Network Security

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets

An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker […]

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months

A Chinese-linked cyber threat group, known as Jewelbug, has successfully infiltrated a Russian IT service provider for five months, marking the group’s expansion beyond its traditional targets in Southeast Asia and South America. This operation, running from January to May 2025, underscores the continued reach of Chinese cyber espionage. Background on Jewelbug and Related Clusters

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months Read More »

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks

In mid-2025, cybersecurity researchers at Lab539 detected an unexpected rise in a new browser-based malware campaign known as ClickFix. First appearing quietly in July, this threat quickly grew by registering over 13,000 unique domains aimed at tricking users into running malicious commands on their own devices. How ClickFix Works ClickFix attacks utilize compromised or low-cost

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks Read More »

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers

U.S.-based cybersecurity firm F5 disclosed on Wednesday that unauthorized actors infiltrated its systems and obtained files containing portions of the BIG-IP source code, along with information about undisclosed vulnerabilities in the product. The company attributed the attack to a “highly sophisticated nation-state threat actor,” noting that the intruders maintained prolonged access to its network. According

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers Read More »

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access

Cybersecurity researchers have reported an active exploitation of a serious security flaw in ICTBroadcast, the autodialer software developed by ICT Innovations. The vulnerability, tracked as CVE-2025-2611 and assigned a CVSS score of 9.3, arises from insufficient input validation. This flaw allows unauthenticated remote code execution, as the call center application improperly passes session cookie data

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access Read More »

Windows Remote Desktop Client Flaw Enables Remote Code Execution

Microsoft has addressed a critical security flaw in the Windows Remote Desktop Client that could allow attackers to execute arbitrary code on a user’s system. The issue, identified as CVE-2025-58718, was disclosed on October 14, 2025, and rated as Important in severity. Although no active exploitation has been reported, cybersecurity researchers warn that the flaw

Windows Remote Desktop Client Flaw Enables Remote Code Execution Read More »

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence

Researchers have discovered that the China-backed advanced persistent threat (APT) group Flax Typhoon maintained long-term access to a geographic information system (ArcGIS) by exploiting trusted software components. Instead of using traditional malware, the attackers converted a legitimate software extension into a persistent backdoor, forcing even the vendor to update its documentation. Turning Legitimate Software into

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence Read More »

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication

Fortinet has released an urgent security advisory about a critical vulnerability affecting FortiPAM and FortiSwitch Manager. The flaw could allow threat actors to completely bypass authentication mechanisms by using brute-force attack methods, giving them potential access to sensitive systems. Technical Details This vulnerability, tracked as CVE-2025-49201, results from a weak authentication mechanism in the Web

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication Read More »

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews

SonicWall revealed on Wednesday that an unauthorized party gained access to firewall configuration backup files of customers using its cloud backup service. The compromised files contain encrypted credentials and configuration data. While the encryption remains active, possession of these files may increase the risk of targeted attacks The company is actively notifying all affected partners

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews Read More »

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases

A new wave of sophisticated ransomware attacks is targeting organizations worldwide by abusing legitimate database commands, bypassing traditional security tools through “malware-free” operations. Unlike typical ransomware that relies on malicious binaries to encrypt files, attackers are exploiting exposed database services, using standard database functionality to steal, erase, and demand ransom for critical information. This technique

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases Read More »