Multi-stage phishing attack in Dec 2024 used. JSE, PowerShell, and AutoIt to deliver Agent Tesla.
Category: cybercrime/malcode
XorDDoS malware targeted 71.3% of U.S. systems in latest wave; Docker, IoT, and Linux bots fuel rise.
Windows flaw CVE-2025–24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices.
ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware.
Though this isn’t the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an increasing trend in these types of threat actors utilizing the tactic.
A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
This security flaw (CVE-2021–20035) impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and was patched almost four years ago, in September 2021, when SonicWall said it could only be exploited to take down vulnerable appliances in denial-of-service (DoS) attacks.
However, the company updated the four-year-old security advisory on Monday to flag the security bug as exploited in attacks, expand the impact to include remote code execution, and upgrade the CVSS severity score from medium to high severity.
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.
“The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier in the week. “This could allow lateral movement, enabling attackers to enter deeper into compromised networks, allowing them to control more systems or gain access to sensitive data.
The campaign has been attributed with medium confidence to a threat group it tracks as Earth Bluecrow, which is also known as DecisiveArchitect, Red Dev 18, and Red Menshen. The lower confidence level boils down to the fact that the BPFDoor malware source code was leaked in 2022, meaning it could also have bee adopted by other hacking groups.
CVE funding ends April 16, risking delays in vulnerability tracking, advisories, and cyber response tools.
UNC5174 uses SNOWLIGHT and VShell to target Linux and macOS systems, exploiting Ivanti flaws for remote control.
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry.
CVE, the most critical of the two, is maintained by MITRE with funding from the U.S. National Cyber Security Division of the U.S. Department of Homeland Security (DHS). CVE is crucial for providing accuracy, clarity, and shared standards when discussing security vulnerabilities.
The program is widely adopted across various cybersecurity tools, including vulnerability management systems, and it allows tracking all newly discovered vulnerabilities using CVE Identifiers (CVE IDs) assigned by CVE Numbering Authorities (CNAs) worldwide, with MITRE as the CVE Editor and Primary CNA.
AI Vs AI: Hackers use Artificial Intelligence for deepfakes and smart malware, while defenders counter with AI threat detection and predictive security.