admin

admin

Nvidia Challenges Claims of Chinese ‘Kill-Switch’ ਰਹਿਤ

Artificial Intelligence & Machine Learning, Legislation, Next-Generation Technologies & Secure Development Chipmaker Argues Against Increasing US Pressure for New Security Requirements Chris Riotta (@chrisriotta) • August 7, 2025 Image: Stock All/Shutterstock Nvidia, a leader in AI chip manufacturing, has dismissed…

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

UNC6148 Targets Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit On July 16, 2025, cybersecurity analysts from the Google Threat Intelligence Group (GTIG) disclosed a troubling trend involving UNC6148, a hacking group targeting fully-patched SonicWall Secure Mobile Access (SMA)…

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

APT-C-60 Hackers Target Japanese Organization with SpyGlace Malware Campaign On November 27, 2024, cybersecurity experts at JPCERT/CC reported a sophisticated cyber attack tied to the APT-C-60 hacker group, which has gained notoriety for its ties to South Korean cyber espionage…

Google Uncovers a New Scam—And Becomes Its Victim

Google’s Salesforce Instance Compromised: A Closer Look at Recent Cybersecurity Breach In a significant cybersecurity breach, Google has confirmed that its Salesforce instance was among those affected by unauthorized access. The intrusion took place in June, but the company only…

Chinese Pair Arrested for Illegally Exporting AI Chips

Topics: Cybercrime, Fraud Management & Cybercrime, Incident & Breach Response Ukrainian Hackers Uncover Evidence of Child Abduction Amid Ongoing Cyber Threats Anviksha More ( AnvikshaMore) • August 7, 2025 Information Security Media Group provides a weekly overview of significant cybersecurity…

Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies

July 16, 2025
Threat Intelligence / Vulnerability

Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.

Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance…

THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights (Nov 25 – Dec 1)

Dec 02, 2024
Cyber Threats / Weekly Summary

Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.

Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…

Cybersecurity Threats in Review: Key Developments from Nov 25 – Dec 1, 2024 Hackers are relentless in their pursuit of vulnerabilities within digital infrastructures, launching approximately 2,200 cyberattacks daily. This startling statistic translates to an intrusion attempt every 39 seconds,…