admin

admin

Microsoft Uncovers Russian Hackers Aiming at Foreign Embassies

New Malware Exploit: ApolloShadow Targets Vulnerable Networks In a recent cybersecurity breach, researchers have identified a new malware strain dubbed ApolloShadow that exploits captive portal mechanisms to gain unauthorized access to systems. This sophisticated malware primarily targets Windows devices, taking…

Cryptohack Update: WOO X Investigates $14M Security Breach

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Additional News: Founders of Samourai Wallet Enter Guilty Pleas Rashmi Ramesh (rashmiramesh_) • July 31, 2025     Each week, Information Security Media Group compiles significant incidents affecting cybersecurity…

Hackers Target Critical Vulnerability in ‘Alone’ WordPress Theme to Take Over Websites Through Remote Plugin Installation

Jul 31, 2025
Vulnerability / Website Security

Threat actors are currently exploiting a serious security flaw in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” allowing them to seize control of vulnerable websites. The vulnerability, identified as CVE-2025-5394, has a CVSS score of 9.8. Security researcher Thái An discovered and reported the issue. According to Wordfence, the flaw involves an arbitrary file upload that affects all plugin versions up to and including 7.8.3. It was patched in version 7.8.5, released on June 16, 2025. CVE-2025-5394 arises from a function called “alone_import_pack_install_plugin(),” which lacks a necessary capability check, enabling unauthenticated users to upload arbitrary plugins from remote sources through AJAX, thus executing code remotely. “This vulnerability allows an attacker without authentication to upload arbitrary files to a vulnerable site, leading to remote code execution…”

Hackers Exploit Severe Vulnerability in WordPress Theme, Compromising Numerous Sites On July 31, 2025, reports surfaced detailing a critical security vulnerability in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” which has become a focal point for cybercriminals. This flaw,…

New Golang-Based Backdoor Leverages Telegram Bot API for Stealthy C2 Operations

February 17, 2025
Threat Intelligence / Cyber Attack

Cybersecurity experts have revealed a new backdoor written in Golang that employs Telegram for command-and-control (C2) communications. Netskope Threat Labs, which analyzed the malware, suspects it may have origins in Russia. Security researcher Leandro Fróes commented, “The malware is compiled in Golang and functions as a backdoor. While it appears to be in active development, it is fully operational.” Upon execution, the backdoor verifies its location and specific file name—“C:\Windows\Temp\svchost.exe”—and if conditions aren’t met, it duplicates itself into the intended directory, launches the copied version, and then terminates its own process. A significant feature of this malware is its use of an open-source library that provides Golang bindings for the Telegram Bot API for C2 operations. This implementation includes…

New Golang-Based Backdoor Leverages Telegram Bot API for Evasive C2 Operations February 17, 2025 In a recent development within the cybersecurity landscape, researchers have uncovered a new backdoor malware written in Golang that employs the Telegram Bot API for its…

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft…

Everest Ransomware Targets Mailchimp in Minor Breach Incident

The Everest ransomware group has publicly claimed responsibility for a significant breach of Mailchimp, a widely used marketing platform for email campaigns and newsletters. This incident highlights ongoing vulnerabilities in the landscape of cybersecurity, particularly for companies reliant on digital…