admin

admin

  • Joined: September 10, 2024
  • Articles: 4648

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

New Vulnerabilities Uncovered in Linux Core Dump Handlers Could Lead to Password Hash Theft May 31, 2025 Recent findings from the Qualys Threat Research Unit (TRU) have revealed two significant vulnerabilities within core dump handlers in popular Linux distributions, including…

MOVEit Transfer Under Heightened Threat as Scanning Activity Surges and CVE Vulnerabilities Come Under Fire

Network security firm GreyNoise has reported a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025, indicating that cybercriminals may be gearing up for a new mass exploitation campaign or probing for unpatched vulnerabilities. MOVEit Transfer, widely utilized by businesses and government agencies for secure file sharing, is a prime target due to its handling of sensitive data.

“Prior to this date, scanning was minimal—typically fewer than 10 IP addresses were observed daily,” the firm stated. “However, on May 27, that number skyrocketed to over 100 unique IPs, followed by 319 on May 28.” Since then, the volume of scanning IPs has remained intermittently elevated, fluctuating between 200 and 300 daily, marking a “significant deviation” from normal patterns. GreyNoise reports that as many as 682 unique IPs have been flagged in connection with this increased activity.

Increased Threat Landscape for MOVEit Transfer Amidst Rising Scanning Activities June 27, 2025 In a recent update, cybersecurity firm GreyNoise has reported a significant surge in scanning activities targeting Progress MOVEit Transfer systems. This uptick, which began on May 27,…

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Microsoft Alerts on Increasing Use of File Hosting Services in Business Email Compromise Attacks October 9, 2024 Microsoft has issued a warning regarding a rise in cyber attack campaigns that exploit established file hosting services such as SharePoint, OneDrive, and…

⚡ Weekly Update: APT Intrusions, AI-Powered Malware, Zero-Click Exploits, Browser Hijacks, and More

Jun 02, 2025
Cybersecurity / Hacking Insights

In a scenario that felt more like a high-stakes security drill gone awry, the reality was far grimmer. While everything appeared normal, the tools for attack were all too accessible, and detection was alarmingly late. This is the current state of cybersecurity—quiet, deceptive, and rapid. Defenders no longer merely chase hackers; they grapple with distrust of their own systems’ signals. The issue isn’t a lack of alerts; it’s an overwhelming number without context. The bottom line? If your defenses still rely on obvious indicators, you aren’t safeguarding your assets—you’re merely witnessing breaches unfold.

The following recap emphasizes key developments that demand your attention.

Threat of the Week
APT41 Exploits Google Calendar for Command-and-Control — The Chinese state-sponsored group, APT41, has employed a malware known as TOUGHPROGRESS that utilizes Google Calendar for its command-and-control (C2) activities. Google reported observing these spear-phishing incidents back in October 2024, with the malware hosted on…

Weekly Cybersecurity Recap: APT Intrusions, AI Malware, and Evolving Threat Landscapes Published: June 2, 2025 In a landscape defined by digital threats, the recent surge of cybersecurity incidents serves as a stark reminder of the complexities defenders face today. An…

Mustang Panda’s Tibet-Focused Cyber Espionage Campaign Utilizes PUBLOAD and Pubshell Malware

Jun 27, 2025
Vulnerability / Cyber Espionage

A China-linked threat group known as Mustang Panda has been identified in a new cyber espionage operation targeting the Tibetan community. The spear-phishing attacks capitalize on Tibet-related themes, including the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and recent publications by the 14th Dalai Lama, as reported by IBM X-Force. Their cybersecurity division noted the campaign earlier this month, which involved the deployment of PUBLOAD, a known malware associated with Mustang Panda. They track this threat actor under the alias Hive0154. The attack vectors utilize Tibet-themed enticements to deliver a harmful archive containing a seemingly harmless Microsoft Word file, alongside articles from Tibetan websites and images from WPCT, ultimately tricking users into executing a disguised executable. This executable has been observed in previous Mustang Panda attacks…

PUBLOAD and Pubshell Malware Employed in Mustang Panda’s Targeted Attack on Tibetan Community June 27, 2025 — A recent string of cyber espionage activities has been linked to Mustang Panda, a threat actor with ties to China, specifically targeting the…

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

North Korean Hackers Exploit Job Seekers with Deceptive Interviews Delivering Cross-Platform Malware October 9, 2024 In a sophisticated cyber campaign, threat actors linked to North Korea have been targeting tech industry job seekers to disseminate advanced malware variants known as…

Russian Hackers Target Norwegian Dam

Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Also: Spain Resists Pressure to Oust Huawei, North Korean Kimsuky Data Leaked Anviksha More (AnvikshaMore) • August 14, 2025 Image: Shutterstock/ISMG The Information Security Media Group (ISMG) regularly compiles significant cybersecurity…