Kernel-Level Filtering for Invisible Activation Both implants install custom BPF programs that cause the kernel to silently inspect incoming packets and determine when to activate the backdoor. No open ports, running listeners, or obvious processes appear on the system, making traditional monitoring tools ineffective. Activation occurs only when highly-specific patterns
Storm-0249
CVE-2025-62221 High Windows Cloud Files Mini Filter PRIVILEGE ESCALATION EXPLOITED IN WILD Windows Cloud Files Mini Filter Driver EoP allowing attackers to escalate from user context to SYSTEM. Actively used in real-world post-compromise chains. CVE-2025-62454 High Windows Cloud Files Mini Filter PRIVILEGE ESCALATION HIGH EXPLOIT LIKELIHOOD Cloud Files Mini Filter
Hypervisors
TRENDING TOPICS DEC 09, 2025 Update: Ransomware Actors Target Hypervisors at Scale Ransomware operations are increasingly shifting their focus to the hypervisor layer, where a single point of control can affect dozens of virtual machines simultaneously. Huntress data shows a steep rise in attacks throughout 2025, with hypervisor-level encryption incidents
Developers
TRENDING TOPICS DEC 08, 2025 Exploiting Developer Workstations: New Findings Expose Critical Weaknesses in VS Code Extension Security Recent research revealed that publishing a malicious Visual Studio Code extension capable of compromising developer machines is far simpler than previously understood. The researcher created a functional extension, “Piithon-linter,” that quietly exfiltrated
Calisto
CVE-2025-55182 Critical React Server Components PRE-AUTH RCE NO AUTHENTICATION Pre-authentication remote code execution vulnerability affecting multiple versions of React Server Components, including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. Allows attackers to execute arbitrary code without any credentials. Mitigation: Upgrade to patched React Server Components versions immediately and implement strict request validation on
K.G.B. RAT
TRENDING TOPICS DEC 04, 2025 K.G.B RAT Emerges on Dark Web with Stealth, Automation, and Built-In Evasion Tools A new remote access Trojan bundle called K.G.B RAT is being advertised on an underground cybercrime forum, where the seller claims it offers complete stealth, integrated evasion tools,
Cloudflare Global Outage November 18, 2025 Root Cause A malformed Bot Management feature file triggered failures in Cloudflare's core proxy, producing widespread HTTP 500 errors and breaking CDN, authentication, and KV-backed workflows. Impacted Organizations X (formerly Twitter), ChatGPT (OpenAI), Shopify, Dropbox, Coinbase, New Jersey Transit, SNCF (France'
MuddyWater
TRENDING TOPICS DEC 03, 2025 Update: MuddyWater Refines Tooling and Tradecraft in Targeted Espionage Operations Recent analysis shows that MuddyWater, an Iran-aligned APT also tracked as Mango Sandstorm and TA450, has significantly upgraded its technical capability during a campaign targeting critical infrastructure, government, academic, and technology organizations in Israel and
GlassWorm
TRENDING TOPICS DEC 02, 2025 Update: Glassworm Campaign Escalates Across Developer Extension Ecosystems Glassworm has advanced into a broader, more aggressive phase, with adversaries planting two dozen new malicious extensions on the Microsoft Visual Studio Marketplace and OpenVSX. These platforms distribute critical tooling for VS Code–compatible editors, which positions
MONTHLY WRAP MONTHLY WRAP Overview November saw a significant increase in attacks involving ecosystem-level compromise, SaaS and support-platform targeting, and rapid experimentation with AI-enabled tradecraft. Supply chain attacks escalated from isolated package backdoors to full ecosystem disruption in npm, PyPI, and
Albiriox
TRENDING TOPICS DEC 01, 2025 Albiriox: Rapidly Evolving Android Banking Malware-as-a-Service Albiriox is a newly emerging Android banking malware family operating as a Malware-as-a-Service, first spotted in September 2025 and now actively sold on Russian-language cybercrime forums. It uses staged delivery via SMS phishing to lead victims to fake app
ShadowV2
CVE-2025-59287 Critical Windows Server Update Services UNSAFE DESERIALIZATION A critical vulnerability in Windows Server Update Services (WSUS) stems from unsafe deserialization of untrusted data over the network, allowing remote attackers to execute arbitrary code on WSUS servers without authentication. Mitigation: Immediately apply Microsoft's security update, restrict WSUS exposure