admin

admin

  • Joined: September 10, 2024
  • Articles: 4649

TA829 and UNK_GreenSec Collaborate on Strategies and Infrastructure in Ongoing Malware Campaigns

July 01, 2025
Cyber Espionage / Vulnerability

Cybersecurity experts have identified striking tactical parallels between the threat actors behind the RomCom RAT and a group observed deploying a loader named TransferLoader. Enterprise security firm Proofpoint is tracking this activity back to a group recognized as UNK_GreenSec, alongside the RomCom RAT actors, referred to as TA829. This group is also known by multiple aliases, including CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu. According to Proofpoint’s findings, UNK_GreenSec emerged during their investigation of TA829, with notable similarities in infrastructure, delivery tactics, landing pages, and email lure themes. TA829 stands out in the threat landscape for its capacity to engage in both espionage and financially motivated attacks. This hybrid group, aligned with Russia, has been linked to the exploitation of zero-day vulnerabilities in Mozilla software.

TA829 and UNK_GreenSec Collaborate in Ongoing Malware Operations July 1, 2025 Cyber Espionage / Vulnerability Recently, cybersecurity analysts have identified notable tactical parallels between the malicious activities of two distinct threat actor groups: one associated with the RomCom Remote Access…

Qilin Ransomware Introduces “Call Lawyer” Feature to Increase Pressure on Victims for Higher Ransoms

June 20, 2025
Ransomware / Cybercrime

The operators of the Qilin ransomware-as-a-service (RaaS) platform have unveiled a new “Call Lawyer” feature intended to pressure victims into paying larger ransoms. This strategic move comes as the group ramps up its activities to capitalize on the decline of competing cybercriminals. According to Israeli cybersecurity firm Cybereason, this feature is integrated into the affiliate panel, allowing affiliates to present legal counsel offers to victims.

This development marks a resurgence in Qilin’s operations at a time when other once-dominant ransomware factions, such as LockBit, Black Cat, and others, have faced sudden shutdowns and operational issues. Active since October 2022 and also known as Gold Feather and Water Galura, Qilin has emerged as a significant player in the ransomware landscape.

Data from dark web leak sites reveals that Qilin was responsible for 72 attacks in April 2025 and an estimated 55 in May, placing it behind only Safepay (72) and Luna Moth (67) in activity.

Qilin Ransomware Introduces “Call Lawyer” Feature to Boost Pressure on Victims June 20, 2025 In a notable shift within the landscape of ransomware attacks, the Qilin ransomware-as-a-service (RaaS) group has recently added a new feature aimed at compelling victims to…

Critical Flaw in Anthropic’s MCP Poses Remote Exploitation Risk for Developer Systems

July 01, 2025
Vulnerability / AI Security

Cybersecurity experts have identified a severe security flaw in Anthropic’s Model Context Protocol (MCP) Inspector project, potentially enabling remote code execution (RCE) and granting attackers total access to affected systems. Identified as CVE-2025-49596, this vulnerability boasts a CVSS score of 9.4 out of 10, indicating a critical risk level. “This represents one of the first significant RCE vulnerabilities within Anthropic’s MCP framework, opening the door to a new wave of browser-based attacks targeting AI development tools,” stated Avi Lumelsky from Oligo Security in a recent report. “With the ability to execute code on a developer’s machine, attackers can compromise sensitive data, install malware, and navigate through networks—posing serious threats to AI teams, open-source initiatives, and enterprises utilizing MCP.” Introduced by Anthropic in November 2024, MCP is an open protocol aimed at standardizing large language model (LLM) applications…

Critical Flaw in Anthropic’s MCP Poses Severe Risks to Developer Systems July 1, 2025 In a significant cybersecurity revelation, researchers have identified a critical vulnerability within Anthropic’s Model Context Protocol (MCP) Inspector project, potentially permitting remote code execution (RCE) that…

Russian RomCom Group Targets Ukrainian Government with New SingleCamper RAT Variant

October 17, 2024
Threat Intelligence / Malware

The Russian threat actor RomCom has been linked to a surge of cyberattacks against Ukrainian government agencies and undisclosed Polish entities since late 2023. These intrusions utilize a new variant of the RomCom RAT, referred to as SingleCamper (also known as SnipBot or RomCom 5.0), according to Cisco Talos, which is monitoring this activity cluster under the designation UAT-5647. “This version is loaded directly from the registry into memory and communicates with its loader via a loopback address,” explained security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-faceted operations including ransomware, extortion, and targeted credential harvesting since its emergence in 2022. Recent assessments indicate that the frequency of their attacks has ramped up in recent months with the goal of establishing long-term persistent access.

Russian Cyber Actor RomCom Targets Ukrainian Government with New SingleCamper RAT Variant October 17, 2024 Threat Intelligence / Malware A recent wave of cyber attacks has been linked to the Russian threat actor known as RomCom, specifically targeting Ukrainian government…

Russian Hackers Take Advantage of WinRAR Zero-Day Vulnerability

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime RomCom Group Deploys SnipBot, RustyClaw, and Mythic Agent Variants Akshaya Asokan (@asokan_akshaya) • August 12, 2025 Image: WinRAR/Shutterstock/ISMG A Russian-speaking hacking collective has been observed exploiting a zero-day vulnerability in WinRAR, signaling…

⚡ Weekly Update: Chrome Vulnerability, Record 7.3 Tbps DDoS Attack, MFA Bypass Techniques, Banking Trojan Insights, and More

Jun 23, 2025
Cyber Security / Hacking News

Not every threat presents itself as an obvious attack. Some issues may emerge as minor glitches, odd logs, or subtle delays that initially seem inconsequential—until they escalate. Could your system be under scrutiny in unexpected ways? The most perilous actions often go unnoticed. It’s critical to consider: what unnoticed patterns and overlooked signals could indicate brewing problems? This week’s findings illuminate these quiet signals, from attacks leveraging trusted tools to bypass MFA to supply chain vulnerabilities masquerading as routine interactions. Here are the key highlights from the cybersecurity sphere:

Highlight of the Week
Cloudflare Thwarts Record-Breaking 7.3 Tbps DDoS Attack — Cloudflare reported it successfully defended against the largest distributed denial-of-service (DDoS) attack ever documented, peaking at 7.3 terabits per second (Tbps). This attack targeted an undisclosed hosting provider, delivering an astonishing 37.4 terabytes in just 45 seconds.

Weekly Cybersecurity Recap: Significant Threats and Concerns Uncovered Date: June 23, 2025 Category: Cyber Security / Hacking News In the evolving landscape of cybersecurity, the most pressing threats often manifest in subtle ways. Incidents that initially appear as minor glitches…