Tag Windows

Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals

Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.

Cyclops Ransomware Group Introduces Go-Based Info Stealer for Cybercriminals June 6, 2023 In recent developments within the cybercrime ecosystem, the Cyclops ransomware group has begun marketing a new variant of information-stealing malware, specifically designed to harvest sensitive data from compromised systems. According to a report from Uptycs, this threat actor…

Read More

Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals

Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.

Citrix Bleed 2 Vulnerability Allows Token Theft; SAP GUI Flaws Threaten Sensitive Data Security

June 25, 2025
Data Privacy / Vulnerability

Cybersecurity experts have unveiled two recently patched vulnerabilities in the SAP Graphical User Interface (GUI) for Windows and Java, which could allow attackers to access sensitive information if exploited. The vulnerabilities, identified as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were addressed in SAP’s January 2025 monthly update. According to Pathlock researcher Jonathan Stross, the research revealed that the SAP GUI input history is insecurely stored in both Java and Windows versions. This input history feature is designed to help users quickly access previously entered data, storing it locally on devices. However, this can include sensitive information such as usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities highlighted by Pathlock stem from these insecure storage methods.

Citrix Bleed 2 Vulnerability Facilitates Token Theft; SAP GUI Flaws Compromise Sensitive Data Security June 25, 2025 In recent cybersecurity findings, researchers outlined two significant vulnerabilities in the SAP Graphical User Interface (GUI) for both Windows and Java platforms. These security flaws, designated as CVE-2025-0055 and CVE-2025-0056 and each rated…

Read More

Citrix Bleed 2 Vulnerability Allows Token Theft; SAP GUI Flaws Threaten Sensitive Data Security

June 25, 2025
Data Privacy / Vulnerability

Cybersecurity experts have unveiled two recently patched vulnerabilities in the SAP Graphical User Interface (GUI) for Windows and Java, which could allow attackers to access sensitive information if exploited. The vulnerabilities, identified as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were addressed in SAP’s January 2025 monthly update. According to Pathlock researcher Jonathan Stross, the research revealed that the SAP GUI input history is insecurely stored in both Java and Windows versions. This input history feature is designed to help users quickly access previously entered data, storing it locally on devices. However, this can include sensitive information such as usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities highlighted by Pathlock stem from these insecure storage methods.

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

North Korean Hackers Exploit Job Seekers with Deceptive Interviews Delivering Cross-Platform Malware October 9, 2024 In a sophisticated cyber campaign, threat actors linked to North Korea have been targeting tech industry job seekers to disseminate advanced malware variants known as BeaverTail and InvisibleFerret. This malicious activity, monitored by Palo Alto…

Read More

North Korean Hackers Target Developers with Fake Job Interviews to Spread Cross-Platform Malware

Oct 09, 2024
Phishing Attack / Malware

Threat actors linked to North Korea are strategically targeting tech job seekers to propagate updated versions of well-known malware, identified as BeaverTail and InvisibleFerret. This activity, classified under the cluster CL-STA-0240, is part of the “Contagious Interview” campaign revealed by Palo Alto Networks’ Unit 42 in November 2023. According to Unit 42’s new report, these hackers pose as potential employers on job search platforms, enticing software developers with invitations to participate in online interviews. During these sessions, the attackers aim to persuade victims to download and install malware. The initial stage of the infection utilizes the BeaverTail downloader and information stealer, which targets both Windows and Apple macOS systems. This malware serves as a gateway for the Python-based InvisibleFerret backdoor. Evidence suggests that this activity…

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

New CRON#TRAP Malware Targets Windows Systems via Linux Virtual Machine, Evading Detection November 8, 2024 Cybersecurity experts have identified a sophisticated malware campaign dubbed CRON#TRAP that infiltrates Windows systems through a concealed Linux virtual machine (VM). This innovative approach allows the malware to evade traditional antivirus defenses by operating in…

Read More

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Unveiling Batavia: New Spyware Targeting Russian Firms for Cyber Espionage In a recent development within the sphere of cyber espionage, researchers have identified a previously unreported piece of Windows spyware dubbed Batavia, specifically designed to infiltrate Russian organizations. This activity, which cybersecurity firm Kaspersky reports has been ongoing since July…

Read More

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Feds Alert Health and Other Industries About Interlock Risks

Fraud Management & Cybercrime , Healthcare , Industry Specific Healthcare Sector Targeted by Ransomware Group Interlock, Emerging Since 2024 Marianne Kolbasuk McGee (HealthInfoSec) • July 23, 2025 Image: Interlock U.S. officials have raised concerns about the ransomware group Interlock, which has recently targeted a variety of sectors, notably healthcare, using…

Read MoreFeds Alert Health and Other Industries About Interlock Risks

FBI and CISA Alert: Interlock Ransomware Threatens Critical Infrastructure

The Federal Bureau of Investigation (FBI), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a critical alert regarding the intensified activities of the Interlock ransomware group. This group is…

Read MoreFBI and CISA Alert: Interlock Ransomware Threatens Critical Infrastructure