Today > 1 Critical | 6 High | 24 Medium vulnerabilities - You can now download lists of IOCs here!
8 attack reports | 0 vulnerabilities
A new widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix has been uncovered. The operation combines public scripts, brute-force attacks, and exploitation of weak credentials to create a botnet capable of global disruption. Matrix targets vulnerabili…
Arctic Wolf has identified multiple intrusions across various industries involving Palo Alto Network firewall devices. The attacks likely exploit recently disclosed PAN-OS vulnerabilities CVE-2024-0012 and CVE-2024-9474 for initial access. Affected devices downloaded payloads including the Sliver C…
Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing IoT devices. Their botnet, comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable IoT devices from public internet scan databases. On…
The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code executio…
Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
Two campaigns targeting Selenium Grid, a popular web testing tool, have been identified. The attacks exploit misconfigured instances lacking authentication to deploy cryptominers and proxyjacking tools. The first campaign injects a base64 encoded Python script to download and execute a reverse shel…
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…