CISA has added critical vulnerabilities in WhatsApp and TP-link devices to its Known Exploited Vulnerabilities catalog, highlighting recent cyber threats. These vulnerabilities pose risks to both individual users and federal agencies if not addressed promptly. #CISA #TPLinkVulnerabilities #WhatsAppExploits…
Tag: MACOS
A critical security flaw was added to CISA’s KEV catalog affecting TP-Link TL-WA855RE Wi-Fi Extenders, with active exploitation reported. A separate vulnerability involving WhatsApp was also noted, linked to a targeted spyware campaign. #CISA #TPLinkVulnerability #WhatsAppSpyware…
WhatsApp addressed a zero-day vulnerability (CVE-2025-55177) that could have been exploited for targeted attacks, especially when combined with an Apple OS-level vulnerability (CVE-2025-43300). The flaw involved incomplete device authorization and could allow malicious URLs to be processed on targeted devices, potentially leading to sophisticated attacks. #WhatsApp #CVE2025-55177 #AppleVulnerabilities #NSOGroup #Pegasus…
Mosyle discovered a new Mac malware strain named JSCoreRunner that spreads via a fake file-conversion site (fileripple[.]com) and evaded VirusTotal detections at discovery, using a two-stage installer to disable macOS quarantine and deliver a second unsigned payload. The malware hijacks Google Chrome search settings to redirect users to a fraudulent search engine, enabling keylogging, phishing, and potential data/financial theft. #JSCoreRunner #FileRipple #fileripple
![Threat Research | Weekly Recap [31 Aug 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [31 Aug 2025]")
This weekly recap highlights recent developments in cybersecurity threats, including cloud-based ransomware campaigns by Storm-0501 and ongoing double-extortion attacks by groups like Lynx/Sinobi. It also covers sophisticated espionage activities by threat actors such as UNC6384, APT37, and Silver Fox, along with emerging malware, supply-chain attacks, and evasive techniques used to bypass security measures. Stay vigilant against evolving threats and enhance defenses using new detection tools and operational strategies. #Storm0501 #LynxSinobi #UNC6384 #APT37 #SilverFox
[T1036 ] Masquerading – Adversaries alter file names, locations, metadata, or service/task identifiers to appear legitimate and evade detection, often using subtle tricks like Unicode overrides or fake extensions to fool users and tools. #Masquerading #DefenseEvasion
[T1033 ] System Owner/User Discovery – Adversaries probe systems to identify who owns or is using a device to guide next steps, such as privilege escalation or targeted lateral movement. Knowing active users helps attackers choose tailored actions and avoid noisy behavior. #SystemOwnerDiscovery #UserDiscovery
[T1030 ] Data Transfer Size Limits – Attackers may split stolen data into many small, fixed-size chunks or limit packet sizes to slip under network transfer thresholds and alerts. Monitoring for unusual asymmetric flows, regular small-packet patterns, and new network-using processes helps spot this exfiltration method. #DataExfiltration #NetworkSecurity
[T1029 ] Scheduled Transfer – Scheduled transfer is when attackers time data exfiltration to occur at predictable times or intervals to blend with normal activity and avoid detection. It often pairs with other exfiltration methods like C2 channels or alternative protocols to move data out stealthily. #ScheduledTransfer #DataExfiltration
[T1027.017 ] Obfuscated Files or Information: SVG Smuggling – SVG smuggling hides malicious JavaScript or payloads inside seemingly harmless SVG image files to bypass content filters and fool users, enabling delivery of malware, credential theft, or redirects to malicious sites. #SVGSmuggling #DefenseEvasion
[T1027.016 ] Obfuscated Files or Information: Junk Code Insertion – Junk or dead code is added to malware to hide real functionality and slow analysis, often combined with packing or compression to evade static detection. #JunkCodeInsertion #DefenseEvasion
[T1027.015 ] Obfuscated Files or Information: Compression – Adversaries compress and archive payloads (ZIP, gzip, 7z, RAR, self-extracting archives) or compress shellcode to hide malicious content and ease transfer. Attackers may concatenate archives or password-protect/encrypt compressed files to evade scanners and trick users into extracting and executing malware. #Compression #DefenseEvasion
[T1027.014 ] Obfuscated Files or Information: Polymorphic Code – Polymorphic code mutates its form on each execution to avoid signature-based detection, allowing malware to persist across Windows, Linux, and macOS environments by changing file content, metadata, or runtime behaviors. Detection requires behavior-based telemetry, file and application logs, and endpoint monitoring to spot anomalies in creation patterns, execution profiles, and mutation engine activity. #PolymorphicCode #DefenseEvasion
[T1027.013 ] Obfuscated Files or Information: Encrypted/Encoded File – Adversaries encrypt or encode files to hide malicious content from signature and pattern-based defenses, often using layered encodings, password-protected archives, or custom schemes to delay discovery until execution. #ObfuscatedFiles #DefenseEvasion
[T1027.010 ] Obfuscated Files or Information: Command Obfuscation – Command obfuscation hides malicious intent in CLI and script strings to evade detection and forensic analysis. Watch for unusual encodings, escape characters, string concatenation, and directory-traversal tricks that preserve functionality while defeating signatures. #CommandObfuscation #DefenseEvasion