Advanced Persistent Threat

From Dark Reading – ToddyCat APT Targets ESET Bug to Load Silent Malware

Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems. Read More

shaikh Saqib April 8, 2025

News

From Cyber Security News – Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups

The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. Once considered a singular entity, Lazarus has…

shaikh Saqib April 1, 2025

Vulnerabilities

From Cybersecurity Help – FamousSparrow updates its attack arsenal with two new versions of SparrowDoor backdoor

The two versions come with upgrades in both architecture and functionality. Read More

Samir K March 26, 2025

Vulnerabilities

From Cybersecurity Help – Google patches Chrome zero-day bug exploited by hackers

CVE-2025-2783 works in conjunction with a remote code execution exploit, which has yet to be identified. Read More

Samir K March 26, 2025

News

From Dark Reading – Google Hastily Patches Chrome Zero-Day Exploited by APT

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. Read More

shaikh Saqib March 26, 2025

News

From Security Week – Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky

[[{"value":"The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky…

shaikh Saqib March 26, 2025

News

From The Hacker News – North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

shaikh Saqib March 13, 2025

Vulnerabilities

From Cybersecurity Help – New North Korea-linked Android spyware KoSpy targets Korean and English-speaking users

KoSpy is distributed through fake utility applications, which masquerade as helpful tools. Read More

shaikh Saqib March 13, 2025

Vulnerabilities

From Cybersecurity Help – Blind Eagle APT targeting Colombian entities in ongoing espionage campaign

In the recent campaign, the group has been observed exploiting CVE-2024-43451. Read More

shaikh Saqib March 11, 2025

News

From The Hacker News – SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy

Samir K March 11, 2025

News

From The Hacker News – New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized

shaikh Saqib February 26, 2025

News

From Dark Reading – Cisco Confirms Salt Typhoon Exploitation in Telecom Hits

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using using stolen login credentials for initial access. Read More

shaikh Saqib February 21, 2025

News

From The Hacker News – Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,

shaikh Saqib February 18, 2025

News

From Cyber Security News – Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access

In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. This campaign, observed since August 2024,…

shaikh Saqib February 17, 2025

News

From Cyber Security News – How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool

An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyberattack designed to gain unauthorized, long-term access to a target’s network. These attacks are meticulously planned and executed by highly…

shaikh Saqib February 12, 2025