A recent data breach at TransUnion has compromised the Social Security numbers of 4.4 million consumers in the United States, following a cyber attack on a Salesforce-integrated application. The breach is associated with the hacking group identified as UNC6395. In…
Published: April 9, 2025
Category: Windows Security / Vulnerability
A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…
Newly Discovered TCESB Malware Targets ESET Security Software April 09, 2025 Recent cybersecurity developments have illuminated a new malware strain known as TCESB, which is being actively deployed in ongoing attacks. This malware, linked to a Chinese-affiliated threat actor, exploits…
May 14, 2025
Vulnerability / Endpoint Security
Ivanti has issued security updates to remedy two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which have been exploited in limited attacks for remote code execution. The vulnerabilities include:
Exploiting these vulnerabilities could allow an attacker to chain them together to execute arbitrary code on a compromised device without authentication. The affected versions of the product are:
Ivanti has credited CERT-EU for reporting these vulnerabilities.
Ivanti Issues Patches for Vulnerabilities in EPMM Software Exploited in Limited Attacks On May 14, 2025, Ivanti announced critical security updates addressing two vulnerabilities in its Endpoint Manager Mobile (EPMM) software. These flaws have been utilized in limited attacks to…
Unauthorized Release of Dexter: Resurrection Episodes Sparks Concerns Over Distribution Security In a startling revelation for fans, the highly anticipated finale of Dexter: Resurrection has leaked online, with episodes 9 and 10 emerging in a Russian-dubbed format nearly a week…
Google Issues Security Alerts Following Breach of Salesloft Drift AI Chat Agent In a critical advisory, Google has alerted users of the Salesloft Drift AI chat platform to regard all security tokens associated with the service as compromised. This warning…
April 11, 2025
Spyware / Mobile Security
Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.
SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…
SpyNote, BadBazaar, and MOONSHINE Malware Exploit Fake Apps to Target Android and iOS Users April 11, 2025 Focus on Spyware / Mobile Security Recent investigations by cybersecurity experts have unveiled a concerning trend: threat actors are leveraging newly registered domains…
Google Issues Alert on ShinyHunters Attack Campaign Targeting Gmail Users Google has recently issued a significant security warning regarding the ShinyHunters hacking group, which has utilized Gmail to conduct attacks on users. This alert highlights the potential vulnerabilities affecting millions,…
Fortinet Addresses CVE-2025-32756: Critical Zero-Day RCE Vulnerability in FortiVoice Systems
May 14, 2025
Vulnerability / Network Security
Fortinet has issued a fix for a severe security vulnerability exploited as a zero-day in attacks against FortiVoice enterprise phone systems. Identified as CVE-2025-32756, this flaw has a high CVSS score of 9.6 out of 10.0. According to the company’s advisory, “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may enable a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.” Fortinet has confirmed that the flaw has been actively exploited in the wild within FortiVoice systems, although details regarding the scope of the attacks and the identities of the attackers remain undisclosed. Notably, the attacker engaged in network scans of devices, deleted system crash logs, and enabled FCGI debugging to capture credentials from the system and SSH login attempts. The vulnerability impacts the following products and versions: FortiCamera 1.1, 2.0 (Update to a secure release recommended).
Fortinet Addresses Critical Zero-Day RCE Vulnerability in FortiVoice Systems On May 14, 2025, cybersecurity provider Fortinet announced the resolution of a significant security vulnerability identified as CVE-2025-32756. This flaw, which carries a critical CVSS score of 9.6, has reportedly been…
Mar 31, 2023
Cyber Espionage / APT
The advanced persistent threat (APT) group known as Winter Vivern is currently focusing its cyber espionage efforts on officials in Europe and the U.S. According to a recent report by Proofpoint, this group, also referred to as TA473, has been exploiting an unpatched Zimbra vulnerability in publicly accessible webmail portals since at least February 2023. This vulnerability allows them to access the email accounts of government bodies across Europe.
Proofpoint has identified the group’s activities as closely aligned with the geopolitical objectives of Russia and Belarus. While Winter Vivern may not be the most sophisticated actor, its persistence is notable. Recently, the group has been linked to cyber attacks on state authorities in Ukraine and Poland, as well as government officials in India, Lithuania, Slovakia, and the Vatican. The ongoing wave of intrusions related to NATO involves exploitation of CVE…
Winter Vivern APT Exploits Zimbra Vulnerability to Target European Government Entities March 31, 2023 – A new report from Proofpoint reveals that the advanced persistent threat (APT) group known as Winter Vivern is actively engaged in a cyber espionage campaign…
