A new cyber campaign known as Earth Bogle has emerged, showcasing the use of geopolitical themes to distribute the NjRAT remote access trojan across the Middle East and North Africa. This initiative underscores the evolving strategies employed by threat actors to exploit current events for malicious purposes. According to a…
Recent cybersecurity research has uncovered an incomplete patch associated with a previously identified vulnerability in the NVIDIA Container Toolkit. This oversight poses significant risks, potentially exposing sensitive data to exploitation if targeted by malicious actors. Initially reported as CVE-2024-0132, this critical vulnerability, which has a CVSS score of 9.0, is…
A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…
Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Over 1,100 Ollama Servers Expose Enterprise Models to Cyber Risks: Cisco Talos Rashmi Ramesh (rashmiramesh_) • September 3, 2025 Image: Shutterstock A concerning security report from Cisco Talos reveals that over 1,100 Ollama servers, which use artificial intelligence to deploy…
New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks
Apr 16, 2025
Cyber Espionage / Network Security
Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…
New BPFDoor Controller Enhances Stealthy Lateral Movement in Linux Server Intrusions April 16, 2025 Recent findings by cybersecurity experts reveal the emergence of a new component linked to the BPFDoor backdoor, spotlighting a sophisticated wave of cyber attacks that targeted the telecommunications, finance, and retail sectors across multiple regions, including…
New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks
Apr 16, 2025
Cyber Espionage / Network Security
Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
China-Linked Hackers Exploit Vulnerabilities in SAP and SQL Server Across Asia and Brazil May 30, 2025 In a concerning development for global cybersecurity, a China-linked threat actor has been identified as the driving force behind a significant exploitation of a critical vulnerability in SAP NetWeaver. This incident is part of…
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
July 11, 2023
Ransomware / Windows Security
A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…
Warning: Big Head Ransomware on the Rise via Fake Windows Updates July 11, 2023 – BreachSpot.com A new strain of ransomware known as Big Head is gaining traction, being distributed through a targeted malvertising campaign that masquerades as counterfeit Microsoft Windows updates and Word installers. This ransomware was first identified…
July 11, 2023
Ransomware / Windows Security
A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…
On October 16, 2024, Cyber Attack / Banking Trojan
A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the use of obfuscated JavaScript to bypass traditional security measures, allowing…
On October 16, 2024, Cyber Attack / Banking Trojan
A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.
Nov 05, 2024
Mobile Security / Cyber Attack
A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.
New Android Banking Malware ‘ToxicPanda’ Exploits Devices for Fraudulent Transactions November 5, 2024 Mobile Security / Cyber Attack A newly discovered strain of Android banking malware, named ToxicPanda, has reportedly compromised over 1,500 Android devices, enabling cybercriminals to execute unauthorized banking transactions. According to researchers Michele Roviello, Alessandro Strino, and…
Nov 05, 2024
Mobile Security / Cyber Attack
A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.
