A critical security vulnerability in Atlassian’s Confluence Server and Data Center products has recently been exploited in active cyberattacks, leading to the deployment of cryptocurrency miners and ransomware. The flaw, identified as CVE-2022-26134 with a CVSS score of 9.8, was patched by Atlassian on June 3, 2022. This vulnerability enables…
The U.S. government has recently unsealed charges against a Chinese individual, Guan Tianfeng, linked to a significant cybersecurity breach in which thousands of Sophos firewall devices were compromised worldwide in 2020. Guan, who allegedly worked for Sichuan Silence Information Technology Company, Limited, is facing accusations of conspiracy to commit computer…
In a significant cybersecurity development, Sophos has issued a critical patch for its firewall product following the discovery of a severe zero-day vulnerability actively being exploited by cyber attackers. This vulnerability has raised serious concerns for users, as it could lead to unauthorized remote code execution. The issue, identified as…
The Zerobot DDoS botnet has undergone significant updates, enhancing its capacity to target a broader range of internet-connected devices and expand its network. Microsoft Threat Intelligence Center (MSTIC) is closely monitoring this evolving threat, referring to it as DEV-1061, which encompasses unidentified, emerging, or developing activity clusters. First reported by…
Recent cybersecurity investigations have revealed a convergence between two notorious ransomware groups: Black Basta and CACTUS. Both factions have been exploiting a shared BackConnect (BC) module, facilitating persistent control over compromised systems. This development hints at a potential shift, suggesting that affiliates of Black Basta may now be operating under…
In recent developments, Microsoft has unveiled critical security patches addressing a staggering array of 125 vulnerabilities across its software platforms. Among these, one vulnerability has been identified as under active exploitation in the wild, raising significant alarms within the cybersecurity community. Of the reported vulnerabilities, 11 are designated as Critical,…
Recent investigations by Cybereason have revealed that the Gootkit malware, also known as Gootloader, is primarily targeting healthcare and financial entities across the United States, United Kingdom, and Australia. These findings shed light on the evolving threat landscape, emphasizing the need for heightened vigilance in these sectors. In a December…
The cybersecurity landscape has recently been shaken by the launch of a ransomware-as-a-service (RaaS) operation named VanHelsing, which has already targeted three victims since its inception on March 7, 2025. The ransoms demanded by VanHelsing have reached staggering amounts, totaling as high as $500,000. This model facilitates participation from a…
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
China-Linked Hackers Exploit Vulnerabilities in SAP and SQL Server Across Asia and Brazil May 30, 2025 In a concerning development for global cybersecurity, a China-linked threat actor has been identified as the driving force behind a significant exploitation of a critical vulnerability in SAP NetWeaver. This incident is part of…
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
