U.S. and European governments have issued updated warnings about the Akira ransomware gang, revealing new tactics and vulnerabilities exploited in attacks on organizations like hospitals, schools, and businesses. Akira has ties to the defunct Conti group and has stolen over $244 million, targeting sectors such as healthcare, manufacturing, and education. #Akira…
Tag: EDR
The U.S. CISA warns that the Akira ransomware group poses an imminent threat to critical infrastructure and uses various exploits and tactics for initial access and persistence. The group has accumulated over $244 million in ransom payments and continues to exploit known vulnerabilities to execute attacks. #AkiraRansomware #Vulnerabilities #CISA…
This bulletin covers the latest developments in cybersecurity, including new threats, legal measures, and technological defenses. It highlights ongoing battles between hackers and security defenders across various sectors and regions. #IntelDataBreach #OWASP #MetaPhishing #RussianDrones…
Yurei is a Go‑based ransomware first identified in September 2025 that encrypts corporate files using ChaCha20‑Poly1305 and protects per-file encryption keys with secp256k1‑ECIES, then extorts victims via a dedicated dark web site. Known victims include organizations in Sri Lanka and Nigeria across transportation, IT software, marketing and food & beverage, with…
This article emphasizes the importance of shifting from traditional signature-based security measures to behavior-driven detection to combat modern ransomware threats effectively. It advocates for a unified, cloud-native approach like SASE that integrates detection, prevention, and operational controls to minimize damage and improve response times. #MITREATT&CK #TTPs…
Microsoft’s November 2025 Patch Tuesday fixes 63 security issues, including an actively exploited zero-day in the Windows Kernel. The update emphasizes the importance of prompt patching to prevent significant attacks on Microsoft products like Office, Windows, and Azure services. #CVE2025-62215 #WindowsKernel #MicrosoftOffice #AzureSecurity…
Cyber threat actors exploit WhatsApp Web and email vulnerabilities to spread banking malware targeting Brazilian users. The campaigns involve sophisticated techniques, code overlaps, and remote command-and-control systems linked to the Water Saci and Coyote threats. #WaterSaci #Coyote #BrazilianBanks…
Microsoft’s recent Patch Tuesday updates have addressed over 60 vulnerabilities, including a critical Windows kernel zero-day (CVE-2025-62215) that has been exploited in attacks. These fixes improve security across Windows, Office, Visual Studio, and other Microsoft products, highlighting ongoing threats and patch efforts. #CVE202562215 #WindowsKernelZeroDay…
.png "CrashOne – A Starbucks Story – CVE-2025-24277")
A race in osanalyticshelperd’s crash-report creation allowed an attacker to combine sandbox-extension abuse, XPC message manipulation, and a non-atomic rename to place files (including a sudoers entry) as root on macOS, enabling local privilege escalation (CVE-2025-24277) and potential sandbox escape. The issue was fixed by restricting the XPC call with the entitlement com.apple.private.osanalytics.write-logs.allow. #osanalyticshelperd #CVE-2025-24277
Microsoft’s November 2025 Patch Tuesday releases security updates addressing 63 flaws, including a zero-day actively exploited in the Windows Kernel. Key vulnerabilities include Critical remote code execution and privilege escalation flaws, with a focus on critical systems like Windows and Microsoft Office. #WindowsKernel #CVE202562215
Threat intelligence gathers and contextualizes external data about who might attack, their motives, and relevant indicators, while threat hunting proactively searches internal environments for hidden or ongoing intrusions that defenses missed. Together they form a feedback loop that improves detection, prioritization, and response by enriching hunts with intelligence and feeding findings back into intelligence programs. #RecordedFuture
A large-scale malspam campaign is using GLS-branded emails with an attached XHTML that decodes obfuscated JavaScript to redirect victims to a Netlify-hosted phishing site that uses the ClickFix social-engineering technique to trick users into pasting and running terminal commands. Analysis of a downloaded binary found a SETTINGS resource matching Remcos RAT configuration, indicating likely Remcos-based remote access and data-stealing activity. #Remcos
The Browser Security Report 2025 highlights how the browser has become the central threat surface for enterprise security, especially with increasing AI and SaaS adoption. It reveals significant gaps in traditional security controls like DLP and EDR in monitoring browser-based risks such as data exfiltration through GenAI, extensions, and session hijacking….
A new KONNI-linked campaign abused Google’s Find Hub to remotely wipe Android devices after compromising Google accounts and used KakaoTalk to distribute MSI-based malware disguised as “stress-relief” programs. The campaign targeted South Korea, impersonated counselors and other trusted contacts, and relied on AutoIt-based RAT loaders and multi-stage C2 infrastructure. #KONNI #FindHub
Kimsuky used a small initial JavaScript (Themes.js) to download additional JavaScript stages from iuh234.medianewsonline[.]com, collect system/process/file information, package results into .cab files via certutil, and exfiltrate them via POST requests. The intrusion established persistence by writing Themes.js to %APPDATA%MicrosoftWindowsThemes and creating a scheduled task “Windows Theme Manager”; #Kimsuky #iuh234.medianewsonline