PowerShell malware – Threat Note

From The Hacker News – Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a

shaikh Saqib April 8, 2025

News

From Dark Reading – Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube

The malware's creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. Read More

shaikh Saqib April 8, 2025

Vulnerabilities

From Cybersecurity Help – UAC-0219 targets Ukraine’s government agencies with WRECKSTEEL stealer

This activity has been ongoing since at least the fall of 2024. Read More

Samir K April 3, 2025

News

From Dark Reading – Gootloader Malware Resurfaces in Google Ads for Legal Docs

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising. Read More

shaikh Saqib April 2, 2025

News

From The Hacker News – Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

shaikh Saqib March 31, 2025

News

From Dark Reading – OBSCURE#BAT Malware Highlights Risks of API Hooking

Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit. Read More

shaikh Saqib March 14, 2025

Articles

From Schneier on Security – The Combined Cipher Machine

Interesting article—with photos!—of the US/UK “Combined Cipher Machine” from WWII. Read More

shaikh Saqib March 6, 2025

News

From The Hacker News – Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer

shaikh Saqib March 4, 2025

News

From Cyber Security News – Hackers Using ClickFix Tactic to Attack Windows Machine & Gain Full Control of System

A sophisticated phishing campaign in which threat actors are utilizing a multi-stage attack chain that combines social engineering tactics with modified open-source tools to compromise Windows systems. The campaign, active…

shaikh Saqib March 3, 2025

News

From Dark Reading – North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. Read More

shaikh Saqib February 19, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: February 14, 2025

In brief: Microsoft patches actively exploited zero-days, Chinese hackers Salt Typhoon exploit Cisco flaws, the US and partners sanction Zservers, and more. Read More

shaikh Saqib February 14, 2025

News

From The Hacker News – Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download

shaikh Saqib February 11, 2025

News

From Cyber Security News – NetSupport RAT Grant Attackers Full Access To Victims Systems

Cybersecurity experts have observed a significant increase in the use of the NetSupport Remote Access Trojan (RAT) in recent months, a malicious tool that allows attackers to gain full control…

shaikh Saqib February 10, 2025