BERT is a newly emerged ransomware group active in Europe, Asia, and the US, targeting multiple sectors including healthcare and technology with Windows and Linux variants. Their tactics involve PowerShell loaders, privilege escalation, and fast multi-threaded encryption, including forced shutdowns of ESXi virtual machines to maximize damage. #BERT #WaterPombero #ESXi #PowerShell…
Tag: INITIAL ACCESS
Threat actors are exploiting exposed JDWP interfaces in Java applications to execute remote code, deploy cryptocurrency miners, and establish persistence. They also leverage malicious botnets like Hpingbot to carry out DDoS attacks, targeting systems via weak SSH configurations. #JDWP #Hpingbot…
Critical infrastructure sectors in France were targeted by a series of zero-day exploits affecting Ivanti Cloud Services Appliance, attributed to a China-linked threat actor UNC5174. These attacks involved sophisticated attack sets and tools, highlighting the persistent threat from state-sponsored espionage groups. #UNC5174 #Houken #IvantiCloudServices…
Cisco has issued urgent patches for a critical vulnerability (CVE-2025-20309) in Unified Communications Manager that allows root access via hard-coded credentials. Several advanced threat actors, including APT28 and MuddyWater, are likely to exploit this flaw on over a thousand exposed devices worldwide. #CVE-2025-20309 #UnifiedCommunicationsManager #APT28 #MuddyWater
A new vulnerability in Cl0p’s Python data-exfiltration utility could allow attackers to execute remote commands and potentially attack the group’s infrastructure. This flaw, due to improper input validation, remains unpatched and poses a risk of internal disruption or sabotage. #Cl0p #MOVEit #RansomwareOperations…
Intelligence Group 13 is a key operational unit within Iran’s IRGC cyber command, integrating cyber-espionage, sabotage, and psychological warfare to conduct hybrid operations against adversaries. This group leverages a complex ecosystem of front companies and propaganda arms like CyberAveng3rs to execute covert intrusions, influence campaigns, and asymmetric retaliation targeting critical infrastructure and public perception. #IntelligenceGroup13 #CyberAveng3rs #ShahidKavehGroup #IRGCCyberCommand
French authorities reveal that a Chinese hacking group has targeted various sectors in France using zero-day vulnerabilities in Ivanti Cloud Services appliances. The campaign, linked to threat sets Houken and UNC5174, involves sophisticated tools and multiple stages of exploitation, aiming for intelligence and financial gains. #Houken #UNC5174…
North Korean hackers are increasingly targeting web3 and crypto organizations by infecting macOS systems with Nim-compiled malware via fake Zoom updates and impersonation tactics. Their advanced techniques include using Nim programming language, AppleScripts, and signal handlers for persistence and data exfiltration, posing significant threats to targeted entities. #PyongyangAPT #NimDoor…
North Korean threat actors employ Nim-compiled binaries and multi-stage attack chains targeting Web3 and cryptocurrency businesses on macOS, utilizing novel persistence methods and process injection techniques. Their malware leverages heavily obfuscated AppleScripts for initial access and continuous backdoor communications, along with Bash scripts to exfiltrate sensitive user data such as browser credentials and Telegram messages. #NimDoor #DPRKThreatActors #macOSMalware #ProcessInjection #AppleScriptBeacon
Cybersecurity experts warn about sophisticated phishing campaigns using brand impersonation, QR codes, and callback techniques such as TOAD to deceive victims into sharing sensitive information or installing malware. These attacks leverage trusted brands like Microsoft, Docusign, and PayPal, and utilize methods like VoIP spoofing and AI-assisted phishing to expand their reach….
Since 2018, APT-C-36, known as Blind Eagle, has targeted Latin American organizations, especially in Colombia, using phishing campaigns and exploiting vulnerabilities like CVE-2024-43451. In a recent campaign detected by Darktrace in 2025, Blind Eagle used WebDAV-based payload delivery and dynamic DNS for command-and-control, leading to data exfiltration from a Colombian customer. #BlindEagle #APT-C-36 #CVE-2024-43451 #WebDAV #Remcos
The French cybersecurity agency ANSSI has identified Houken, a sophisticated threat actor exploiting zero-day vulnerabilities in strategic sectors. Their activities include network breaches, credential theft, backdoor deployment, and deploying custom rootkits, with ties to China’s MSS-linked group UNC5174. #Houken #UNC5174 #ANSSI…
Blind Eagle, also known as APT-C-36, has been targeting Colombian organizations and other Latin American sectors since 2018 using phishing campaigns and Remote Access Trojans with sophisticated methods to evade detection. A recent 2024-2025 campaign exploited a Microsoft Windows vulnerability via malicious URLs and leveraged WebDAV protocol for payload delivery and data exfiltration, with Darktrace detecting suspicious activity and highlighting the need for autonomous response capabilities. #BlindEagle #APT-C-36 #Remcos #CVE-2024-43451
Since 2024, North Korean remote IT workers have been leveraging AI technologies like image manipulation and voice-changing software to enhance fraudulent employment operations worldwide. Microsoft tracks these activities under the codename Jasper Sleet and advises organizations to strengthen vetting and monitoring procedures to defend against this sophisticated insider threat. #JasperSleet #NorthKoreanITWorkers #Faceswap #AstrillVPN
Thousands of Citrix NetScaler instances are vulnerable to recently disclosed critical flaws, including a zero-day that is actively exploited in the wild. Prompt patching is essential to prevent potential control flow issues, denial of service, and session hijacking attacks. #CVE-2025-5777 #CVE-2025-6543…