Kaspersky GReAT discovered the Tsundere botnet in mid-2025, a Node.js-based botnet that installs via MSI or PowerShell, uses npm components (ws, ethers, pm2) for persistence, and retrieves WebSocket C2 addresses from an Ethereum smart contract. The botnet is linked to prior October 2024 typosquatting npm supply-chain activity and to a Russian-speaking actor potentially known as “koneko”, with shared infrastructure tied to the 123 Stealer panel. #Tsundere #123Stealer
Tag: MACOS
Sneaky2FA has enhanced its phishing toolkit with browser-in-the-browser (BitB) capabilities, making attacks more convincing for stealing Microsoft credentials. This evolution in cyberattack techniques increases the effectiveness of phishing attacks on Microsoft 365 accounts, thanks to sophisticated deception tactics. #Sneaky2FA #BitB
Trustwave SpiderLabs discovered Eternidade Stealer, a Delphi‑compiled banking trojan distributed via a WhatsApp‑propagating worm and social engineering that steals contacts and delivers an MSI dropper which deploys credential‑stealing components. The campaign uses IMAP‑based dynamic C2 retrieval, localized Brazilian targeting, encrypted C2 commands, and overlay/keylogging capabilities. #Eternidade #Casbaneiro
This report details a new cyber campaign targeting Brazilian users with a WhatsApp-based distribution of the Eternidade Stealer banking trojan. The campaign employs social engineering, WhatsApp hijacking, and Delphi-based malware, with some global indicators of activity. #EternidadeStealer #WaterSaci #WhatsAppHijacking #DelphiMalware…
Microsoft is enhancing Teams security features by allowing users to report false-positive threat alerts and providing better detection accuracy. These updates, including link warnings and screenshot blocking, will be available globally by the end of November 2025. #MicrosoftTeams #FalsePositiveReporting #ThreatDetection
Google released an urgent Chrome 142 update to fix a critical zero-day vulnerability (CVE-2025-13223) that is actively exploited in the wild. The flaw involves a type confusion issue in the V8 engine, potentially allowing remote code execution. #CVE-2025-13223 #V8Engine…
Google has issued security updates for Chrome to fix critical vulnerabilities, including active threats exploiting a type confusion flaw in V8. Users are urged to update their browsers to protect against potential remote code execution attacks. #CVE-2025-13223 #V8JavaScriptEngine…
Security researchers have uncovered an evolved North Korean-linked malware campaign called Contagious Interview that uses JSON storage services to host malicious code. The attackers target software developers and Web3 professionals through spoofed recruiter messages and deliver payloads like BeaverTail and InvisibleFerret for credential theft and remote access. #ContagiousInterview #BeaverTail #InvisibleFerret #NorthKorea…
![Threat Research | Weekly Recap [16 Nov 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [16 Nov 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap. This week highlights state-sponsored and APT activity, including APT35’s malware pipeline and SideWinder emulation guidance, plus DragonBreath’s RONINGLOADERloader and KONNI Android operations. It also covers diverse malware families like Lumma Stealer, LeakyInjector/LeakyStealer, Remcos, Amatera, XWorm, Rhadamanthys, and VenomRAT takedowns; ransomware trends with Qilin, Akira, Cl0p, Kraken, and Yurei analyses; phishing and credential theft campaigns; supply-chain and RMM abuse including Anthropic MCP SDK flaws and Triofox CVE; detection and threat-hunting advances; and emergent AI-driven malware, pig-butchering scams, Kubernetes trends, and macOS privilege escalation. #APT35 #SideWinder #Gh0stRAT #RONINGLOADER #KONNI #Lum maStealer #LeakyInjector #LeakyStealer #Remcos #Amatera #NetSupportRAT #XWorm #Rhadamanthys #VenomRAT #Qilin #Akira #Cl0p #Kraken #Yurei #Kimsuky #AI‑drivenmalware #PigButchering #Triofox #CVE-2025-12480 #CVE-2025-24277
![Cybersecurity News | Daily Recap [15 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [15 Nov 2025]")
Daily Recap, Five U.S. nationals pled guilty to schemes aiding North Korean IT workers and infiltrating 136 companies to move about $2 million, while North Korean actors leverage JSON services to deliver malware. The roundup covers extortion, vulnerabilities, AI & ML security flaws, and nation-state operations influencing global cyber risk — including CL0P breaches, FortiWeb zero-days, Akira ransomware, and SpearSpecter campaigns. #NKGuilty #JSONMalware #CL0PHits #FortiWebZeroDay #AkiraRansomware #SpearSpecter
AppleScript .scpt files are being repurposed as social-engineered macOS malware droppers, masquerading as fake documents, installers, or update prompts to trick users into executing scripts via Script Editor or Terminal. Samples tie into commodity stealers like MacSync and Odyssey and use techniques such as custom icons in ZIP/DMG containers and obfuscated AppleScript to evade detection. #MacSync #Odyssey
Two interconnected 2025 campaigns used large-scale brand impersonation to deliver Gh0st RAT variants to Chinese-speaking users, evolving from simple droppers to multi-stage chains that misuse signed software and cloud-hosted payloads for evasion. The campaigns registered thousands of disposable domains, hosted payloads on specific IPs and cloud buckets, and employed DLL side-loading…
This cybersecurity roundup highlights recent incidents including the Yanluowang ransomware group’s activities and a significant Windows Kerberos vulnerability. Key developments include targeted ransomware attacks, critical software patches, and innovative bug bounty programs. #Yanluowang #Pwn2Own #CVE-2025-60704…
This bulletin covers the latest developments in cybersecurity, including new threats, legal measures, and technological defenses. It highlights ongoing battles between hackers and security defenders across various sectors and regions. #IntelDataBreach #OWASP #MetaPhishing #RussianDrones…
Google and Mozilla have released updates for Chrome and Firefox to fix several high-severity vulnerabilities, including issues in the V8 JavaScript engine and WebGPU component. These patches enhance browser security by addressing numerous weaknesses, although no exploitation in the wild has been reported yet. #V8JavaScriptEngine #WebGPU #Firefox145 #Chrome142…