A newly addressed security vulnerability in the popular 7-Zip archiving tool has been actively exploited to distribute the SmokeLoader malware, raising significant concerns in the cybersecurity community. This vulnerability, identified as CVE-2025-0411, has a CVSS score of 7.0 and enables remote attackers to bypass mark-of-the-web (MotW) protections and run arbitrary…
A recent cybersecurity campaign has exploited ostensibly harmless Android dropper apps available on the Google Play Store to infiltrate users’ devices with banking malware. Dubbed DawDropper by security analysts at Trend Micro, this malicious operation involved 17 dropper applications masquerading as productivity and utility tools, including document scanners, VPN services,…
New Cyber Threat Campaign Targets European Healthcare Sector with Advanced Ransomware Techniques A newly identified threat actor has launched a campaign aimed at European organizations, particularly within the healthcare industry. This operation, dubbed “Green Nailao” by Orange Cyberdefense CERT, utilizes the PlugX and ShadowPad malware, with the final stage involving…
Recent investigations by cybersecurity firms SEKOIA and Trend Micro have uncovered a new campaign led by the Chinese threat actor known as Lucky Mouse. This operation involves deploying a compromised version of the MiMi chat application, which serves as a vector for backdoor attacks on systems across multiple platforms. The…
A recently reported cybersecurity incident has revealed a stealthy infection chain employed by the Chinese state-sponsored group known as Stone Panda. This threat actor has been targeting various entities in Japan, including media outlets, governmental and public sector organizations, as well as think tanks, raising alarms about the potential risk…
A sophisticated threat actor known as Mustang Panda has been implicated in a wave of spear-phishing attacks directed at key sectors including government, education, and research from May to October 2022. According to a recent report by cybersecurity firm Trend Micro, the targeted regions include countries in the Asia Pacific,…
A new cyber campaign named RevivalStone has been attributed to the China-linked threat actor known as Winnti, targeting Japanese firms in the manufacturing, materials, and energy sectors as recently as March 2024. This initiative, as outlined by Japanese cybersecurity firm LAC, coincides with activities tracked by Trend Micro as Earth…
Recent revelations indicate that the threat actor identified as EncryptHub has effectively taken advantage of a recently patched security vulnerability in Microsoft Windows, designated as a zero-day flaw, to deploy a range of malicious software. This includes information-stealing tools like Rhadamanthys and StealC, alongside traditional backdoor implementations, raising significant alarm…
Recent cybersecurity investigations have revealed a convergence between two notorious ransomware groups: Black Basta and CACTUS. Both factions have been exploiting a shared BackConnect (BC) module, facilitating persistent control over compromised systems. This development hints at a potential shift, suggesting that affiliates of Black Basta may now be operating under…
