Between March and June 2025, multiple China-aligned threat actors conducted targeted phishing campaigns against Taiwan’s semiconductor industry, focusing on espionage and intelligence gathering. The campaigns employed custom malware like Voldemort and HealthKick, leveraging sophisticated delivery methods including DLL sideloading and adversary-in-the-middle phishing kits. #UNK_FistBump #UNK_DropPitch #Voldemort #HealthKick #TA415 #UNK_SparkyCarp…
Tag: MACOS
Google has issued updates fixing six security vulnerabilities in Chrome, including one actively exploited flaw that could allow sandbox escape via GPU component vulnerabilities. The exploit, CVE-2025-6558, has been used in real-world attacks, possibly involving nation-state actors. #CVE20256558 #ChromeSecurity…
Google has released security updates for Chrome to patch six vulnerabilities, including a zero-day flaw actively exploited in the wild. The fixed bugs include a critical graphics validation error and issues in JavaScript engine and WebRTC components. #CVE-2025-6558 #ANGLE #ChromeSecurity…
This article discusses the MITRE ATT&CK technique T1055 (Process Injection), highlighting its use by cyber threat actors to evade detection and maintain persistence. The report emphasizes the increasing complexity of malware attacks in 2024 and the common employment of process injection for privilege escalation and defense evasion. #MITREATT&CK #T1055 #ProcessInjection…
North Korean threat actors involved in the Contagious Interview operation have expanded their software supply chain attacks by deploying a new malware loader named XORIndex in the npm ecosystem, alongside the ongoing HexEval Loader campaign. These loaders deliver multi-stage malware including BeaverTail and InvisibleFerret backdoors, targeting developers and cryptocurrency holders with sophisticated obfuscation and data exfiltration techniques. #XORIndex #HexEvalLoader #ContagiousInterview #BeaverTail #InvisibleFerret
A critical vulnerability in Wing FTP Server has been actively exploited, affecting thousands of organizations including the U.S. Air Force and Airbus. CISA has ordered urgent patching and warns that this flaw can lead to total server compromise. #WingFTPServer #CVE202547812…
GLOBAL GROUP is a newly observed ransomware-as-a-service (RaaS) operation, likely a rebranding of the Black Lock RaaS, targeting multiple sectors across the US, Europe, Australia, and Brazil with advanced malware and AI-powered ransom negotiations. The group relies heavily on Initial Access Brokers to gain network entry and deploy ransomware rapidly, emphasizing high-value targets and seven-figure ransom demands. #GLOBALGROUP #BlackLock #Mamona #Ramp4u #InitialAccessBroker
Huntress detected active exploitation of CVE-2025-47812, a null byte and Lua injection vulnerability in Wing FTP Server, on July 1, 2025. The exploit allows remote code execution at root/SYSTEM level, and attackers attempted various post-exploitation activities before being stopped by Microsoft Defender. #CVE202547812 #WingFTPServer #TrojanWin32CeproladA
![Cybersecurity News | Daily Recap [11 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Jul 2025]")
Recent cybersecurity developments include arrests linked to the Scattered Spider and DragonForce ransomware groups, highlighting significant retail sector impacts and thwarted ransomware attempts. Notable vulnerabilities such as Wing FTP Server CVE-2025-47812 and Citrix NetScaler CVE-2025-5777 continue to be exploited, emphasizing the need for urgent updates. #ScatteredSpider #DragonForce #WingFTP #CVE2025-47812 #CVE2025-5777
The 2025 Threat Detection Report by Red Canary highlights the increasing volume of threats, with nearly 93,000 detected in 2024, emphasizing the evolution of adversary techniques, especially in cloud and identity attacks. Key findings include a rise in identity attacks, use of fake CAPTCHA lures, and the proliferation of new ransomware variants; the report also stresses the importance of early detection and comprehensive defense strategies. #LummaC2 #NetSupportManager
This week’s cybersecurity news highlights new vulnerabilities in AMD processors, espionage activities by North Korean hackers, and exposed secrets in Docker images. The reports also cover rising cybersecurity investments, evolving malware threats like ZuRu, and attacks targeting government entities in Southern Europe. #AMDVulnerabilities #NorthKoreaHacking #DockerSecrets…
Validin provides extensive HTTP/S response data that enables threat analysts to discover related malicious domains and infrastructure by pivoting on features like favicon hashes, HTTP redirects, and HTML content. The platform helps identify phishing campaigns, malicious browser extension C2 domains, and fake app download sites through detailed feature correlation and exploration. #Validin #ClickFix #MaliciousExtensions #PhishingDomains
CVE-2025-48384 is a critical vulnerability in Git CLI versions 2.50.0 and earlier that allows arbitrary file write and remote code execution via malicious repositories using the –recursive clone option. The GitHub Desktop client for macOS is also vulnerable, and no patch is currently available for it, making users advised to switch to patched Git CLI versions urgently. #CVE202548384 #GitCLI #GitHubDesktop
RenderShock is a zero-click attack framework that exploits passive file preview, indexing, and automation in modern operating systems to execute malicious payloads without user interaction. It leverages trusted system features to perform reconnaissance, credential theft, remote code execution, and persistence, posing significant stealth and detection challenges. #RenderShock #NTLMLeak #RemoteTemplateInjection
Cybersecurity researchers identified a critical vulnerability in the open-source mcp-remote project, enabling remote OS command execution. Users are urged to update to the latest version and connect only to trusted MCP servers to prevent full system compromise. #CVE-2025-6514 #Anthropic #MCP #OpenSourceSecurity…