Today > 2 Critical | 3 High | 25 Medium vulnerabilities - You can now download lists of IOCs here!
6 attack reports | 79 vulnerabilities
GHOSTPULSE malware has evolved to embed malicious data within pixel structures of PNG files, replacing its previous IDAT chunk technique. Recent campaigns involve social engineering tactics, tricking victims with CAPTCHA validations that trigger malicious commands through keyboard shortcuts. The ma…
This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and m…
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …
A new macOS vulnerability called 'HM Surf' has been discovered that could allow attackers to bypass the Transparency, Consent, and Control (TCC) technology and gain unauthorized access to protected user data. The exploit involves removing TCC protection for the Safari browser directory and modifyin…
Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…
This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon arc…