Summary, a critical token validation failure in Microsoft Entra ID, formerly Azure Active Directory, could have let attackers impersonate any user, including Global Administrators, across tenants. The flaw, tracked as CVE-2025-55241, received a CVSS score of 10.0, and Microsoft describes it as a privilege escalation issue in Entra ID. Microsoft fixed the problem on July […]
A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning about ongoing malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) platforms. Threat actors are actively exploiting two critical security flaws, CVE-2025-4427 and CVE-2025-4428, enabling complete system compromise and arbitrary code execution on affected servers. These attacks started shortly after Ivanti publicly disclosed the
CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware Read More »
A recent surge in phishing-as-a-service (PhaaS) activity has linked over 17,500 phishing domains to 316 brands across 74 countries. The platforms behind this activity, known as Lighthouse and Lucid, are making large-scale phishing campaigns more accessible to cybercriminals. Netcraft reported that “PhaaS deployments have risen significantly recently. Operators charge monthly fees for phishing software with
17,500 Phishing Domains Target 316 Brands Across 74 Countries Amid Global PhaaS Surge Read More »
Cybersecurity researchers have uncovered strong indications that two well-known Russian threat groups, Gamaredon and Turla, are actively working together to target Ukrainian systems. According to Slovak cybersecurity company ESET, the Gamaredon toolset (notably PteroGraphin and PteroOdd) was leveraged in February 2025 to run Turla’s Kazuar backdoor on a Ukrainian endpoint. This suggests that Turla is
Russian Hackers Gamaredon And Turla Join Forces To Deploy Kazuar Backdoor In Ukraine Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed advisory highlighting the discovery of two different malware strains that exploited security flaws in Ivanti Endpoint Manager Mobile (EPMM). The malicious activity was identified inside the network of an unnamed organization, where attackers leveraged vulnerabilities CVE-2025-4427 and CVE-2025-4428 to compromise systems. How the
CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428 Read More »
SonicWall has issued a strong advisory urging its customers to reset their credentials after detecting a security incident involving its cloud backup service. The breach exposed firewall configuration backup files linked to MySonicWall accounts, though the company emphasized that less than 5 percent of customers were impacted. Suspicious Activity Detected in Cloud Backups According to
Cybersecurity experts have identified a new malware loader, dubbed CountLoader, being actively used by Russian ransomware operators. This loader is designed to deliver post-exploitation frameworks such as Cobalt Strike and AdaptixC2, along with a remote access trojan known as PureHVNC RAT. According to Silent Push, CountLoader is deployed either as part of an Initial Access
CountLoader expands Russian ransomware campaigns with multi-version malware loader Read More »
Both packages pose as useful developer libraries, however, they contain hidden functionality that fetches and runs additional Python code, which implants SilentSync. The trojan supports remote command execution, file theft, and screen capture, and it specifically targets browser data such as saved credentials, history, autofill information, and cookies from Chrome, Brave, Edge, and Firefox, according
According to an analysis by Proofpoint, the intrusions impersonated senior figures and organizations involved in U.S.-China relations, including the Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party, and the U.S.-China Business Council. The emails specifically targeted people working on trade, economic policy, and bilateral relations, implying
Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts Read More »