Tag: 2025-01-10

A fake proof-of-concept exploit for the LDAPNightmare vulnerability (CVE-2024-49113) is being used to distribute information-stealing malware. The malicious repository, disguised as a fork from the original creator, contains an executable file that, when run, drops and executes a PowerShell script.…

FunkSec, an emerging ransomware group, gained prominence in late 2024 with over 85 claimed victims in December. The group's activities blend hacktivism and cybercrime, using AI-assisted malware development to quickly produce advanced tools despite apparent inexperience. FunkSec offers custom ransom…

The distribution of malware compiled with AutoIt has been rapidly increasing, surpassing .NET-type malware. AutoIt, a scripting language for Windows automation, is preferred due to its ease of compilation into EXE files and fewer dependencies. The trend began in August 2024, with AutoIt malware nea…

A sophisticated phishing campaign has been discovered that exploits recruitment branding to deliver malware. The attack begins with a phishing email impersonating a recruitment process, directing victims to a malicious website. Users are prompted to download a fake application, which serves as a do…

Huntress uncovered RedCurl activity across several Canadian organizations in late 2024, tracing back to November 2023. RedCurl, known for cyberespionage, targets various industries to access confidential data without encrypting systems or demanding ransom. The group employs unique tactics, includin…

A phishing attack targeting a Cyberhaven employee led to the compromise of their Google Chrome extension. The attacker published a malicious version on the Chrome Web Store, active for 24 hours, capable of exfiltrating cookies and session data. Analysis of IP addresses and domains revealed connecti…

A sophisticated credit card skimmer malware has been discovered targeting WordPress websites. The malware injects malicious JavaScript into database entries, specifically in the wp_options table, to steal sensitive payment details from checkout pages. It activates only on checkout pages, either hij…