line tool that securely routes Linux applications through the Tor network using Linux namespaces for enhanced isolation. Unlike traditional methods like torsocks, Oniux provides leak-proof, kernel-enforced anonymization for any Linux app. Affected: Linux systems, Tor network infrastructure