Tag: HUNT

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
The report discusses persistent vulnerabilities in VPN infrastructures, specifically CVE-2018-13379 and CVE-2022-40684, which remain critical targets for cybercriminals and state-sponsored actors. The analysis highlights a surge in discussions about Fortinet VPN exploits, revealing a 4,223% increase in related chatter on cybercriminal forums and emphasizing the need for improved defenses.…
Read More
KeyPlug_Malware_Exposure
A brief exposure of a server linked to KeyPlug malware revealed advanced tooling likely used in ongoing operations, including Fortinet exploit scripts, a webshell, and reconnaissance scripts aimed at a major Japanese company’s internal systems. Although the server was live for less than a day, it provides critical insights into the adversary’s operational tactics and targeting methods.…
Read More
RSA Conference 2025 Announcements Summary (Day 1) 
Summary: The RSA Conference 2025 in San Francisco has showcased numerous product and service announcements from various cybersecurity companies. Highlights include innovative AI solutions for employee security training, identity vulnerability management, and threat detection. This digest encapsulates the key developments and tools introduced to enhance cybersecurity landscape during the conference.…
Read More
Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie
The report identifies three cryptocurrency companies—BlockNovas LLC, Angeloper Agency, and SoftGlide LLC—as fronts for the North Korean APT group known as Contagious Interview. Through fake job offers, they deploy various strains of malware, including BeaverTail, InvisibleFerret, and OtterCookie, targeting unsuspecting cryptocurrency job seekers. The threat actors utilize AI-generated employee profiles and exploit job listing platforms to execute their scheme.…
Read More
Sock(et) Puppet: How RansomHub Affiliates Pull the Strings
eSentire’s Threat Response Unit (TRU) has identified a sophisticated cyberattack utilizing SocGholish malware to collect system information and deploy a Python-based backdoor linked to the RansomHub ransomware group. The incident began with a compromised WordPress site tricking the victim into downloading malicious software. The TRU team isolated the affected host and provided recommendations for improving security measures against similar threats.…
Read More

Summary: The video discusses the aftermath of the recent 4chan hack, including the site’s potential shutdown due to loss of staff and a leaked email indicating a reboot. It also highlights the hacking incident involving Troy Hunt, the owner of Have I Been Pwned, where he fell victim to a fishing attack that compromised sensitive data of his mailing list subscribers.…
Read More
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
A sophisticated APT group known as Earth Kurma is conducting cyberespionage against government and telecommunications organizations in Southeast Asia, primarily utilizing advanced malware, rootkits, and trusted cloud services for data exfiltration. Their operations pose significant risks, including credential theft and prolonged undetected access to sensitive data.…
Read More
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
This blog entry reveals North Korea’s prominent role in cybercrime, specifically highlighting how the Void Dokkaebi actor employs Russian IP addresses and anonymization networks to facilitate its malicious activities. Trend Research points to several Russian IP ranges used for these cyber crime campaigns which include social engineering aimed at IT professionals to steal cryptocurrency.…
Read More
XDR: Introduction – TryHackMe Walkthrough Writeup
Microsoft Defender XDR is a comprehensive cybersecurity solution that integrates data from various sources to improve threat detection, response times, and forensic investigations. It offers a unified platform that enhances security across endpoints, identities, emails, and cloud applications. This resource is aimed at helping security teams manage advanced threats effectively using automated tools and insights.…
Read More
APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys
Summary: Researchers have identified potential malicious infrastructure tied to the Iranian threat group APT34, targeting various sectors through impersonation of organizations. This infrastructure, operated primarily on M247 Europe SRL servers, employs tactics such as SSH key reuse and deceptive HTTP responses to mask its intentions. These indicators provide crucial insights for cybersecurity defenders to proactively monitor and disrupt future operations.…
Read More
Kenzo Security Raises .5 Million for Agentic AI Security Operations Platform
Summary: Kenzo Security has launched its AI-driven security operations platform with .5 million in funding. The platform employs specialized AI agents that work collaboratively to assist security teams in threat detection and risk investigation. Founded by industry veterans, Kenzo aims to revolutionize how security teams utilize AI in their operations.…
Read More
100 Days of YARA: Writing Signatures for .NET Malware
This article discusses the limitations of YARA signatures for .NET assemblies that rely solely on strings and explores enhanced detection methodologies, including the use of IL code, method signatures, and specific custom attributes. The piece emphasizes the importance of understanding .NET metadata structures for crafting effective signatures, even in the absence of malicious samples.…
Read More
In our analysis of FOG ransomware, we discovered nine samples uploaded to VirusTotal, linked to the Department of Government Efficiency (DOGE). These ransomware samples were distributed via email, showcasing the ongoing threat posed by FOG ransomware. The investigation revealed various attack vectors and the involvement of multiple sectors, highlighting the need for proactive cybersecurity measures.…
Read More
I Didn’t Plan to Find a P1… But My Script Had Other Plans
This article recounts the author’s journey into ethical hacking after discovering a YouTube video about misconfigured S3 buckets. Inspired to create a tool for efficiently identifying such misconfigurations, the author successfully located sensitive information, leading to a substantial bug bounty reward. Affected: S3 buckets, sensitive data, cybersecurity community

Keypoints :

The author was inspired by a YouTube video on finding misconfigured S3 buckets.…
Read More
UNC5221 is a suspected China-nexus cyber-espionage group targeting edge network devices through zero-day exploits, particularly Ivanti’s Pulse Connect Secure/Ivanti Connect Secure (ICS) VPN appliances. A critical vulnerability (CVE-2025-22457) has been exploited since March 2025, allowing unauthorized network access and deployment of custom malware. The campaign has affected organizations globally, especially in the U.S.,…
Read More