In this month’s Patch Tuesday, Microsoft released a significant round of security updates addressing 63 vulnerabilities within its products, including the Windows operating system. Among these, 12 vulnerabilities have been categorized as critical, 49 as important, one as moderate, and one as low in severity. System administrators are urged to…
In a recent cybersecurity incident involving a speaker model known as the Katana V2X, a researcher successfully manipulated its firmware to explore potential vulnerabilities. After replacing the original firmware with a modified version that displayed the word “patched” on the speaker’s LED, the researcher turned his focus to FreeRTOS—the open-source…
A prominent threat group based in China has been associated with the deployment of Medusa ransomware, recently leveraging a mix of zero-day and N-day vulnerabilities to execute rapid and sophisticated attacks on vulnerable internet-facing systems. This group’s operational speed and adeptness at identifying exposed network assets have led to significant…
Aug 13, 2025
Malvertising / Cryptocurrency
Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.
New PS1Bot Malware Campaign Deploys Multi-Stage In-Memory Attacks via Malvertising August 13, 2025 Cybersecurity experts have uncovered a sophisticated malvertising campaign that aims to deploy a multi-stage malware framework known as PS1Bot. This threat is characterized by its modular architecture, allowing various malicious components to be executed on compromised systems.…
Aug 13, 2025
Malvertising / Cryptocurrency
Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.
Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor
August 21, 2025
Malware / Cryptocurrency
Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…
Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…
Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor
August 21, 2025
Malware / Cryptocurrency
Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…
Emerging HanGhost Loader Malware Targets Corporate Finance and Operations A new malware campaign centered around the HanGhost loader is making waves, specifically targeting corporate environments. This malicious initiative primarily aims at employees involved in payment processing, logistics, and contract management. With a stealthy approach designed to evade detection, HanGhost seeks…
On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…
Open source developers utilizing GitHub have been alerted to a phishing email campaign aimed at infecting their systems with a sophisticated malware trojan known as Dimnie. This malicious software is designed to perform reconnaissance and espionage, enabling attackers to steal login credentials, download confidential files, capture screenshots, log keystrokes on…
The infamous hacking collective known as Dragonfly has resurfaced, renewing its focus on targeting energy sector companies in the United States and Europe. Having been active since at least 2011, this well-resourced group is notorious for its sophisticated cyber-espionage campaigns aimed at critical infrastructure, particularly within the energy domain. Research…
