A sophisticated threat actor known as Mustang Panda has been implicated in a wave of spear-phishing attacks directed at key sectors including government, education, and research from May to October 2022. According to a recent report by cybersecurity firm Trend Micro, the targeted regions include countries in the Asia Pacific,…
A new cyber campaign named RevivalStone has been attributed to the China-linked threat actor known as Winnti, targeting Japanese firms in the manufacturing, materials, and energy sectors as recently as March 2024. This initiative, as outlined by Japanese cybersecurity firm LAC, coincides with activities tracked by Trend Micro as Earth…
Recent revelations indicate that the threat actor identified as EncryptHub has effectively taken advantage of a recently patched security vulnerability in Microsoft Windows, designated as a zero-day flaw, to deploy a range of malicious software. This includes information-stealing tools like Rhadamanthys and StealC, alongside traditional backdoor implementations, raising significant alarm…
Recent cybersecurity investigations have revealed a convergence between two notorious ransomware groups: Black Basta and CACTUS. Both factions have been exploiting a shared BackConnect (BC) module, facilitating persistent control over compromised systems. This development hints at a potential shift, suggesting that affiliates of Black Basta may now be operating under…
Recent investigations into cybersecurity threats have unveiled a significant player linked to China, known as Earth Alux. This group has targeted critical sectors, including government, technology, logistics, manufacturing, telecommunications, IT services, and retail, particularly across the Asia-Pacific (APAC) and Latin American (LATAM) regions. Trend Micro cybersecurity experts Lenart Bermejo, Ted…
Recent research has highlighted concerning vulnerabilities within GitHub Codespaces, specifically the potential for threat actors to exploit its legitimate features to distribute malware. GitHub Codespaces, a cloud-based development environment, allows users to write, debug, and commit code changes from a browser or integrated within Visual Studio Code. Among its functionalities…
A new cyber campaign known as Earth Bogle has emerged, showcasing the use of geopolitical themes to distribute the NjRAT remote access trojan across the Middle East and North Africa. This initiative underscores the evolving strategies employed by threat actors to exploit current events for malicious purposes. According to a…
Recent cybersecurity research has uncovered an incomplete patch associated with a previously identified vulnerability in the NVIDIA Container Toolkit. This oversight poses significant risks, potentially exposing sensitive data to exploitation if targeted by malicious actors. Initially reported as CVE-2024-0132, this critical vulnerability, which has a CVSS score of 9.0, is…
A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…
