Microsoft revoked 200 fake certificates used by Vanilla Tempest to spread Rhysida ransomware.
Category: cybercrime/malcode
Europol dismantles SIM box operation renting numbers for cybercrime
European law enforcement in an operation codenamed ‘SIMCARTEL’ has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses.
The cybercriminal online services had about 1,200 SIM-box devices with 40,000 SIM cards to provide phone numbers that were used in telecommunication crimes ranging from phishing and investment fraud to impersonation and extortion.
In an announcement today, Europol says that the cybercrime service operated through two websites, gogetsms.com and apisim.com, which have been seized and now display a law enforcement banner.
Cyber defense innovation could significantly boost 5G network security
A framework for building tighter security into 5G wireless communications has been created by a Ph.D. student working with the University of Portsmouth’s Artificial Intelligence and Data Center.
With its greater network capacity and ability to rapidly transmit huge amounts of information from one device to another, 5G is a critical component of intelligent systems and services—including those for health care and financial services.
However, the dynamic nature of 5G networks, the high volumes of data shared and the ever changing types of information transmitted means that these networks are extremely vulnerable to cyber threats and increasing risks of attack.
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in ‘Zero Disco’ Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.
The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025–20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
The shortcoming was patched by Cisco late last month, but not before it was exploited as a zero-day in real-world attacks.
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
“This attack highlights not just the creativity and sophistication of attackers but also the danger of trusted system functionality being weaponized to evade traditional detection,” the researchers noted. “It’s not just about spotting malicious activity; it’s about recognizing how legitimate tools and processes can be manipulated and turned against you.”
ReliaQuest told The Hacker News it cannot share any further details regarding when the attack commenced other than noting that the attackers had access to the system for over a year.
“The threat actor likely resorted to this method over an N-day flaw for a simple reason: why use an exploit if they didn’t have to?,” it pointed out. “They likely gained initial access through a weak administrator password and then repurposed a software component into a backdoor.”
