CyberRisks & Adversary Intelligence

Sign in Subscribe

Latest

APT-C-00 OceanLotus Utilizes Advanced Dual Loader with VMP Protections

APT-C-00 OceanLotus Utilizes Advanced Dual Loader with VMP Protections

On September 23, 2024, the Advanced Threat Research Institute’s 360 Threat Intelligence Center released a detailed analysis on APT-C-00, also known as OceanLotus, a notorious advanced persistent threat (APT) group with suspected state backing.

Hacking Kia: Remotely Controlling Cars With Just a License Plate

Hacking Kia: Remotely Controlling Cars With Just a License Plate

Evil Corp: The Cybercrime Syndicate that Refuses to Die

Evil Corp: The Cybercrime Syndicate that Refuses to Die

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

SloppyLemming Espionage Campaign Targets South and East Asia

SloppyLemming Espionage Campaign Targets South and East Asia

Malware

APT-C-00 OceanLotus Utilizes Advanced Dual Loader with VMP Protections

APT-C-00 OceanLotus Utilizes Advanced Dual Loader with VMP Protections

On September 23, 2024, the Advanced Threat Research Institute’s 360 Threat Intelligence Center released a detailed analysis on APT-C-00, also known as OceanLotus, a notorious advanced persistent threat (APT) group with suspected state backing.

Evil Corp: The Cybercrime Syndicate that Refuses to Die

Evil Corp: The Cybercrime Syndicate that Refuses to Die

Russian State-Sponsored Mobile Threats: A Decade of Espionage and Surveillance

Russian State-Sponsored Mobile Threats: A Decade of Espionage and Surveillance

Global Coalition Expands Efforts to Counter Commercial Spyware Misuse

Global Coalition Expands Efforts to Counter Commercial Spyware Misuse

Raptor Train: Chinese Nation-State Botnet Compromises Over 200,000 Devices

Raptor Train: Chinese Nation-State Botnet Compromises Over 200,000 Devices

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Vulnerability

Hacking Kia: Remotely Controlling Cars With Just a License Plate

Hacking Kia: Remotely Controlling Cars With Just a License Plate

On September 23, 2024, cybersecurity researcher Sammy released an alarming report detailing critical vulnerabilities in Kia vehicles that allowed attackers to remotely control key vehicle functions using only the vehicle’s license plate number.

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

Exploited in the wild

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

On September 26, 2024, a detailed disclosure outlined critical vulnerabilities in the Common UNIX Printing System (CUPS) that enable remote code execution (RCE) on UNIX systems, including various GNU/Linux distributions.

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

Fox Kitten APT Continues to Exploit U.S. and Foreign Organizations, New Infrastructure Revealed

Fox Kitten APT Continues to Exploit U.S. and Foreign Organizations, New Infrastructure Revealed

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

CISA and FBI Release Secure by Design Alert on Eliminating XSS Vulnerabilities

CISA and FBI Release Secure by Design Alert on Eliminating XSS Vulnerabilities

APT

More

APT-C-00 OceanLotus Utilizes Advanced Dual Loader with VMP Protections

Russian State-Sponsored Mobile Threats: A Decade of Espionage and Surveillance

UNC1860: Iran’s Stealthy Cyber Espionage Campaign Targets Middle East Networks

Fox Kitten APT Continues to Exploit U.S. and Foreign Organizations, New Infrastructure Revealed

Cybercrime

More

Evil Corp: The Cybercrime Syndicate that Refuses to Die

Marko Polo Cybercrime Group Expands Infostealer Campaigns, Targets Cryptocurrency and Gaming Sectors

Browser Extension Exploits: Detection and Mitigation Strategies

Banking Trojans: Mekotio and BBTok Ramp Up Phishing Scams in Latin America

News

More

Global Coalition Expands Efforts to Counter Commercial Spyware Misuse

Canada Publishes First Public Intelligence Priorities: A Landmark Step in National Security Transparency

Hidden Persistence Tactics: Exploiting Entra ID Administrative Units

Saboteur Group Disrupted by Polish Authorities in Major Cybersecurity Victory

Halliburton Hit by Cyberattack, Disrupts Operations at Houston Headquarters