India’s Cybersecurity Landscape: Average Data Breach Costs Reach ₹220 Million by 2025, IBM Report Reveals A recent report released by IBM reveals alarming trends in the cybersecurity landscape of India, indicating that the average cost of data breaches is projected to escalate to ₹220 million by the year 2025. This…
Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies
July 16, 2025
Threat Intelligence / Vulnerability
Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.
Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance its stealth and evade detection by security systems. Matanbuchus represents…
Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies
July 16, 2025
Threat Intelligence / Vulnerability
Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.
Dec 02, 2024
Cyber Threats / Weekly Summary
Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.
⚡ Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…
Cybersecurity Threats in Review: Key Developments from Nov 25 – Dec 1, 2024 Hackers are relentless in their pursuit of vulnerabilities within digital infrastructures, launching approximately 2,200 cyberattacks daily. This startling statistic translates to an intrusion attempt every 39 seconds, emphasizing the constant threat faced by organizations today. Compounding this…
Dec 02, 2024
Cyber Threats / Weekly Summary
Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.
⚡ Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…
Targeted Data Exploitation of IT Workers Revealed in Recent Findings Recent investigations have unveiled a concerning scheme targeting IT professionals, highlighting a structured operation that gathers and exploits sensitive information. Documented evidence includes detailed listings of potential job opportunities within the IT sector, alongside personal data that suggests a deliberate…
Endpoint Security, Governance & Risk Management, Internet of Things Security Four Vulnerabilities Expose Over 6,500 Camera Servers to Pre-Authentication Attacks Prajeet Nair (@prajeetspeaks) • August 7, 2025 An Axis 360-degree surveillance camera mounted on a brick wall in Barcelona, dated Nov. 14, 2017. (Image: Hadrian/Shutterstock) Recent research has identified four…
Home » AIRLINE NEWS » Data Breach at Air France-KLM: Passenger Information Compromised, Raising Phishing and Identity Theft Concerns Published on August 8, 2025 | By: TTW News Desk Image Credit: KLM In a troubling development, the Air France-KLM Group has disclosed a data breach affecting its customer base. The…
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially cataloged as CVE-2025-20337, this flaw allows unauthenticated attackers to execute…
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses
December 3, 2024
Threat Intelligence / Email Security
The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.
Kimsuky Hackers Leverage Russian Email Domains in Credential Theft Operations December 3, 2024 Threat Intelligence / Email Security Recent investigations have revealed that Kimsuky, a North Korea-affiliated hacking group, has shifted its phishing tactics, now utilizing email addresses registered in Russia to facilitate credential theft. This intelligence, reported by South…
Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses
December 3, 2024
Threat Intelligence / Email Security
The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.
In a significant security incident, Google has acknowledged that one of its internal databases was compromised by the notorious cybercriminal group known as ShinyHunters (also identified as UNC6040). The Google Threat Intelligence Group (GTIC) reported that the unauthorized access to its Salesforce database occurred in June and involved the exposure…
