This article discusses the MITRE ATT&CK technique T1055 (Process Injection), highlighting its use by cyber threat actors to evade detection and maintain persistence. The report emphasizes the increasing complexity of malware attacks in 2024 and the common employment of process injection for privilege escalation and defense evasion. #MITREATT&CK #T1055 #ProcessInjection…
Tag: MACOS
North Korean threat actors involved in the Contagious Interview operation have expanded their software supply chain attacks by deploying a new malware loader named XORIndex in the npm ecosystem, alongside the ongoing HexEval Loader campaign. These loaders deliver multi-stage malware including BeaverTail and InvisibleFerret backdoors, targeting developers and cryptocurrency holders with sophisticated obfuscation and data exfiltration techniques. #XORIndex #HexEvalLoader #ContagiousInterview #BeaverTail #InvisibleFerret
A critical vulnerability in Wing FTP Server has been actively exploited, affecting thousands of organizations including the U.S. Air Force and Airbus. CISA has ordered urgent patching and warns that this flaw can lead to total server compromise. #WingFTPServer #CVE202547812…
GLOBAL GROUP is a newly observed ransomware-as-a-service (RaaS) operation, likely a rebranding of the Black Lock RaaS, targeting multiple sectors across the US, Europe, Australia, and Brazil with advanced malware and AI-powered ransom negotiations. The group relies heavily on Initial Access Brokers to gain network entry and deploy ransomware rapidly, emphasizing high-value targets and seven-figure ransom demands. #GLOBALGROUP #BlackLock #Mamona #Ramp4u #InitialAccessBroker
Huntress detected active exploitation of CVE-2025-47812, a null byte and Lua injection vulnerability in Wing FTP Server, on July 1, 2025. The exploit allows remote code execution at root/SYSTEM level, and attackers attempted various post-exploitation activities before being stopped by Microsoft Defender. #CVE202547812 #WingFTPServer #TrojanWin32CeproladA
![Cybersecurity News | Daily Recap [11 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Jul 2025]")
Recent cybersecurity developments include arrests linked to the Scattered Spider and DragonForce ransomware groups, highlighting significant retail sector impacts and thwarted ransomware attempts. Notable vulnerabilities such as Wing FTP Server CVE-2025-47812 and Citrix NetScaler CVE-2025-5777 continue to be exploited, emphasizing the need for urgent updates. #ScatteredSpider #DragonForce #WingFTP #CVE2025-47812 #CVE2025-5777
This week’s cybersecurity news highlights new vulnerabilities in AMD processors, espionage activities by North Korean hackers, and exposed secrets in Docker images. The reports also cover rising cybersecurity investments, evolving malware threats like ZuRu, and attacks targeting government entities in Southern Europe. #AMDVulnerabilities #NorthKoreaHacking #DockerSecrets…
Validin provides extensive HTTP/S response data that enables threat analysts to discover related malicious domains and infrastructure by pivoting on features like favicon hashes, HTTP redirects, and HTML content. The platform helps identify phishing campaigns, malicious browser extension C2 domains, and fake app download sites through detailed feature correlation and exploration. #Validin #ClickFix #MaliciousExtensions #PhishingDomains
CVE-2025-48384 is a critical vulnerability in Git CLI versions 2.50.0 and earlier that allows arbitrary file write and remote code execution via malicious repositories using the –recursive clone option. The GitHub Desktop client for macOS is also vulnerable, and no patch is currently available for it, making users advised to switch to patched Git CLI versions urgently. #CVE202548384 #GitCLI #GitHubDesktop
RenderShock is a zero-click attack framework that exploits passive file preview, indexing, and automation in modern operating systems to execute malicious payloads without user interaction. It leverages trusted system features to perform reconnaissance, credential theft, remote code execution, and persistence, posing significant stealth and detection challenges. #RenderShock #NTLMLeak #RemoteTemplateInjection
Cybersecurity researchers identified a critical vulnerability in the open-source mcp-remote project, enabling remote OS command execution. Users are urged to update to the latest version and connect only to trusted MCP servers to prevent full system compromise. #CVE-2025-6514 #Anthropic #MCP #OpenSourceSecurity…
Cybercriminals are actively targeting cryptocurrency users with social engineering campaigns that impersonate AI, gaming, and Web3 companies through fake social media accounts and legitimate platforms. The effort involves malware delivery via fake startup websites, aiming to steal digital assets on Windows and macOS systems. #Realst #AtomicStealer…
Cybersecurity experts report a surge in sophisticated spyware campaigns, including the Batavia and Atomic Stealer strains, targeting Russian firms and Mac users globally. Additionally, new botnets like RondoDox and hpingbot are exploiting vulnerabilities and enabling stealthy DDoS attacks, highlighting persistent threats to organizations worldwide. #Batavia #AtomicStealer #RondoDox #hpingbot
Atomic macOS Stealer (AMOS) has been upgraded with an embedded backdoor, enabling persistent remote access and full control over infected Macs. This evolution significantly increases the threat level, as it now facilitates long-term surveillance, keylogging, and broader system exploitation for targeted cybercriminal campaigns. #AtomicmacOSStealer #Backdoor #MacPaw #Moonlock
This cybersecurity recap highlights the abuse of legitimate tools like Inno Setup and Shellter Elite by cybercriminals to distribute stealthy malware and evade detection. It also reports on sophisticated nation-state espionage campaigns by North Korea, TAG-140, APT36, and NightEagle, targeting critical sectors across different regions. #InnoSetupAbuse #ShellterElite #NimDoor #TAG-140 #APT36 #NightEagle