Tag: INITIAL ACCESS

SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
Critical RCE Vulnerability Discovered in Veeam Backup & Replication
Summary: A critical-severity vulnerability (CVE-2025-23120) affecting Veeam Backup & Replication can lead to remote code execution by authenticated users, with a CVSS score of 9.9. This flaw impacts version 12.3.0.310 and all earlier builds, prompting urgent patching to the newly released version 12.3.1. Organizations are cautioned about the potential threats to data integrity and privilege escalation associated with this vulnerability.…
Read More
Why it’s time for phishing prevention to move beyond email
Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…
Read More
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender has uncovered a widespread ad fraud scheme utilizing over 331 malicious apps on the Google Play Store, which have amassed more than 60 million downloads. These apps display unwanted ads and attempt to extract user credentials and credit card information through phishing tactics. The campaign shows how criminals actively exploit vulnerabilities in app distribution platforms, emphasizing the need for enhanced mobile security measures.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog
Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…
Read More
Tuesday Morning Threat Report: March 18, 2025
This article discusses several significant cybersecurity incidents, including a DDoS attack on the social media platform X, multiple instances of malware infection, and breaches by foreign hacking groups. Key highlights include record fraud losses reported by the FTC, a patched vulnerability in Apple’s WebKit, and ongoing security challenges with AI-generated code hosting on GitHub.…
Read More
TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE
This article provides a detailed walkthrough of exploiting a Remote Code Execution vulnerability found in Fuel CMS 1.4.1 (CVE-2018–16763) through TryHackMe’s Ignite room. It covers the steps from enumeration to post-exploitation, emphasizing the importance of input validation and system patching for defense. Affected: Fuel CMS, web applications

Keypoints :

Exploit Remote Code Execution vulnerability in Fuel CMS 1.4.1.…
Read More
BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…
Read More
Capture the Flag: A Cybersecurity Challenge with Cado
Cado Security’s Capture the Flag (CTF) challenges provide cybersecurity professionals with an immersive environment to enhance their skills in cloud security, focusing on real-world threats like the Romanian actor DIICOT. Participants utilize the Cado Platform to learn investigation techniques, explore AWS vulnerabilities, and engage with cutting-edge forensic tools while addressing modern cloud security challenges.…
Read More
Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights
The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…
Read More
Summary: The Tenable Exposure Management Academy introduces a new series focusing on the shift from traditional vulnerability management to risk-based exposure management. This approach aims to provide comprehensive visibility and actionable insights into an organization’s exposure risks, enabling better prioritization of security efforts. The evolving landscape of cybersecurity highlights the need for cohesive strategies that address the complexities of modern threats and vulnerabilities.…
Read More
‘Mora_001’ ransomware gang exploiting Fortinet bug spotlighted by CISA in January
Summary: A new ransomware operation named Mora_001 is exploiting two vulnerabilities in Fortinet products linked to the LockBit group. The operation has led to the deployment of a ransomware strain called SuperBlack, which takes advantage of security weaknesses in Fortigate firewall appliances. Researchers warn that threat actors are targeting organizations that have not applied necessary patches to these vulnerabilities.…
Read More
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Summary: Security researchers have identified new phishing campaigns that exploit Microsoft 365, utilizing both legitimate domains and tenant misconfigurations to facilitate account takeovers. These attacks leverage various tactics, including brand impersonation and OAuth redirection, making them difficult to detect. The campaigns heavily rely on modifying organization names and creating misleading communication channels to mislead victims and steal credentials.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More