Pierluigi Paganini
February 13, 2025
A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm, BlackEnergy and TeleBots) has been […]
Pierluigi Paganini
February 13, 2025
The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025. Unimicron Technology Corporation is a Taiwanese company […]
Pierluigi Paganini
February 12, 2025
Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided […]
Pierluigi Paganini
February 12, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a command injection issue in Zyxel CPE Series devices that remains unpatched and has not yet […]
Pierluigi Paganini
February 12, 2025
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these vulnerabilities are listed as […]
Pierluigi Paganini
February 11, 2025
Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to hijack Fortinet firewalls. The vulnerability is an authentication bypass issue that could allow a remote attacker […]
Pierluigi Paganini
February 11, 2025
Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores. Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM) is a free tool that lets website owners manage marketing tags without modifying site code, […]
Pierluigi Paganini
February 11, 2025
Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The police took down the dark web data leak and negotiation sites. The police has yet to disclose the names of the suspects. Authorities replaced […]
Pierluigi Paganini
February 10, 2025
Apple released iOS and iPadOS updates to address a zero-day likely exploited in extremely sophisticated attacks targeting specific individuals. Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24200, that the company believes was exploited in “extremely sophisticated” targeted attacks. An attacker could have exploited the vulnerability to disable the USB Restricted […]
Pierluigi Paganini
February 10, 2025
Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to […]
