TGR-CRI-0045
TRENDING TOPICS JULY 09, 2025 Update: Threat Group Exploits Leaked ASP.NET Machine Keys for Stealthy Web Server Attacks A threat group tracked as TGR-CRI-0045 has been carrying out an advanced campaign since late 2024, using stolen ASP[.]NET Machine Keys to silently compromise web servers across the Financial, Manufacturing,
Atomic macOS
TRENDING TOPICS JULY 08, 2025 Update: Atomic macOS Stealer Expands Capabilities With Persistent Backdoor, Escalating Threat to macOS Ecosystems Earlier this year, we reported on Russian-speaking threat actors using platforms like GitHub and FileZilla to distribute the Atomic macOS Stealer (AMOS), targeting macOS users through fake versions of legitimate software.
XWorm
TRENDING TOPICS JULY 07, 2025 Update: XWorm RAT Expands Capabilities with Advanced Loaders, Stagers, and Ransomware Deployment The XWorm RAT, a well-known tool in the cybercrime space, has advanced its techniques, combining new stagers and loaders to bypass modern security defenses and expand its reach across Windows environments. Recent campaigns
Qwizzserial
CVE-2024-51978 Critical Brother Devices An unauthenticated attacker who knows the target device's serial number can generate the default administrator password for the device. Serial numbers can be discovered via CVE-2024-51977 over HTTP/HTTPS/IPP, PJL requests, or SNMP requests. Impact: This vulnerability is baked into the design and
DCRat
TRENDING TOPICS JULY 02, 2025 Update: DCRat Deployed in Phishing Campaign Targeting Windows Systems Across Colombian Organizations A newly observed malware campaign is actively targeting organizations in Colombia with a focus on delivering DCRat (DarkCrystal RAT), a modular and commercially available Remote Access Trojan. This campaign, identified by Fortinet’s
Monthly Wrap
MONTHLY WRAP MONTHLY WRAP Overview The threat landscape in June 2025 highlights a clear shift: cyber operations are increasingly defined by the exploitation of trust, identity, and user behavior rather than just malware signatures or known vulnerabilities. Adversaries are moving with precision through hybrid cloud envi
WordPress
TRENDING TOPICS JULY 01, 2025 Stealth Malware Campaign Uses WordPress Sites to Spread Windows Trojan A new malware campaign actively targeting WordPress websites is delivering a Windows-based Remote Access Trojan (RAT) called client32[.]exe. Discovered by cybersecurity firm Sucuri, this threat is already being exploited in the wild, with real
GIFTEDCROOK
TRENDING TOPICS JUNE 30, 2025 Update: GIFTEDCROOK Stealer Rapidly Evolves to Support Targeted Cyber Espionage in Ukraine GIFTEDCROOK, attributed to the threat group UAC-0226, has undergone a rapid transformation from a basic browser data stealer into a more advanced intelligence-gathering tool designed for targeted espionage. Early versions focused solely on
Python
TRENDING TOPICS JUNE 27, 2025 Malicious Typosquatted Python Package Triggers Forced Shutdowns on Windows Systems A newly discovered malicious Python package, “psslib,” has been identified on the Python Package Index (PyPI), posing as the widely used “passlib” library in a targeted typosquatting campaign. This fake package exploits the trust developers
This cybersecurity report analyzes Operation RoundPress, a sophisticated cyber-espionage campaign conducted by Russian state-sponsored group APT28 that exploited cross-site scripting (XSS) vulnerabilities in popular webmail platforms to steal sensitive communications from government and defense entities across Eastern Europe, South America, and Africa—particularly those supporting Ukraine. The report highlights how
nOAuth
TRENDING TOPICS JUNE 26, 2025 Update: nOAuth Vulnerability Still Threatens Microsoft Entra SaaS Apps and Broader Identity Systems Despite being publicly disclosed in mid-2023, the nOAuth vulnerability continues to affect a significant portion of Microsoft Entra-integrated SaaS applications. A recent review by Semperis found that 9% of the 104 applications
ICS
TRENDING TOPICS JUNE 25, 2025 CISA Issues June 2025 ICS Advisories for Critical Industrial Infrastructure Vulnerabilities On June 24, 2025, CISA released eight new Industrial Control Systems (ICS) advisories (ICSA-25-175-01 through ICSA-25-175-07) and an update to a legacy bulletin highlighting serious vulnerabilities in operational technology systems across critical sectors. These