Today > 1 Critical | 10 High | 25 Medium vulnerabilities - You can now download lists of IOCs here!
Cybercriminals are exploiting DeepSeek's popularity to launch ClickFix phishing campaigns, tricking users into clicking fake CAPTCHA links that steal credentials and install malware like Vidar and Lumma Stealer. These attacks impersonate DeepSeek's branding to appear legitimate and bypass security …
This analysis examines the exploitation of critical vulnerabilities in Ivanti Cloud Service Appliance (CSA) 4.6 between October 2024 and January 2025. It confirms widespread exploitation leading to webshell deployments in September and October 2024. The report provides details on malicious activiti…
Abyss Locker (AKA Abyss ransomware) is a relatively new threat group that emerged in 2023, specializing in swift and decisive intrusions designed to cripple victims with ransomware. Abyss Locker was active throughout 2024, causing multiple incidents investigated by Sygnia. However, no recent techni…
UAC-0006, a financially motivated cyber threat group, has resurfaced with a sophisticated phishing campaign targeting customers of Ukraine’s largest state-owned bank, PrivatBank.
LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader malware that has gained significant traction recently, amassing over 2,000 samples in weeks. The campaign appears to have started on December 19, 2024, with Brazil being the most affected country. The malware …
An investigation uncovered open directories hosting SmokeLoader malware samples and lure documents targeting Ukraine's automotive and banking sectors. Two servers were identified, containing Windows executables and PDF files posing as invoices from Ukrainian companies. The malware injects into expl…
RL researchers have identified a novel attack technique called nullifAI on the Hugging Face platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing reverse shell code, bypassing Hugging Face's security scanning mechanisms. The attack exploi…
A sophisticated breach was identified where threat actors exploited vulnerabilities in SimpleHelp's Remote Monitoring and Management client to infiltrate a network. The attack involved post-compromise tactics including network discovery, administrator account creation, and persistence establishment…
An unattributed threat actor has been observed exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been identified as potentially vulnerable to this attack method…
A new malware campaign dubbed 'SparkCat' has been discovered targeting Android and iOS users through both official and unofficial app stores. The malware, embedded in various apps, uses OCR technology to scan users' image galleries for crypto wallet recovery phrases. Infected Android apps on Google…
Researchers have identified numerous fake DeepSeek websites being used for malicious purposes, including credential phishing, cryptocurrency theft, and various scams. Over 50 active sites and thousands of potentially malicious domains have been observed. These fake sites range from obvious imitatio…
A sophisticated phishing campaign has been detected that exploits trusted platforms like SharePoint and Power BI to steal user credentials. The scheme uses a seemingly legitimate SharePoint link in an email, which leads to a Power BI report. Users are then prompted to click 'Open Document', redirec…