Pravin Chavda: Leading the Charge in Cybersecurity Solutions Practice Director, Simeio Pravin Chavda serves as the Practice Director at Simeio, where he spearheads initiatives in Access Management and Customer Identity & Access Management (CIAM). With over two decades of comprehensive IT experience on a global scale, Chavda has occupied pivotal…
A recent report from CrowdStrike Holdings Inc. has highlighted a significant increase in the sophistication of cyber adversaries, shedding light on evolving methodologies in the landscape of cybersecurity threats. The report, titled the CrowdStrike 2025 Threat Hunting Annual Report, reveals that cloud-centered attacks, identity-driven breaches, and the advent of generative…
CISA Urges Immediate Patching of Microsoft SharePoint Vulnerabilities Amid Ongoing Attacks by Chinese Hackers On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally identified two critical Microsoft SharePoint vulnerabilities—CVE-2025-49704 and CVE-2025-49706—as part of its Known Exploited Vulnerabilities (KEV) catalog. This designation follows evidence indicating that these…
RedDelta Unleashes PlugX Malware in Espionage Missions Against Mongolia and Taiwan
Jan 10, 2025
Cyber Espionage / Cyber Attack
RedDelta, a state-sponsored threat actor linked to China, has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with a tailored version of PlugX malware from July 2023 to December 2024. According to an analysis by Recorded Future’s Insikt Group, the group utilized lure documents related to the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection initiatives in Mongolia, and ASEAN meeting invitations. Notably, compromises of the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024 are believed to have occurred. Additionally, various entities in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India were targeted from September to December 2024. Active since at least 2012, RedDelta represents a persistent threat in the cyberspace landscape.
RedDelta Deploys PlugX Malware in Espionage Campaigns Targeting Mongolia and Taiwan Cyber Espionage / Cyber Attack January 10, 2025 In a significant escalation of cyber espionage activities, the state-sponsored threat actor known as RedDelta has exploited various geopolitical themes to deploy a customized version of the PlugX backdoor. This sophisticated…
RedDelta Unleashes PlugX Malware in Espionage Missions Against Mongolia and Taiwan
Jan 10, 2025
Cyber Espionage / Cyber Attack
RedDelta, a state-sponsored threat actor linked to China, has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with a tailored version of PlugX malware from July 2023 to December 2024. According to an analysis by Recorded Future’s Insikt Group, the group utilized lure documents related to the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection initiatives in Mongolia, and ASEAN meeting invitations. Notably, compromises of the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024 are believed to have occurred. Additionally, various entities in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India were targeted from September to December 2024. Active since at least 2012, RedDelta represents a persistent threat in the cyberspace landscape.
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Guidance for Young Cyber Professionals Amidst AI and Security Automation Brandy Harris • July 30, 2025 Image: Shutterstock You may have clicked on a promising opportunity, only to be met with a blank page. This is a familiar…
Significant Drop in Data Breaches in Nigeria: Context and Implications In the second quarter of 2025, Nigeria experienced a notable 73% reduction in reported data breaches, a decrease from 120,000 in the first quarter to 31,800. Despite this decline, cybersecurity firm Surfshark reported over 152,000 compromised accounts across various sectors…
Jul 24, 2025
Vulnerability / Ransomware
Microsoft has disclosed that a threat actor, identified as Storm-2603, is actively exploiting vulnerabilities in SharePoint to deploy Warlock ransomware on targeted systems. In an update released Wednesday, the company noted that these insights stem from ongoing analysis and threat intelligence regarding Storm-2603’s exploitation activities. This financially motivated actor is suspected to be based in China and has previously been linked to the deployment of both Warlock and LockBit ransomware. The attack chain involves exploiting CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to facilitate the deployment of the spinstall0.aspx web shell. “This initial access enables command execution via the w3wp.exe process that supports SharePoint,” Microsoft stated. “Storm-2603 subsequently initiates a series of discovery commands, including…”
Storm-2603 Exploits SharePoint Vulnerabilities to Deploy Warlock Ransomware on Unpatched Systems On July 24, 2025, Microsoft disclosed that the cyber group known as Storm-2603 is actively exploiting vulnerabilities in SharePoint software to deploy Warlock ransomware on targeted systems. This revelation is based on an extensive analysis and threat intelligence from…
Jul 24, 2025
Vulnerability / Ransomware
Microsoft has disclosed that a threat actor, identified as Storm-2603, is actively exploiting vulnerabilities in SharePoint to deploy Warlock ransomware on targeted systems. In an update released Wednesday, the company noted that these insights stem from ongoing analysis and threat intelligence regarding Storm-2603’s exploitation activities. This financially motivated actor is suspected to be based in China and has previously been linked to the deployment of both Warlock and LockBit ransomware. The attack chain involves exploiting CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to facilitate the deployment of the spinstall0.aspx web shell. “This initial access enables command execution via the w3wp.exe process that supports SharePoint,” Microsoft stated. “Storm-2603 subsequently initiates a series of discovery commands, including…”
U.S. Imposes Sanctions on Chinese Cybersecurity Firm Linked to Treasury Hack Associated with Silk Typhoon
Jan 18, 2025
Cyber Espionage / Telecom Security
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has enacted sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber operative for their suspected connections to the Silk Typhoon group and the recent breach of the federal agency’s systems. The Treasury stated in a press release that “malicious cyber actors linked to the People’s Republic of China (PRC) continue to target U.S. government networks, including the recent compromise of Treasury’s information technology systems and sensitive critical infrastructure.” The sanctions specifically target Yin Kecheng, identified as a cyber operative for over a decade and associated with China’s Ministry of State Security (MSS). Kecheng is believed to be linked to the recent breach of Treasury’s network, which was revealed earlier this month and involved a hack of BeyondTrust’s systems, allowing threat actors to access some of the company’s Remote Support SaaS infrastructure.
U.S. Treasury Sanctions Chinese Cybersecurity Firm Over Treasury Network Breach Connected to Silk Typhoon On January 18, 2025, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against a Chinese cybersecurity firm and a cyber actor based in Shanghai, citing their suspected connections to the notorious Salt…
U.S. Imposes Sanctions on Chinese Cybersecurity Firm Linked to Treasury Hack Associated with Silk Typhoon
Jan 18, 2025
Cyber Espionage / Telecom Security
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has enacted sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber operative for their suspected connections to the Silk Typhoon group and the recent breach of the federal agency’s systems. The Treasury stated in a press release that “malicious cyber actors linked to the People’s Republic of China (PRC) continue to target U.S. government networks, including the recent compromise of Treasury’s information technology systems and sensitive critical infrastructure.” The sanctions specifically target Yin Kecheng, identified as a cyber operative for over a decade and associated with China’s Ministry of State Security (MSS). Kecheng is believed to be linked to the recent breach of Treasury’s network, which was revealed earlier this month and involved a hack of BeyondTrust’s systems, allowing threat actors to access some of the company’s Remote Support SaaS infrastructure.
The ongoing debate over the use of online tracking tools by both HIPAA and non-HIPAA regulated health entities remains a critical issue, highlighted by concerns surrounding data privacy, regulations, and legal implications. Elizabeth Hodge, a partner at Akerman law firm, emphasized that health information represents one of the most sensitive…
