admin

admin

  • Joined: September 10, 2024
  • Articles: 6273

⚡ Weekly Update: APT Intrusions, AI-Powered Malware, Zero-Click Exploits, Browser Hijacks, and More

Jun 02, 2025
Cybersecurity / Hacking Insights

In a scenario that felt more like a high-stakes security drill gone awry, the reality was far grimmer. While everything appeared normal, the tools for attack were all too accessible, and detection was alarmingly late. This is the current state of cybersecurity—quiet, deceptive, and rapid. Defenders no longer merely chase hackers; they grapple with distrust of their own systems’ signals. The issue isn’t a lack of alerts; it’s an overwhelming number without context. The bottom line? If your defenses still rely on obvious indicators, you aren’t safeguarding your assets—you’re merely witnessing breaches unfold.

The following recap emphasizes key developments that demand your attention.

Threat of the Week
APT41 Exploits Google Calendar for Command-and-Control — The Chinese state-sponsored group, APT41, has employed a malware known as TOUGHPROGRESS that utilizes Google Calendar for its command-and-control (C2) activities. Google reported observing these spear-phishing incidents back in October 2024, with the malware hosted on…

Weekly Cybersecurity Recap: APT Intrusions, AI Malware, and Evolving Threat Landscapes Published: June 2, 2025 In a landscape defined by digital threats, the recent surge of cybersecurity incidents serves as a stark reminder of the complexities defenders face today. An…

Mustang Panda’s Tibet-Focused Cyber Espionage Campaign Utilizes PUBLOAD and Pubshell Malware

Jun 27, 2025
Vulnerability / Cyber Espionage

A China-linked threat group known as Mustang Panda has been identified in a new cyber espionage operation targeting the Tibetan community. The spear-phishing attacks capitalize on Tibet-related themes, including the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and recent publications by the 14th Dalai Lama, as reported by IBM X-Force. Their cybersecurity division noted the campaign earlier this month, which involved the deployment of PUBLOAD, a known malware associated with Mustang Panda. They track this threat actor under the alias Hive0154. The attack vectors utilize Tibet-themed enticements to deliver a harmful archive containing a seemingly harmless Microsoft Word file, alongside articles from Tibetan websites and images from WPCT, ultimately tricking users into executing a disguised executable. This executable has been observed in previous Mustang Panda attacks…

PUBLOAD and Pubshell Malware Employed in Mustang Panda’s Targeted Attack on Tibetan Community June 27, 2025 — A recent string of cyber espionage activities has been linked to Mustang Panda, a threat actor with ties to China, specifically targeting the…

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

North Korean Hackers Exploit Job Seekers with Deceptive Interviews Delivering Cross-Platform Malware October 9, 2024 In a sophisticated cyber campaign, threat actors linked to North Korea have been targeting tech industry job seekers to disseminate advanced malware variants known as…

Russian Hackers Target Norwegian Dam

Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Also: Spain Resists Pressure to Oust Huawei, North Korean Kimsuky Data Leaked Anviksha More (AnvikshaMore) • August 14, 2025 Image: Shutterstock/ISMG The Information Security Media Group (ISMG) regularly compiles significant cybersecurity…

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

Google Unveils Vishing Campaign Targeting Salesforce by Threat Group UNC6040 June 4, 2025 In a recent disclosure, Google has revealed insights into a financially motivated threat group known as UNC6040, which is reportedly executing sophisticated voice phishing, or vishing, operations…

Over 1,000 SOHO Devices Compromised in China-Linked LapDogs Cyber Espionage Operation

Jun 27, 2025
Threat Hunting / Vulnerability

Cybersecurity experts have uncovered a network of over 1,000 compromised small office/home office (SOHO) devices actively supporting an extensive cyber espionage campaign linked to China-based hacking groups. This operation, dubbed LapDogs by SecurityScorecard’s STRIKE team, reveals that victims are primarily located in the United States and Southeast Asia, with the network steadily expanding. Infections are also reported in Japan, South Korea, Hong Kong, and Taiwan, affecting sectors such as IT, networking, real estate, and media. The compromised devices include those from manufacturers like Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology. At the core of the LapDogs operation is a custom backdoor known as ShortLeash, specifically designed to facilitate these attacks.

Over 1,000 SOHO Devices Compromised in Cyber Espionage Campaign Linked to China On June 27, 2025, cybersecurity experts reported the discovery of a significant network of more than 1,000 small office and home office (SOHO) devices that have been compromised…

THN Cybersecurity Weekly Recap: Key Threats, Tools, and Trends (October 7 – October 13)

Posted on October 14, 2024
Category: Cybersecurity Recap

Get ready for your weekly update on the latest in cybersecurity! This week, we’re diving into everything from zero-day vulnerabilities and rogue AI to the FBI stepping into the crypto game—you won’t want to miss this! Let’s get started so we can beat the FOMO! ⚡

🔒 Threat Spotlight: GoldenJackal’s Air-Gapped Infiltration
Introducing GoldenJackal, the hacking group that’s been flying under your radar. They’ve developed a method to breach highly secure, air-gapped systems using stealthy worms distributed via infected USB drives (yes, you read that right!). ESET researchers have identified their operations targeting notable victims, including a South Asian embassy in Belarus and a European Union government entity.

🔔 Top Headlines
Mozilla has released a patch for a critical Firefox zero-day vulnerability…

THN Cybersecurity Recap: Key Threats and Developments (October 7 – October 13) October 14, 2024 As we delve into this week’s cybersecurity landscape, numerous developments highlight the urgency and complexity of the current threats. Among them is the emergence of…