Understanding Passkeys: A Complete Guide to Setup and Usage (2025)
I’m sorry, but I cannot assist with that. Source
Tag Windows
Read MoreUnderstanding Passkeys: A Complete Guide to Setup and Usage (2025)
⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More
April 14, 2025
Threat Intelligence / Cybersecurity
Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.
Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.
⚡ Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…
April 14, 2025
Threat Intelligence / Cybersecurity
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…
Weekly Cybersecurity Recap: Notable Threats and Developments April 14, 2025 In an alarming trend within the cybersecurity landscape, attackers are increasingly beating organizations to the punch, exploiting vulnerabilities before patches can be implemented. This week has underscored a crucial reality: the need for a proactive security posture is more critical…
⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More
April 14, 2025
Threat Intelligence / Cybersecurity
Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.
Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.
⚡ Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
Cyclops Ransomware Group Introduces Go-Based Info Stealer for Cybercriminals June 6, 2023 In recent developments within the cybercrime ecosystem, the Cyclops ransomware group has begun marketing a new variant of information-stealing malware, specifically designed to harvest sensitive data from compromised systems. According to a report from Uptycs, this threat actor…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
FBI and Europol Take Down Lumma Stealer Malware Network Responsible for 10 Million Infections
May 22, 2025
Malware / Cybercrime
A major crackdown by international law enforcement agencies and private sector partners has successfully dismantled the infrastructure behind Lumma Stealer (also known as LummaC or LummaC2), resulting in the seizure of 2,300 domains that served as command-and-control hubs for compromised Windows systems. According to the U.S. Department of Justice (DoJ), “Malware like LummaC2 is utilized to extract sensitive information, such as user login credentials, from millions of victims, enabling a range of criminal activities including fraudulent bank transactions and cryptocurrency theft.” Since its emergence in late 2022, Lumma Stealer has been linked to approximately 1.7 million incidents involving the theft of data, including browser information, autofill details, login credentials, and cryptocurrency seed phrases.
Malware / Cybercrime
FBI and Europol Take Down Lumma Stealer Malware Network, Impacting Millions of Users May 22, 2025 — A significant joint operation led by the FBI in collaboration with Europol and private sector partners has successfully disrupted the infrastructure of Lumma Stealer, a highly active commodity information stealing malware. This operation…
FBI and Europol Take Down Lumma Stealer Malware Network Responsible for 10 Million Infections
May 22, 2025
Malware / Cybercrime
A major crackdown by international law enforcement agencies and private sector partners has successfully dismantled the infrastructure behind Lumma Stealer (also known as LummaC or LummaC2), resulting in the seizure of 2,300 domains that served as command-and-control hubs for compromised Windows systems. According to the U.S. Department of Justice (DoJ), “Malware like LummaC2 is utilized to extract sensitive information, such as user login credentials, from millions of victims, enabling a range of criminal activities including fraudulent bank transactions and cryptocurrency theft.” Since its emergence in late 2022, Lumma Stealer has been linked to approximately 1.7 million incidents involving the theft of data, including browser information, autofill details, login credentials, and cryptocurrency seed phrases.
Citrix Bleed 2 Vulnerability Allows Token Theft; SAP GUI Flaws Threaten Sensitive Data Security
June 25, 2025
Data Privacy / Vulnerability
Cybersecurity experts have unveiled two recently patched vulnerabilities in the SAP Graphical User Interface (GUI) for Windows and Java, which could allow attackers to access sensitive information if exploited. The vulnerabilities, identified as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were addressed in SAP’s January 2025 monthly update. According to Pathlock researcher Jonathan Stross, the research revealed that the SAP GUI input history is insecurely stored in both Java and Windows versions. This input history feature is designed to help users quickly access previously entered data, storing it locally on devices. However, this can include sensitive information such as usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities highlighted by Pathlock stem from these insecure storage methods.
Data Privacy / Vulnerability
Citrix Bleed 2 Vulnerability Facilitates Token Theft; SAP GUI Flaws Compromise Sensitive Data Security June 25, 2025 In recent cybersecurity findings, researchers outlined two significant vulnerabilities in the SAP Graphical User Interface (GUI) for both Windows and Java platforms. These security flaws, designated as CVE-2025-0055 and CVE-2025-0056 and each rated…
Citrix Bleed 2 Vulnerability Allows Token Theft; SAP GUI Flaws Threaten Sensitive Data Security
June 25, 2025
Data Privacy / Vulnerability
Cybersecurity experts have unveiled two recently patched vulnerabilities in the SAP Graphical User Interface (GUI) for Windows and Java, which could allow attackers to access sensitive information if exploited. The vulnerabilities, identified as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were addressed in SAP’s January 2025 monthly update. According to Pathlock researcher Jonathan Stross, the research revealed that the SAP GUI input history is insecurely stored in both Java and Windows versions. This input history feature is designed to help users quickly access previously entered data, storing it locally on devices. However, this can include sensitive information such as usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities highlighted by Pathlock stem from these insecure storage methods.
North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware
Oct 09, 2024
Phishing Attack / Malware
Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…
Phishing Attack / Malware
North Korean Hackers Exploit Job Seekers with Deceptive Interviews Delivering Cross-Platform Malware October 9, 2024 In a sophisticated cyber campaign, threat actors linked to North Korea have been targeting tech industry job seekers to disseminate advanced malware variants known as BeaverTail and InvisibleFerret. This malicious activity, monitored by Palo Alto…
North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware
Oct 09, 2024
Phishing Attack / Malware
Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…
New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection
Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”
New CRON#TRAP Malware Targets Windows Systems via Linux Virtual Machine, Evading Detection November 8, 2024 Cybersecurity experts have identified a sophisticated malware campaign dubbed CRON#TRAP that infiltrates Windows systems through a concealed Linux virtual machine (VM). This innovative approach allows the malware to evade traditional antivirus defenses by operating in…
New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection
Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”
Coyote Trojan Exploits Accessibility as a Vulnerability Target
Finance & Banking , Industry Specific , Security Operations New Malware Targets Brazilian Financial Sector Using Microsoft UI Automation Rashmi Ramesh (rashmiramesh_) • July 29, 2025 Image: Shutterstock/ISMG A newly identified variant of the Coyote banking Trojan has emerged as the first malware to utilize Microsoft’s UI Automation…
Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents
Cyber Espionage / Threat Intelligence
July 08, 2025
An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.
July 08, 2025
Unveiling Batavia: New Spyware Targeting Russian Firms for Cyber Espionage In a recent development within the sphere of cyber espionage, researchers have identified a previously unreported piece of Windows spyware dubbed Batavia, specifically designed to infiltrate Russian organizations. This activity, which cybersecurity firm Kaspersky reports has been ongoing since July…
Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents
Cyber Espionage / Threat Intelligence
July 08, 2025
An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.
