Tag: Cyberattack

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities
XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities

XE Group, likely a Vietnam-linked hacking collective that has been active in the cyber threat arena for over a decade is believed to be behind the exploitation of a couple of VeraCore zero-day vulnerabilities. During the latest campaign, adversaries weaponized VeraCore flaws tracked as CVE-2024-57968 and CVE-2025-25181 to deploy reverse shells and web shells, ensuring […]

Read More
Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware
Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware

Lumma Stealer, nefarious info-stealing malware, resurfaces in the cyber threat arena. Defenders recently uncovered an advanced adversary campaign distributing Lumma Stealer through GitHub infrastructure along with other malware variants, including SectopRAT, Vidar, and Cobeacon. Detect Lumma Stealer, SectopRAT, Vidar, Cobeacon Deployed via GitHub Lumma Stealer is a notorious data-stealing malware that extracts credentials, cryptocurrency wallets, […]

Read More
TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads
TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads

Financially motivated hackers are behind an ongoing malicious campaign targeting Poland and Germany. These phishing attacks aim to deploy multiple payloads, including Agent Tesla, Snake Keylogger, and a novel backdoor dubbed TorNet, which is delivered via PureCrypter malware.  Detect TorNet Backdoor A significant rise in phishing campaigns, with a 202% increase in phishing messages over […]

Read More
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities 
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities 

Defenders shed light on a set of vulnerabilities in Ivanti Cloud Service Appliances (CSA) that can be chained for further exploitation. The latest joint alert by CISA and FBI notifies the global defender community of at least two exploit chains using Invanti vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380. Adversaries can take advantage of exploit […]

Read More
Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks 
Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks 

Adversaries frequently leverage legitimate tools in their malicious campaigns. The popular AnyDesk remote utility has also been largely exploited by hackers for offensive purposes. Cyber defenders have unveiled the recent misuse of AnyDesk software to connect to targeted computers, masquerading the malicious efforts as CERT-UA activity. Detect Cyber-Attacks Exploiting AnyDesk Based on CERT-UA Research Adversaries […]

Read More
CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC
CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC

Hot on the heels of the release of the first PoC exploit for a critical RCE vulnerability in the Windows LDAP, known as CVE-2024-49112, another vulnerability in the same software protocol in Windows environments is causing a stir. A discovery of CVE-2024-49113, a new denial-of-service (DoS) vulnerability, also known as LDAPNightmare, is hitting the headlines […]

Read More
EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East
EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East

Hot on the heels of the re-emergence of a more advanced NonEuclid RAT variant in the cyber threat arena, a novel malware iteration known as the Eagerbee backdoor poses an increasing threat to organizations in the Middle East, primarily targeting Internet Service Providers (ISPs) and state agencies. The enhanced EAGERBEE backdoor variant can deploy payloads, […]

Read More
NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System
NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System

The modern-day cyber threat landscape is marked by the rise in malware variants that give attackers the green light to gain complete remote control over targeted systems, such as a nefarious Remcos RAT spread via a phishing attack vector. At the turn of January 2025, defenders unveiled an emerging stealthy malware dubbed NonEuclid RAT, which […]

Read More
Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany
Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany

Security experts have uncovered a novel Strela Stealer campaign, which leverages a new iteration of email credential-stealing malware. In this campaign, the updated malware version is enriched with enhanced functionality and is now capable of gathering system configuration data via the “system info” utility. Moreover, Strela Stealer expanded its targets beyond Spain, Italy, and Germany […]

Read More
UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application
UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application

Hard on the heels of the cyber-espionage campaign by UAC-0099 via the phishing attack vector, another hacking collective has evolved in the cyber threat arena to target Ukrainian organizations. CERT-UA notifies defenders about the discovery of fake websites that mimic the official page of the “Army+” application and are hosted using the Cloudflare Workers service. […]

Read More