Seqrite Labs uncovered “Operation Covert Access,” a targeted spear-phishing campaign that abuses authentic Argentine federal court documents to deliver a multi-stage Rust-based Remote Access Trojan (CovertRAT) via a weaponized LNK, BAT loader, and a GitHub-hosted second-stage binary. The implant demonstrates extensive anti-VM/anti-debug checks, IPv4/IPv6 C2 fallback (default 181.231.253.69:4444), and a modular command set for persistence, data theft, file transfer, encryption, and privilege escalation. #CovertRATCiR #ArgentinaJudicialSector
Tag: SSO
A ransomware attack on Ingram Micro in July 2025 led to a significant data breach affecting over 42,000 individuals, including personal and employment information. The SafePay ransomware group claimed responsibility, exposing sensitive data and causing a major system outage. #SafePay #IngramMicro #DataBreach
A new hardware vulnerability named StackWarp affects AMD processors with potential for remote code execution inside confidential VMs. This flaw compromises AMD’s SEV-SNP isolation and can be exploited through hyperthreading, impacting multiple AMD EPYC series processors. #StackWarp #AMDSEV SNP #EPYCProcessors…
Cyble’s 2025 Threat Landscape Report highlights the resilience and evolution of cybercriminal ecosystems, particularly in ransomware operations, despite increased law enforcement efforts. The report emphasizes the shift towards extortion-only tactics, AI-assisted automation, and supply chain exploitation, affecting diverse sectors worldwide. #RansomwareEvolution #SupplyChainAttacks…
A recent Palo Alto Networks study highlights the increased cyber threats targeting the upcoming Milan Cortina 2026 Winter Olympics, focusing on potential attacks across the event’s digital ecosystem. Threat actors, motivated by financial gain, espionage, or activism, are expected to target ticketing systems, public infrastructure, and attendees. #PyeongChang2018 #Tokyo2024 #Paris2024 #Ransomware…
Cybersecurity researchers uncovered a cross-site scripting (XSS) vulnerability in the StealC information stealer’s control panel, revealing insights about the threat actor behind it. The breach exposed the threat actor’s location, operational practices, and security weaknesses, offering opportunities for further investigation. #StealC #YouTubeTA…
Modern organizations are prioritizing attack surface visibility as a key component of infrastructure security in 2026 due to the increasing complexity of digital assets across cloud, API, and hybrid environments. Industry experts highlight how interconnected priorities like identity management and governance are essential for effective cybersecurity strategies. #AttackSurfaceVisibility #APISecurity…
AhnLab confirmed a Remcos RAT campaign targeting users in South Korea that uses fake blocklist‑lookup tools for illegal gambling sites and counterfeit VeraCrypt installers to distribute multi‑stage droppers. The attack chain leverages obfuscated VBS/PowerShell scripts, a .NET injector that sends logs via Discord webhooks and injects Remcos into AddInProcess32.exe, with IOCs…
A new espionage campaign targeting U.S. government entities has been identified, involving a custom backdoor called LOTUSLITE likely linked to Mustang Panda. The campaign uses spear-phishing with geopolitical lures and DLL sideloading to establish persistence, highlighting ongoing targeted cyber espionage efforts. #MustangPanda #LOTUSLITE…
![Cybersecurity News | Daily Recap [17 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [17 Jan 2026]")
Daily Recap, Gootloader now uses 1,000-part ZIP archives to evade detection and deliver payloads, while the Kimwolf botnet has infected roughly 2 million devices. Daily Recap, DeadLock leverages Polygon smart contracts to rotate proxies and obscure infrastructure, with further coverage on Modular DS WordPress exploits, AWS CodeBuild misconfigurations, StackWarp on AMD processors, Reprompt attacks against Microsoft Copilot, RedVDS seizures, Grubhub breach, and leadership shifts around the RSA Conference. #Gootloader #DeadLock
SolyxImmortal is a Python-based Windows information-stealer that persistently collects browser credentials, documents, keystrokes, and screenshots and exfiltrates them via hardcoded Discord webhooks. The sample Lethalcompany.py establishes registry Run-key persistence, stages and compresses artifacts for stealthy long-term surveillance rather than propagation. #SolyxImmortal #Discord
Malicious Chrome extensions masquerading as productivity and security tools targeted enterprise HR and ERP platforms, stealing credentials and blocking management pages. This coordinated attack threatened thousands of users by exfiltrating session cookies and hijacking accounts, potentially leading to large-scale data breaches and ransomware attacks. #Workday #NetSuite
Ukrainian and German authorities have identified suspects linked to the Black Basta ransomware group, with the group’s alleged leader added to international wanted lists. The group, responsible for cyberattacks on over 500 companies since 2022, appears to have disbanded after leaks exposed its inner workings and leader connections to Russian intelligence….
Incransom has claimed a ransomware attack targeting ecsc.org, a major electric cooperative serving South Carolina, US, which could potentially disrupt services for nearly 2 million residents. The incident threatens the organization’s revenue of $11.2 million and its efforts in energy efficiency and electrification initiatives. #US
Verizon issued a $20 account credit to customers affected by a nationwide wireless outage caused by a software issue. Customers are instructed on how to redeem the credit through their online accounts, with the outage affecting calls and data access. #Verizon #SoftwareIssue