Today > | 5 High | 10 Medium vulnerabilities - You can now download lists of IOCs here!
9 attack reports | 138 vulnerabilities
The Ukrainian CERT-UA investigated cyberattacks by UAC-0099 against government organizations during November-December 2024. The attacks involved emails with malicious attachments, including exploits for CVE-2023-38831. The LONEPAGE program, used for command execution, has evolved to use encrypted f…
Latin American cybercrime continues to evolve as adversaries refine their tactics and techniques. Key developments in 2024 include the adoption of Rust for improved evasion, consistent use of multi-stage infection chains and malspam campaigns, and evidence of collaboration among threat actors. Nota…
LummaStealer, a relatively new information-stealing malware, has gained prominence since 2022 for its ability to collect sensitive data from Windows systems. Marketed as Malware-as-a-Service (MaaS) on underground forums, it targets individuals, cryptocurrency users, and small to medium-sized busine…
A large-scale fake captcha campaign has been distributing Lumma info-stealer malware through malvertising techniques. The campaign, relying on a single ad network, delivers over 1 million daily ad impressions, causing thousands of daily victims to lose their accounts and money. The malicious activi…
The FLUX#CONSOLE campaign involves a sophisticated tax-themed phishing attack that exploits Microsoft Management Console (MSC) files to deliver a stealthy backdoor payload. Threat actors use tax-related lures to trick users into executing malicious code. The attack leverages MSC files, which are no…
An analysis of a public malware repository reveals a persistent presence of OT/ICS malware, with engineering workstations being a significant target. Two notable clusters were identified: Mitsubishi engineering workstation software infected with the Ramnit worm, and a new experimental malware named…
A sophisticated phishing operation targeting European automotive, chemical, and industrial manufacturing companies has been uncovered. The campaign, which peaked in June 2024, used HubSpot Free Form Builder and Docusign-enabled PDFs to harvest account credentials and infiltrate Microsoft Azure clou…
The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside commo…
TeamTNT is conducting a crypto mining campaign called Spinning YARN, targeting Docker, Redis, YARN, and Confluence. The attack involves server-side scripting vulnerabilities, obfuscated code, and malware deployment. The malware assesses the environment, disables cloud security, establishes persiste…