Infostealer malware linked to Lazarus Group campaigns
The article discusses the analysis of a sophisticated Python malware script utilizing Base64 encoding and ZLIB compression. The malicious code employs multiple obfuscation stages and attempts to adapt to various operating systems. The analysis reveals the delivery methods of the malware, including a campaign called “ClickFix” which utilizes social engineering tactics to manipulate users into executing malicious scripts.…
Read More
Blackfield – HTB
Blackfield is a hard-difficulty Windows machine where attackers exploit Windows and Active Directory misconfigurations. Through anonymous SMB access, attackers enumerate users, identify those vulnerable to AS-REP Roasting, and gain further access to sensitive data. The attacks involve stealing password hashes, exploiting user permissions, and culminating in full control of the domain through various techniques.…
Read More
APT QUARTERLY HIGHLIGHTS : Q4 2024
In Q4 2024, APT groups from China, North Korea, Iran, and Russia significantly escalated their cyber operations, demonstrating advanced techniques such as cyber espionage, credential theft, and disruptive assaults. These developments highlight a persistent threat to critical sectors, including government infrastructure and financial institutions worldwide. Affected: governments, critical infrastructure, defense, financial institutions, research entities

Keypoints :

APT groups showcased increasingly sophisticated techniques across a range of cyber threats in Q4 2024.…
Read More
BadDNS: Open-source tool checks for subdomain takeovers
Summary: BadDNS is a comprehensive open-source Python tool designed for DNS auditing, specifically aimed at detecting domain and subdomain takeovers. Its unique features extend beyond basic detection, providing insights into potential vulnerabilities associated with trusted domains and resources. The tool automates signature updates to ensure it remains current with the latest vulnerabilities, streamlining the auditing process for users.…
Read More
How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
Summary: AWS S3 bucket namesquatting is a significant security risk stemming from predictable naming structures that can be exploited by malicious actors. This article outlines the potential consequences of such vulnerabilities, including unauthorized access and traffic redirection, while emphasizing mitigation strategies. Varonis offers solutions to prevent and remediate S3 bucket namesquatting and related security issues in the AWS environment.…
Read More
GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine’s Largest State-Owned Bank
UAC-0006 is conducting sophisticated phishing campaigns targeting PrivatBank customers in Ukraine. By utilizing password-protected files containing malicious scripts, they manage to bypass security measures effectively. The campaign shows signs of technological overlap with the tactics used by the Russian APT group FIN7, indicating possible collaborative or inspired threat activities.…
Read More
Zyxel Telnet Vulnerabilities – Blog – VulnCheck
VulnCheck has uncovered vulnerabilities in several Zyxel Customer Premises Equipment (CPE) routers that allow unauthenticated code execution via Telnet, posing serious security risks. Ongoing exploitation is observed in the wild, emphasizing the need for urgent attention, despite these routers being out of support. Affected: Zyxel CPE routers (VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, etc.)…
Read More
Summary: Microsoft has patched a critical elevation of privilege vulnerability (CVE-2025-21293) in Active Directory Domain Services, which could allow an attacker to escalate privileges to SYSTEM. Discovered by researcher Sebastian Sadeq Birke, the vulnerability stems from excessive permissions granted to the “Network Configuration Operators” group. A proof-of-concept exploit has been published, and organizations are urged to apply the security update promptly to mitigate risks.…
Read More
Stealers on the Rise: A Closer Look at a Growing macOS Threat
The study highlights a surge in macOS infostealers targeting users across various sectors. Notably, the Atomic, Poseidon, and Cthulhu stealers are prevalent, employing advanced techniques to collect sensitive information, leading to significant risks for data breaches and financial losses. It emphasizes the importance of proactive security measures and utilizes detection tools like Cortex XDR to combat these threats.…
Read More
US-CERT Vulnerability Summary for the Week of January 27, 2025 – RedPacket Security
The CISA Vulnerability Bulletin highlights a range of new vulnerabilities reported in various software and systems, emphasizing their classification based on severity levels. It includes notable CVEs affecting several platforms, detailing the potential impacts and exploit details for critical, high, and medium vulnerabilities. Affected vulnerabilities can lead to SQL injection, unauthorized data access, buffer overflows, and other severe consequences.…
Read More
XE Group: From Credit Card Skimming to Exploiting Zero-Days
XE Group, a long-standing cybercriminal organization, has shifted its focus from credit card skimming to sophisticated targeted information theft using newly discovered vulnerabilities. Their operations underscore their adaptability and persistent threat to supply chains in the manufacturing and distribution sectors. Affected: Manufacturing and Distribution sectors, VeraCore software, Supply Chains

Keypoints :

XE Group has been active since at least 2013, initially focusing on credit card skimming and password theft.…
Read More
DNSFilter’s Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
Summary: DNSFilter has released its 2025 Annual Security Report highlighting a significant rise in malicious DNS requests from 2023 to 2024. The report notes that one in every 174 DNS requests is now malicious, with dramatic increases in phishing and AI-related activities. This emphasizes the ongoing threat landscape and the importance of DNSFilter’s role in protecting organizations and individuals from cyber threats.…
Read More
RST TI Report Digest: 03 Feb 2025
This report synthesizes findings from 51 threat intelligence articles, highlighting key cyber threats and actors targeting various sectors. Notable threats include LockBit ransomware, the TorNet backdoor campaign, and QBot resurgence, utilizing sophisticated tactics and diverse malware. Affected: financial institutions, government entities, telecommunications, general cybersecurity sector

Keypoints :

A rise in cyber attacks targeting financial institutions and government sectors.…
Read More
Cyber Defence Frameworks
A Cyber Defence Framework (CDF) provides structured guidelines and methodologies to protect digital assets from cyber threats. Key components include identifying assets, implementing security controls, detecting threats, responding to incidents, and recovering from attacks. Important concepts discussed include the Pyramid of Pain, Cyber Kill Chain, Unified Kill Chain, and the Diamond Model for analyzing threats.…
Read More