A critical security vulnerability in SAP NetWeaver, CVE-2025-31324, is being actively exploited by Chinese threat actors to compromise and maintain persistent access to critical infrastructure systems worldwide. These attackers are leveraging web shells and malware to target networks in various sectors, including energy, water, healthcare, and government. Affected: SAP NetWeaver systems,…
Tag: TROJAN
The North Korea-linked threat actor Konni APT has launched a phishing campaign targeting Ukrainian government entities to gather strategic intelligence on the Russian invasion. This activity indicates that Konni’s targeting extends beyond Russia, focusing on political and military intelligence collection. Affected: Ukrainian government entities, Ukrainian military, goverment organizations in Ukraine…
Moldovan authorities, with support from Dutch law enforcement, arrested a suspect linked to DoppelPaymer ransomware attacks targeting organizations in the Netherlands, including a major scientific institution. The operation involved searches, seizure of electronic devices, and the suspect remains in custody awaiting extradition. Affected: Dutch Research Council (NWO), organizations in the Netherlands…
Chihuahua Stealer is a newly discovered .NET-based infostealer that employs multi-stage payloads, scheduled task persistence, and advanced encryption to steal browser and crypto wallet data stealthily. It uses obfuscated PowerShell scripts for delivery and exfiltrates encrypted data over HTTPS, impacting targeted user systems and network environments. #ChihuahuaStealer #UserSystems
Chihuahua Stealer is a newly identified .NET-based infostealer that employs multi-stage payloads, scheduled task persistence, and advanced encryption techniques to steal browser and crypto wallet data. It leverages obfuscated PowerShell scripts distributed via malicious Google Drive documents to maintain stealth and exfiltrate encrypted stolen data over HTTPS. #ChihuahuaStealer #PowerShell
The Genians Security Center (GSC) has uncovered the recent “Operation: ToyBox Story” campaign by North Korean-linked APT37, involving sophisticated spear-phishing attacks using trusted cloud services. The campaign primarily delivered the RoKRAT remote access trojan through fileless malware techniques, targeting South Korean and other regional organizations. Affected: South Korean think tanks, government…
Cybercriminals are increasingly targeting overlooked infrastructure such as outdated software, IoT devices, and open-source packages to launch attacks at scale. Threat actors are shifting their focus from high-value targets to vulnerable “infrastructure” components, reshaping intrusion, persistence, and evasion strategies. Affected: Organizations relying on outdated systems, IoT device users, open-source software ecosystems….
Seqrite Labs uncovered a sophisticated multi-stage malware campaign named Swan Vector targeting educational and mechanical engineering sectors in Taiwan and Japan, using fake candidate resumes
Recent hacktivist campaigns targeting Indian digital infrastructure have largely resulted in exaggerated claims with minimal real impact, while the persistent threat from APT36 using Crimson
The article analyzes a malware named NDA.pdf.msc created by the North Korean hacking group Kimsuky, disguised as a Non-Disclosure Agreement PDF file targeting organizations related
A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails….
Lumma Stealer is an evolving info-stealing malware-as-a-service exploited via trusted platforms like GitHub to harvest credentials, crypto wallets, and personal data using advanced evasion, scripting,